./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3196173269 <...> 5798] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5795] <... openat resumed>) = 7 [pid 5799] close(3 [pid 5798] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 5799] <... close resumed>) = 0 [pid 5795] ioctl(7, LOOP_SET_FD, 6 [pid 5799] symlink("/dev/binderfs", "./binderfs" [pid 5798] <... mmap resumed>) = 0x20000000 [pid 5795] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5015] umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5799] <... symlink resumed>) = 0 [pid 5798] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5795] ioctl(7, LOOP_CLR_FD [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5799] memfd_create("syzkaller", 0 [pid 5795] <... ioctl resumed>) = 0 [pid 5015] openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5799] <... memfd_create resumed>) = 3 [pid 5798] <... open resumed>) = -1 EFAULT (Bad address) [pid 5015] <... openat resumed>) = 3 [pid 5799] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5798] memfd_create("syzkaller", 0 [pid 5015] newfstatat(3, "", [pid 5799] <... mmap resumed>) = 0x7f3634699000 [pid 5798] <... memfd_create resumed>) = 5 [pid 5795] ioctl(7, LOOP_SET_FD, 6 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5795] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [ 155.440745][ T27] audit: type=1800 audit(1692541359.098:765): pid=5796 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop5" ino=851 res=0 errno=0 [ 155.468496][ T27] audit: type=1800 audit(1692541359.118:766): pid=5797 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop4" ino=851 res=0 errno=0 [pid 5799] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5798] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5795] close(7 [pid 5015] getdents64(3, [pid 5798] <... mmap resumed>) = 0x7f362c399000 [pid 5795] <... close resumed>) = 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5795] close(6 [pid 5015] umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5797] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5795] <... close resumed>) = 0 [pid 5015] newfstatat(AT_FDCWD, "./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] unlink("./126/binderfs") = 0 [pid 5015] umount2("\x2e\x2f\x31\x32\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5799] <... write resumed>) = 1048576 [pid 5015] <... umount2 resumed>) = 0 [pid 5795] exit_group(0) = ? [pid 5015] umount2("\x2e\x2f\x31\x32\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x36\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5799] munmap(0x7f3634699000, 1048576 [pid 5798] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5795] +++ exited with 0 +++ [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5795, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=9 /* 0.09 s */} --- [pid 5015] umount2("\x2e\x2f\x31\x32\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... openat resumed>) = 4 [pid 5799] <... munmap resumed>) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5799] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5015] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] <... openat resumed>) = 3 [pid 5017] newfstatat(3, "", [pid 5015] getdents64(4, [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5017] getdents64(3, [pid 5015] getdents64(4, [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5017] umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] close(4 [pid 5799] <... openat resumed>) = 4 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... close resumed>) = 0 [pid 5017] newfstatat(AT_FDCWD, "./124/binderfs", [pid 5015] rmdir("\x2e\x2f\x31\x32\x36\x2f\x2e\x02" [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... rmdir resumed>) = 0 [pid 5017] unlink("./124/binderfs" [pid 5015] getdents64(3, [pid 5017] <... unlink resumed>) = 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5799] ioctl(4, LOOP_SET_FD, 3 [pid 5017] umount2("\x2e\x2f\x31\x32\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] close(3) = 0 [pid 5015] rmdir("./126" [pid 5796] <... write resumed>) = 2097152 [pid 5015] <... rmdir resumed>) = 0 [pid 5015] mkdir("./127", 0777 [pid 5796] munmap(0x7f362c399000, 2097152 [pid 5015] <... mkdir resumed>) = 0 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5796] <... munmap resumed>) = 0 [pid 5015] <... openat resumed>) = 3 [pid 5799] <... ioctl resumed>) = 0 [pid 5799] close(3 [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5799] <... close resumed>) = 0 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5799] mkdir("\x2e\x02", 0777 [pid 5015] close(3) = 0 [pid 5799] <... mkdir resumed>) = 0 [pid 5799] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5797] <... write resumed>) = 2097152 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5796] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 7 [pid 5796] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5796] ioctl(7, LOOP_CLR_FD [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5800 [pid 5796] <... ioctl resumed>) = 0 [ 155.611635][ T5799] loop2: detected capacity change from 0 to 2048 [pid 5797] munmap(0x7f362c399000, 2097152) = 0 [pid 5796] ioctl(7, LOOP_SET_FD, 6 [pid 5017] <... umount2 resumed>) = 0 [pid 5796] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5796] close(7) = 0 [pid 5796] close(6) = 0 [pid 5017] umount2("\x2e\x2f\x31\x32\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x34\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] umount2("\x2e\x2f\x31\x32\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5797] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5797] <... openat resumed>) = 7 [pid 5017] <... openat resumed>) = 4 [pid 5797] ioctl(7, LOOP_SET_FD, 6 [pid 5017] newfstatat(4, "", [pid 5797] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5797] ioctl(7, LOOP_CLR_FD [pid 5017] getdents64(4, [pid 5797] <... ioctl resumed>) = 0 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5017] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5017] close(4) = 0 [pid 5017] rmdir("\x2e\x2f\x31\x32\x34\x2f\x2e\x02" [pid 5797] ioctl(7, LOOP_SET_FD, 6 [pid 5017] <... rmdir resumed>) = 0 [pid 5798] <... write resumed>) = 2097152 [pid 5797] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] getdents64(3, [pid 5797] close(7 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5797] <... close resumed>) = 0 [pid 5017] close(3 [ 155.658437][ T5799] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [pid 5797] close(6 [pid 5017] <... close resumed>) = 0 ./strace-static-x86_64: Process 5800 attached [pid 5798] munmap(0x7f362c399000, 2097152 [pid 5796] exit_group(0 [pid 5017] rmdir("./124" [pid 5800] set_robust_list(0x555557506760, 24 [pid 5798] <... munmap resumed>) = 0 [pid 5796] <... exit_group resumed>) = ? [pid 5800] <... set_robust_list resumed>) = 0 [pid 5798] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5017] <... rmdir resumed>) = 0 [pid 5800] chdir("./127" [pid 5798] <... openat resumed>) = 6 [pid 5796] +++ exited with 0 +++ [pid 5017] mkdir("./125", 0777 [pid 5800] <... chdir resumed>) = 0 [pid 5798] ioctl(6, LOOP_SET_FD, 5 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5796, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 5800] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5798] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] <... mkdir resumed>) = 0 [pid 5800] <... prctl resumed>) = 0 [pid 5798] ioctl(6, LOOP_CLR_FD [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5800] setpgid(0, 0 [pid 5798] <... ioctl resumed>) = 0 [pid 5017] <... openat resumed>) = 3 [pid 5800] <... setpgid resumed>) = 0 [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5800] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5800] write(3, "1000", 4 [pid 5798] ioctl(6, LOOP_SET_FD, 5 [pid 5019] umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] close(3 [pid 5800] <... write resumed>) = 4 [pid 5798] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... close resumed>) = 0 [pid 5800] close(3 [pid 5798] close(6 [pid 5019] openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5800] <... close resumed>) = 0 [pid 5798] <... close resumed>) = 0 [pid 5019] <... openat resumed>) = 3 [pid 5800] symlink("/dev/binderfs", "./binderfs" [pid 5798] close(5 [pid 5800] <... symlink resumed>) = 0 [pid 5799] <... mount resumed>) = 0 [pid 5798] <... close resumed>) = 0 [pid 5797] <... close resumed>) = 0 [ 155.704565][ T5799] UDF-fs: Scanning with blocksize 512 failed [ 155.715740][ T5799] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5019] newfstatat(3, "", [pid 5800] memfd_create("syzkaller", 0 [pid 5799] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5797] exit_group(0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5801 [pid 5800] <... memfd_create resumed>) = 3 [pid 5799] <... openat resumed>) = 3 [pid 5797] <... exit_group resumed>) = ? [pid 5019] getdents64(3, ./strace-static-x86_64: Process 5801 attached [pid 5800] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5799] chdir("\x2e\x02" [pid 5801] set_robust_list(0x555557506760, 24 [pid 5800] <... mmap resumed>) = 0x7f3634699000 [pid 5801] <... set_robust_list resumed>) = 0 [pid 5800] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5799] <... chdir resumed>) = 0 [pid 5797] +++ exited with 0 +++ [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5801] chdir("./125" [pid 5799] ioctl(4, LOOP_CLR_FD [pid 5019] umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5801] <... chdir resumed>) = 0 [pid 5799] <... ioctl resumed>) = 0 [pid 5798] exit_group(0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5797, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 5801] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5799] close(4 [pid 5798] <... exit_group resumed>) = ? [pid 5019] newfstatat(AT_FDCWD, "./129/binderfs", [pid 5018] restart_syscall(<... resuming interrupted clone ...> [pid 5801] <... prctl resumed>) = 0 [pid 5799] <... close resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] <... restart_syscall resumed>) = 0 [pid 5801] setpgid(0, 0 [pid 5799] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] unlink("./129/binderfs" [pid 5801] <... setpgid resumed>) = 0 [pid 5801] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5019] <... unlink resumed>) = 0 [pid 5801] <... openat resumed>) = 3 [pid 5800] <... write resumed>) = 1048576 [pid 5799] <... open resumed>) = 4 [pid 5801] write(3, "1000", 4 [pid 5800] munmap(0x7f3634699000, 1048576 [pid 5799] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] umount2("\x2e\x2f\x31\x32\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5801] <... write resumed>) = 4 [pid 5801] close(3 [pid 5800] <... munmap resumed>) = 0 [pid 5801] <... close resumed>) = 0 [pid 5799] <... mount resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5801] symlink("/dev/binderfs", "./binderfs" [pid 5800] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5799] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5798] +++ exited with 0 +++ [pid 5019] <... umount2 resumed>) = 0 [pid 5018] openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5801] <... symlink resumed>) = 0 [pid 5800] <... openat resumed>) = 4 [pid 5799] <... open resumed>) = 5 [pid 5019] umount2("\x2e\x2f\x31\x32\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... openat resumed>) = 3 [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5798, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5801] memfd_create("syzkaller", 0) = 3 [pid 5801] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5014] umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5801] <... mmap resumed>) = 0x7f3634699000 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5801] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5014] openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5014] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5800] ioctl(4, LOOP_SET_FD, 3 [ 155.801445][ T27] audit: type=1800 audit(1692541359.458:767): pid=5799 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop2" ino=851 res=0 errno=0 [pid 5014] getdents64(3, [pid 5799] openat(AT_FDCWD, NULL, O_RDWR [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(3, "", [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5800] <... ioctl resumed>) = 0 [pid 5799] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x39\x2f\x2e\x02", [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] umount2("./127/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5799] ftruncate(-1, 2 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] getdents64(3, [pid 5799] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] umount2("\x2e\x2f\x31\x32\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5800] close(3 [pid 5799] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5800] <... close resumed>) = 0 [pid 5800] mkdir("\x2e\x02", 0777 [pid 5799] <... mmap resumed>) = 0x20000000 [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5799] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] <... openat resumed>) = 4 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5799] <... open resumed>) = -1 EFAULT (Bad address) [pid 5019] newfstatat(4, "", [pid 5018] newfstatat(AT_FDCWD, "./128/binderfs", [pid 5799] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] getdents64(4, [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5799] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5018] unlink("./128/binderfs" [pid 5799] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5019] getdents64(4, [pid 5800] <... mkdir resumed>) = 0 [pid 5799] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] <... unlink resumed>) = 0 [pid 5800] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5799] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5019] close(4 [pid 5018] umount2("\x2e\x2f\x31\x32\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5799] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5019] <... close resumed>) = 0 [pid 5799] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5019] rmdir("\x2e\x2f\x31\x32\x39\x2f\x2e\x02" [pid 5799] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5019] <... rmdir resumed>) = 0 [pid 5014] <... umount2 resumed>) = 0 [pid 5799] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5019] getdents64(3, [pid 5014] umount2("./127/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5799] memfd_create("syzkaller", 0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5799] <... memfd_create resumed>) = 6 [pid 5019] close(3 [pid 5014] newfstatat(AT_FDCWD, "./127/bus", [pid 5799] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] <... close resumed>) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5801] <... write resumed>) = 1048576 [pid 5799] <... mmap resumed>) = 0x7f362c399000 [pid 5019] rmdir("./129" [pid 5018] <... umount2 resumed>) = 0 [pid 5014] unlink("./127/bus" [pid 5801] munmap(0x7f3634699000, 1048576 [pid 5799] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5018] umount2("\x2e\x2f\x31\x32\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... unlink resumed>) = 0 [pid 5799] exit_group(0 [pid 5019] <... rmdir resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5801] <... munmap resumed>) = 0 [pid 5799] <... exit_group resumed>) = ? [pid 5019] mkdir("./130", 0777 [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x38\x2f\x2e\x02", [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5801] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] newfstatat(AT_FDCWD, "./127/binderfs", [pid 5801] <... openat resumed>) = 4 [pid 5799] +++ exited with 0 +++ [pid 5018] umount2("\x2e\x2f\x31\x32\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 155.855153][ T5800] loop1: detected capacity change from 0 to 2048 [ 155.882780][ T5800] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [pid 5801] ioctl(4, LOOP_SET_FD, 3 [pid 5019] <... mkdir resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] unlink("./127/binderfs" [pid 5801] <... ioctl resumed>) = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] <... unlink resumed>) = 0 [pid 5019] <... openat resumed>) = 3 [pid 5018] <... openat resumed>) = 4 [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5799, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5014] getdents64(3, [pid 5018] newfstatat(4, "", [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] close(3 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5018] getdents64(4, [pid 5014] <... close resumed>) = 0 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5014] rmdir("./127" [pid 5019] close(3 [pid 5018] getdents64(4, [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... rmdir resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5016] openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] mkdir("./128", 0777 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5018] close(4 [pid 5016] <... openat resumed>) = 3 [pid 5014] <... mkdir resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5018] rmdir("\x2e\x2f\x31\x32\x38\x2f\x2e\x02" [pid 5014] <... openat resumed>) = 3 [pid 5018] <... rmdir resumed>) = 0 [pid 5016] newfstatat(3, "", [pid 5014] ioctl(3, LOOP_CLR_FD [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5802 [pid 5018] getdents64(3, [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] getdents64(3, [pid 5014] close(3 [pid 5018] close(3 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] <... close resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5016] umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5802 attached [pid 5018] rmdir("./128" [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5802] set_robust_list(0x555557506760, 24 [pid 5801] close(3 [pid 5018] <... rmdir resumed>) = 0 [pid 5016] newfstatat(AT_FDCWD, "./126/binderfs", [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 5803 [pid 5802] <... set_robust_list resumed>) = 0 [pid 5801] <... close resumed>) = 0 [pid 5018] mkdir("./129", 0777 [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5802] chdir("./130" [pid 5801] mkdir("\x2e\x02", 0777 [pid 5018] <... mkdir resumed>) = 0 [pid 5016] unlink("./126/binderfs"./strace-static-x86_64: Process 5803 attached [pid 5802] <... chdir resumed>) = 0 [pid 5801] <... mkdir resumed>) = 0 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5803] set_robust_list(0x555557506760, 24 [pid 5802] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5801] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5018] <... openat resumed>) = 3 [pid 5016] <... unlink resumed>) = 0 [pid 5803] <... set_robust_list resumed>) = 0 [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5803] chdir("./128" [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5803] <... chdir resumed>) = 0 [pid 5018] close(3 [pid 5803] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5802] <... prctl resumed>) = 0 [pid 5018] <... close resumed>) = 0 [ 155.905858][ T5801] loop3: detected capacity change from 0 to 2048 [ 155.921003][ T5800] UDF-fs: Scanning with blocksize 512 failed [pid 5016] umount2("\x2e\x2f\x31\x32\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5803] <... prctl resumed>) = 0 [pid 5802] setpgid(0, 0 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5803] setpgid(0, 0) = 0 [pid 5802] <... setpgid resumed>) = 0 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5804 [pid 5803] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5803] <... openat resumed>) = 3 [pid 5802] <... openat resumed>) = 3 [pid 5803] write(3, "1000", 4 [pid 5802] write(3, "1000", 4./strace-static-x86_64: Process 5804 attached [pid 5803] <... write resumed>) = 4 [pid 5802] <... write resumed>) = 4 [pid 5804] set_robust_list(0x555557506760, 24 [pid 5803] close(3 [pid 5802] close(3 [pid 5804] <... set_robust_list resumed>) = 0 [pid 5803] <... close resumed>) = 0 [pid 5802] <... close resumed>) = 0 [pid 5804] chdir("./129" [pid 5803] symlink("/dev/binderfs", "./binderfs" [pid 5802] symlink("/dev/binderfs", "./binderfs" [pid 5804] <... chdir resumed>) = 0 [pid 5803] <... symlink resumed>) = 0 [pid 5804] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5803] memfd_create("syzkaller", 0 [pid 5802] <... symlink resumed>) = 0 [pid 5804] <... prctl resumed>) = 0 [pid 5803] <... memfd_create resumed>) = 3 [pid 5804] setpgid(0, 0 [pid 5803] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5804] <... setpgid resumed>) = 0 [pid 5803] <... mmap resumed>) = 0x7f3634699000 [pid 5804] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5803] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5802] memfd_create("syzkaller", 0 [pid 5016] <... umount2 resumed>) = 0 [pid 5804] <... openat resumed>) = 3 [pid 5802] <... memfd_create resumed>) = 3 [pid 5804] write(3, "1000", 4) = 4 [pid 5802] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5804] close(3) = 0 [pid 5802] <... mmap resumed>) = 0x7f3634699000 [pid 5804] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5803] <... write resumed>) = 1048576 [pid 5802] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5804] memfd_create("syzkaller", 0 [pid 5016] umount2("\x2e\x2f\x31\x32\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5804] <... memfd_create resumed>) = 3 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 155.948782][ T5800] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 155.954573][ T5801] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [pid 5804] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x36\x2f\x2e\x02", [pid 5804] <... mmap resumed>) = 0x7f3634699000 [pid 5804] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] umount2("\x2e\x2f\x31\x32\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5016] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5800] <... mount resumed>) = 0 [pid 5016] getdents64(4, [pid 5802] <... write resumed>) = 1048576 [pid 5800] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5016] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5016] close(4) = 0 [pid 5016] rmdir("\x2e\x2f\x31\x32\x36\x2f\x2e\x02") = 0 [pid 5016] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] close(3) = 0 [pid 5016] rmdir("./126") = 0 [pid 5802] munmap(0x7f3634699000, 1048576 [pid 5800] <... openat resumed>) = 3 [pid 5016] mkdir("./127", 0777 [pid 5802] <... munmap resumed>) = 0 [pid 5800] chdir("\x2e\x02" [pid 5016] <... mkdir resumed>) = 0 [pid 5802] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5800] <... chdir resumed>) = 0 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5802] <... openat resumed>) = 4 [pid 5800] ioctl(4, LOOP_CLR_FD [pid 5016] <... openat resumed>) = 3 [pid 5802] ioctl(4, LOOP_SET_FD, 3 [pid 5800] <... ioctl resumed>) = 0 [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5803] munmap(0x7f3634699000, 1048576 [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5804] <... write resumed>) = 1048576 [pid 5016] close(3) = 0 [pid 5803] <... munmap resumed>) = 0 [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5803] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5805 [pid 5803] ioctl(4, LOOP_SET_FD, 3 [pid 5800] close(4) = 0 [pid 5800] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000./strace-static-x86_64: Process 5805 attached ) = 4 [pid 5805] set_robust_list(0x555557506760, 24) = 0 [pid 5805] chdir("./127") = 0 [pid 5804] munmap(0x7f3634699000, 1048576 [pid 5805] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5804] <... munmap resumed>) = 0 [pid 5805] <... prctl resumed>) = 0 [pid 5805] setpgid(0, 0) = 0 [pid 5804] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5805] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5804] <... openat resumed>) = 4 [ 156.019943][ T5801] UDF-fs: Scanning with blocksize 512 failed [ 156.033169][ T5802] loop5: detected capacity change from 0 to 2048 [ 156.044707][ T5803] loop0: detected capacity change from 0 to 2048 [pid 5805] <... openat resumed>) = 3 [pid 5804] ioctl(4, LOOP_SET_FD, 3 [pid 5805] write(3, "1000", 4 [pid 5802] <... ioctl resumed>) = 0 [pid 5800] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5805] <... write resumed>) = 4 [pid 5805] close(3) = 0 [pid 5803] <... ioctl resumed>) = 0 [pid 5805] symlink("/dev/binderfs", "./binderfs" [pid 5803] close(3 [pid 5805] <... symlink resumed>) = 0 [pid 5803] <... close resumed>) = 0 [pid 5805] memfd_create("syzkaller", 0 [pid 5803] mkdir("\x2e\x02", 0777 [pid 5805] <... memfd_create resumed>) = 3 [pid 5803] <... mkdir resumed>) = 0 [pid 5805] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5803] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [pid 5800] <... mount resumed>) = 0 [pid 5805] <... mmap resumed>) = 0x7f3634699000 [pid 5802] close(3 [pid 5800] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5805] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5802] <... close resumed>) = 0 [pid 5800] <... open resumed>) = 5 [pid 5804] <... ioctl resumed>) = 0 [pid 5802] mkdir("\x2e\x02", 0777 [pid 5801] <... mount resumed>) = 0 [pid 5800] openat(AT_FDCWD, NULL, O_RDWR [pid 5804] close(3 [pid 5802] <... mkdir resumed>) = 0 [pid 5801] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5800] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5804] <... close resumed>) = 0 [pid 5802] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5801] <... openat resumed>) = 3 [pid 5800] ftruncate(-1, 2 [pid 5804] mkdir("\x2e\x02", 0777 [pid 5801] chdir("\x2e\x02" [pid 5800] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5804] <... mkdir resumed>) = 0 [pid 5801] <... chdir resumed>) = 0 [pid 5800] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5804] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5801] ioctl(4, LOOP_CLR_FD) = 0 [pid 5800] <... mmap resumed>) = 0x20000000 [pid 5801] close(4 [pid 5800] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5801] <... close resumed>) = 0 [pid 5801] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5801] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5801] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5801] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5801] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [ 156.054242][ T27] audit: type=1800 audit(1692541359.708:768): pid=5800 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop1" ino=851 res=0 errno=0 [ 156.063715][ T5804] loop4: detected capacity change from 0 to 2048 [ 156.078353][ T5801] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 156.103175][ T5803] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [pid 5801] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5801] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5801] memfd_create("syzkaller", 0) = 6 [pid 5800] <... open resumed>) = -1 EFAULT (Bad address) [pid 5801] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5805] <... write resumed>) = 1048576 [pid 5801] <... mmap resumed>) = 0x7f362c399000 [pid 5800] memfd_create("syzkaller", 0 [pid 5805] munmap(0x7f3634699000, 1048576) = 0 [pid 5805] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 156.134500][ T27] audit: type=1800 audit(1692541359.788:769): pid=5801 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop3" ino=851 res=0 errno=0 [ 156.142579][ T5803] UDF-fs: Scanning with blocksize 512 failed [ 156.162463][ T5802] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 156.172385][ T5804] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [pid 5805] ioctl(4, LOOP_SET_FD, 3 [pid 5800] <... memfd_create resumed>) = 6 [pid 5800] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5805] <... ioctl resumed>) = 0 [pid 5805] close(3) = 0 [pid 5805] mkdir("\x2e\x02", 0777) = 0 [ 156.178905][ T5805] loop2: detected capacity change from 0 to 2048 [ 156.182643][ T5802] UDF-fs: Scanning with blocksize 512 failed [ 156.192947][ T5804] UDF-fs: Scanning with blocksize 512 failed [pid 5805] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5800] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5800] munmap(0x7f362c399000, 2097152) = 0 [pid 5800] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 7 [pid 5800] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5800] ioctl(7, LOOP_CLR_FD) = 0 [pid 5801] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5800] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5800] close(7 [pid 5804] <... mount resumed>) = 0 [pid 5802] <... mount resumed>) = 0 [pid 5800] <... close resumed>) = 0 [pid 5800] close(6 [pid 5804] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5802] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5804] <... openat resumed>) = 3 [pid 5802] <... openat resumed>) = 3 [pid 5802] chdir("\x2e\x02" [pid 5804] chdir("\x2e\x02") = 0 [pid 5802] <... chdir resumed>) = 0 [pid 5804] ioctl(4, LOOP_CLR_FD [pid 5802] ioctl(4, LOOP_CLR_FD [pid 5804] <... ioctl resumed>) = 0 [pid 5802] <... ioctl resumed>) = 0 [pid 5804] close(4 [pid 5802] close(4 [pid 5804] <... close resumed>) = 0 [pid 5802] <... close resumed>) = 0 [ 156.226449][ T5805] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 156.239098][ T5804] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 156.248465][ T5802] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 156.261559][ T5805] UDF-fs: Scanning with blocksize 512 failed [pid 5802] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5804] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5802] <... open resumed>) = 4 [pid 5805] <... mount resumed>) = 0 [pid 5804] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5802] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5805] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5804] <... mount resumed>) = 0 [pid 5802] <... mount resumed>) = 0 [ 156.282679][ T27] audit: type=1800 audit(1692541359.938:770): pid=5804 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop4" ino=851 res=0 errno=0 [ 156.283782][ T5805] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 156.323881][ T5803] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [pid 5805] <... openat resumed>) = 3 [pid 5804] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5802] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5800] <... close resumed>) = 0 [pid 5805] chdir("\x2e\x02" [pid 5804] <... open resumed>) = 5 [pid 5802] <... open resumed>) = 5 [pid 5800] exit_group(0) = ? [pid 5805] <... chdir resumed>) = 0 [pid 5804] openat(AT_FDCWD, NULL, O_RDWR [pid 5805] ioctl(4, LOOP_CLR_FD [pid 5802] openat(AT_FDCWD, NULL, O_RDWR [pid 5804] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5805] <... ioctl resumed>) = 0 [pid 5802] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5805] close(4 [pid 5802] ftruncate(-1, 2 [pid 5804] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5802] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5805] <... close resumed>) = 0 [pid 5805] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5804] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5802] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5804] <... mmap resumed>) = 0x20000000 [pid 5802] <... mmap resumed>) = 0x20000000 [pid 5805] <... open resumed>) = 4 [pid 5800] +++ exited with 0 +++ [pid 5804] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5805] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5802] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5800, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5804] <... open resumed>) = -1 EFAULT (Bad address) [pid 5015] restart_syscall(<... resuming interrupted clone ...> [pid 5802] <... open resumed>) = -1 EFAULT (Bad address) [pid 5015] <... restart_syscall resumed>) = 0 [pid 5805] <... mount resumed>) = 0 [pid 5802] memfd_create("syzkaller", 0) = 6 [pid 5802] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5805] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5804] memfd_create("syzkaller", 0 [pid 5015] umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5804] <... memfd_create resumed>) = 6 [pid 5804] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5805] openat(AT_FDCWD, NULL, O_RDWR [pid 5804] <... mmap resumed>) = 0x7f362c399000 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5805] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5015] openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5805] ftruncate(-1, 2 [pid 5015] newfstatat(3, "", [pid 5805] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5805] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5015] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5805] <... mmap resumed>) = 0x20000000 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(AT_FDCWD, "./127/binderfs", [pid 5805] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5805] <... open resumed>) = -1 EFAULT (Bad address) [pid 5015] unlink("./127/binderfs") = 0 [pid 5805] memfd_create("syzkaller", 0 [pid 5015] umount2("\x2e\x2f\x31\x32\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5805] <... memfd_create resumed>) = 6 [ 156.332461][ T5803] UDF-fs: Scanning with blocksize 1024 failed [ 156.350901][ T5803] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 156.360833][ T5803] UDF-fs: Scanning with blocksize 2048 failed [pid 5805] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [ 156.381771][ T27] audit: type=1800 audit(1692541359.938:771): pid=5802 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop5" ino=851 res=0 errno=0 [ 156.403451][ T27] audit: type=1800 audit(1692541360.008:772): pid=5805 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop2" ino=851 res=0 errno=0 [pid 5801] <... write resumed>) = 2097152 [pid 5801] munmap(0x7f362c399000, 2097152) = 0 [pid 5805] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5015] <... umount2 resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x32\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5801] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 7 [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x37\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] umount2("\x2e\x2f\x31\x32\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5801] ioctl(7, LOOP_SET_FD, 6 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5801] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x37\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5801] ioctl(7, LOOP_CLR_FD) = 0 [pid 5015] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] getdents64(4, [pid 5801] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5801] close(7) = 0 [pid 5801] close(6 [pid 5015] getdents64(4, [pid 5801] <... close resumed>) = 0 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] close(4) = 0 [pid 5015] rmdir("\x2e\x2f\x31\x32\x37\x2f\x2e\x02") = 0 [pid 5015] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] close(3) = 0 [pid 5015] rmdir("./127") = 0 [pid 5015] mkdir("./128", 0777) = 0 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [ 156.433394][ T5803] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [pid 5804] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5015] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5805] <... write resumed>) = 2097152 [pid 5803] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5015] close(3) = 0 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 5806 [pid 5802] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152./strace-static-x86_64: Process 5806 attached [pid 5806] set_robust_list(0x555557506760, 24) = 0 [pid 5806] chdir("./128") = 0 [pid 5806] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5806] setpgid(0, 0) = 0 [pid 5806] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5806] write(3, "1000", 4) = 4 [pid 5806] close(3) = 0 [pid 5801] exit_group(0 [pid 5806] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5801] <... exit_group resumed>) = ? [pid 5805] munmap(0x7f362c399000, 2097152) = 0 [pid 5805] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5806] memfd_create("syzkaller", 0) = 3 [pid 5805] <... openat resumed>) = 7 [pid 5806] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5805] ioctl(7, LOOP_SET_FD, 6 [pid 5806] <... mmap resumed>) = 0x7f3634699000 [pid 5805] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5806] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5805] ioctl(7, LOOP_CLR_FD [pid 5801] +++ exited with 0 +++ [pid 5803] ioctl(4, LOOP_CLR_FD) = 0 [pid 5805] <... ioctl resumed>) = 0 [pid 5803] close(4) = 0 [ 156.496709][ T5803] UDF-fs: Scanning with blocksize 4096 failed [pid 5803] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 3 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5801, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5803] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5803] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 5803] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5803] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5803] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 5803] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5803] memfd_create("syzkaller", 0) = 5 [pid 5803] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5017] umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5805] ioctl(7, LOOP_SET_FD, 6 [pid 5017] openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5805] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5805] close(7 [pid 5017] <... openat resumed>) = 3 [pid 5805] <... close resumed>) = 0 [pid 5017] newfstatat(3, "", [pid 5805] close(6 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(AT_FDCWD, "./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] unlink("./125/binderfs" [pid 5806] <... write resumed>) = 1048576 [pid 5802] <... write resumed>) = 2097152 [pid 5017] <... unlink resumed>) = 0 [pid 5017] umount2("\x2e\x2f\x31\x32\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5804] <... write resumed>) = 2097152 [ 156.550961][ T27] audit: type=1800 audit(1692541360.208:773): pid=5803 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="sda1" ino=1942 res=0 errno=0 [pid 5017] <... umount2 resumed>) = 0 [pid 5802] munmap(0x7f362c399000, 2097152 [pid 5805] <... close resumed>) = 0 [pid 5017] umount2("\x2e\x2f\x31\x32\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5806] munmap(0x7f3634699000, 1048576) = 0 [pid 5805] exit_group(0 [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x35\x2f\x2e\x02", [pid 5805] <... exit_group resumed>) = ? [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5806] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5805] +++ exited with 0 +++ [pid 5804] munmap(0x7f362c399000, 2097152 [pid 5017] umount2("\x2e\x2f\x31\x32\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5805, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5806] <... openat resumed>) = 4 [pid 5804] <... munmap resumed>) = 0 [pid 5802] <... munmap resumed>) = 0 [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x35\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5806] ioctl(4, LOOP_SET_FD, 3 [pid 5802] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 7 [pid 5017] <... openat resumed>) = 4 [pid 5802] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5802] ioctl(7, LOOP_CLR_FD [pid 5017] newfstatat(4, "", [pid 5016] umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5804] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5802] <... ioctl resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5804] <... openat resumed>) = 7 [pid 5017] getdents64(4, [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5804] ioctl(7, LOOP_SET_FD, 6 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5016] openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5804] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5804] ioctl(7, LOOP_CLR_FD) = 0 [pid 5802] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5017] getdents64(4, [pid 5016] <... openat resumed>) = 3 [pid 5802] close(7 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5016] newfstatat(3, "", [pid 5802] <... close resumed>) = 0 [pid 5017] close(4 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5804] ioctl(7, LOOP_SET_FD, 6 [pid 5802] close(6 [pid 5017] <... close resumed>) = 0 [pid 5804] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5803] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5016] getdents64(3, [pid 5804] close(7 [pid 5017] rmdir("\x2e\x2f\x31\x32\x35\x2f\x2e\x02" [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5804] <... close resumed>) = 0 [pid 5806] <... ioctl resumed>) = 0 [pid 5804] close(6 [pid 5806] close(3 [pid 5017] <... rmdir resumed>) = 0 [pid 5016] umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5806] <... close resumed>) = 0 [pid 5806] mkdir("\x2e\x02", 0777) = 0 [pid 5806] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5017] getdents64(3, [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] newfstatat(AT_FDCWD, "./127/binderfs", [pid 5802] <... close resumed>) = 0 [pid 5017] close(3 [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] <... close resumed>) = 0 [pid 5016] unlink("./127/binderfs" [pid 5017] rmdir("./125" [pid 5016] <... unlink resumed>) = 0 [pid 5017] <... rmdir resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x32\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5804] <... close resumed>) = 0 [pid 5017] mkdir("./126", 0777 [pid 5802] exit_group(0 [pid 5017] <... mkdir resumed>) = 0 [pid 5802] <... exit_group resumed>) = ? [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5802] +++ exited with 0 +++ [pid 5017] <... openat resumed>) = 3 [pid 5017] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5017] close(3) = 0 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5802, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- [pid 5016] <... umount2 resumed>) = 0 [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5807 [pid 5016] umount2("\x2e\x2f\x31\x32\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5804] exit_group(0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5804] <... exit_group resumed>) = ? [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x37\x2f\x2e\x02", [pid 5804] +++ exited with 0 +++ [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] umount2("\x2e\x2f\x31\x32\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x37\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5807 attached [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5804, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5016] <... openat resumed>) = 4 [pid 5807] set_robust_list(0x555557506760, 24 [pid 5019] openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] restart_syscall(<... resuming interrupted clone ...> [pid 5016] newfstatat(4, "", [pid 5807] <... set_robust_list resumed>) = 0 [pid 5019] <... openat resumed>) = 3 [pid 5018] <... restart_syscall resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5807] chdir("./126" [pid 5019] newfstatat(3, "", [pid 5016] getdents64(4, [pid 5807] <... chdir resumed>) = 0 [pid 5803] <... write resumed>) = 2097152 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5807] prctl(PR_SET_PDEATHSIG, SIGKILL [ 156.635970][ T5806] loop1: detected capacity change from 0 to 2048 [ 156.674346][ T5806] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] getdents64(4, [pid 5807] <... prctl resumed>) = 0 [pid 5803] munmap(0x7f362c399000, 2097152 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5807] setpgid(0, 0 [pid 5019] getdents64(3, [pid 5018] umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] close(4 [pid 5807] <... setpgid resumed>) = 0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... close resumed>) = 0 [pid 5807] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5803] <... munmap resumed>) = 0 [pid 5019] umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] rmdir("\x2e\x2f\x31\x32\x37\x2f\x2e\x02" [pid 5807] <... openat resumed>) = 3 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... openat resumed>) = 3 [pid 5016] <... rmdir resumed>) = 0 [pid 5807] write(3, "1000", 4 [pid 5016] getdents64(3, [pid 5807] <... write resumed>) = 4 [pid 5019] newfstatat(AT_FDCWD, "./130/binderfs", [pid 5018] newfstatat(3, "", [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5807] close(3 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] close(3 [pid 5807] <... close resumed>) = 0 [pid 5803] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5019] unlink("./130/binderfs" [pid 5018] getdents64(3, [pid 5016] <... close resumed>) = 0 [pid 5807] symlink("/dev/binderfs", "./binderfs" [pid 5016] rmdir("./127" [pid 5807] <... symlink resumed>) = 0 [pid 5803] <... openat resumed>) = 6 [pid 5019] <... unlink resumed>) = 0 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] <... rmdir resumed>) = 0 [pid 5807] memfd_create("syzkaller", 0 [pid 5016] mkdir("./128", 0777 [pid 5807] <... memfd_create resumed>) = 3 [pid 5803] ioctl(6, LOOP_SET_FD, 5 [pid 5019] umount2("\x2e\x2f\x31\x33\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... mkdir resumed>) = 0 [pid 5807] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5807] <... mmap resumed>) = 0x7f3634699000 [pid 5016] <... openat resumed>) = 3 [pid 5807] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5016] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5016] close(3) = 0 [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5803] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5808 [pid 5018] newfstatat(AT_FDCWD, "./129/binderfs", [pid 5803] ioctl(6, LOOP_CLR_FD [pid 5019] <... umount2 resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5803] <... ioctl resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x33\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] unlink("./129/binderfs" [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 5808 attached [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x30\x2f\x2e\x02", [pid 5018] umount2("\x2e\x2f\x31\x32\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5808] set_robust_list(0x555557506760, 24 [pid 5803] ioctl(6, LOOP_SET_FD, 5 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5808] <... set_robust_list resumed>) = 0 [pid 5808] chdir("./128") = 0 [pid 5808] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5808] setpgid(0, 0) = 0 [pid 5808] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5808] write(3, "1000", 4 [pid 5803] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] umount2("\x2e\x2f\x31\x33\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... umount2 resumed>) = 0 [ 156.719418][ T5806] UDF-fs: Scanning with blocksize 512 failed [pid 5808] <... write resumed>) = 4 [pid 5803] close(6 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] umount2("\x2e\x2f\x31\x32\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5808] close(3) = 0 [pid 5803] <... close resumed>) = 0 [pid 5803] close(5 [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5808] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5808] memfd_create("syzkaller", 0) = 3 [pid 5808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5808] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5803] <... close resumed>) = 0 [pid 5019] <... openat resumed>) = 4 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] newfstatat(4, "", [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x39\x2f\x2e\x02", [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] getdents64(4, [pid 5807] <... write resumed>) = 1048576 [pid 5807] munmap(0x7f3634699000, 1048576 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5018] umount2("\x2e\x2f\x31\x32\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] getdents64(4, [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5807] <... munmap resumed>) = 0 [pid 5019] close(4 [pid 5018] <... openat resumed>) = 4 [pid 5019] <... close resumed>) = 0 [pid 5018] newfstatat(4, "", [pid 5019] rmdir("\x2e\x2f\x31\x33\x30\x2f\x2e\x02" [pid 5807] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5807] ioctl(4, LOOP_SET_FD, 3 [pid 5019] <... rmdir resumed>) = 0 [pid 5019] getdents64(3, [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5803] exit_group(0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] getdents64(4, [pid 5803] <... exit_group resumed>) = ? [pid 5019] close(3 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5019] <... close resumed>) = 0 [pid 5018] getdents64(4, [pid 5019] rmdir("./130" [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5018] close(4 [pid 5019] mkdir("./131", 0777 [pid 5018] <... close resumed>) = 0 [pid 5019] <... mkdir resumed>) = 0 [pid 5018] rmdir("\x2e\x2f\x31\x32\x39\x2f\x2e\x02") = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5018] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] close(3) = 0 [pid 5808] <... write resumed>) = 1048576 [pid 5806] <... mount resumed>) = 0 [pid 5019] <... openat resumed>) = 3 [pid 5018] rmdir("./129" [pid 5806] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5806] <... openat resumed>) = 3 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5018] <... rmdir resumed>) = 0 [pid 5806] chdir("\x2e\x02" [pid 5019] close(3 [pid 5018] mkdir("./130", 0777 [pid 5806] <... chdir resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5806] ioctl(4, LOOP_CLR_FD) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5018] <... mkdir resumed>) = 0 [pid 5806] close(4) = 0 [pid 5806] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000./strace-static-x86_64: Process 5809 attached ) = 4 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5807] <... ioctl resumed>) = 0 [pid 5806] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5809 [pid 5018] <... openat resumed>) = 3 [pid 5807] close(3 [pid 5806] <... mount resumed>) = 0 [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5807] <... close resumed>) = 0 [pid 5806] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5807] mkdir("\x2e\x02", 0777 [pid 5018] close(3 [pid 5809] set_robust_list(0x555557506760, 24 [pid 5807] <... mkdir resumed>) = 0 [pid 5806] <... open resumed>) = 5 [pid 5018] <... close resumed>) = 0 [pid 5809] <... set_robust_list resumed>) = 0 [pid 5807] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5806] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5809] chdir("./131" [pid 5808] munmap(0x7f3634699000, 1048576 [pid 5806] <... openat resumed>) = -1 EFAULT (Bad address) [ 156.762381][ T5806] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 156.791863][ T5807] loop3: detected capacity change from 0 to 2048 [pid 5809] <... chdir resumed>) = 0 [pid 5808] <... munmap resumed>) = 0 [pid 5806] ftruncate(-1, 2 [pid 5809] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5808] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5806] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5810 [pid 5808] <... openat resumed>) = 4 [pid 5806] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5809] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 5810 attached [pid 5809] setpgid(0, 0 [pid 5808] ioctl(4, LOOP_SET_FD, 3 [pid 5806] <... mmap resumed>) = 0x20000000 [pid 5810] set_robust_list(0x555557506760, 24 [pid 5809] <... setpgid resumed>) = 0 [pid 5806] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5803] +++ exited with 0 +++ [pid 5810] <... set_robust_list resumed>) = 0 [pid 5806] <... open resumed>) = -1 EFAULT (Bad address) [pid 5809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5810] chdir("./130" [pid 5806] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5810] <... chdir resumed>) = 0 [pid 5806] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5810] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5809] <... openat resumed>) = 3 [pid 5806] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5803, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- [pid 5810] <... prctl resumed>) = 0 [pid 5809] write(3, "1000", 4 [pid 5806] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5810] setpgid(0, 0 [pid 5809] <... write resumed>) = 4 [pid 5806] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5014] umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5810] <... setpgid resumed>) = 0 [pid 5809] close(3 [pid 5806] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5806] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5810] <... openat resumed>) = 3 [pid 5809] <... close resumed>) = 0 [pid 5806] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5014] openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5810] write(3, "1000", 4 [pid 5809] symlink("/dev/binderfs", "./binderfs" [pid 5806] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5810] <... write resumed>) = 4 [pid 5806] memfd_create("syzkaller", 0 [pid 5014] <... openat resumed>) = 3 [pid 5810] close(3 [pid 5809] <... symlink resumed>) = 0 [pid 5806] <... memfd_create resumed>) = 6 [pid 5014] newfstatat(3, "", [pid 5810] <... close resumed>) = 0 [pid 5809] memfd_create("syzkaller", 0 [pid 5806] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5810] symlink("/dev/binderfs", "./binderfs" [pid 5809] <... memfd_create resumed>) = 3 [pid 5806] <... mmap resumed>) = 0x7f362c399000 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5808] <... ioctl resumed>) = 0 [pid 5810] <... symlink resumed>) = 0 [pid 5809] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5808] close(3 [pid 5806] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5014] getdents64(3, [pid 5810] memfd_create("syzkaller", 0 [pid 5809] <... mmap resumed>) = 0x7f3634699000 [pid 5808] <... close resumed>) = 0 [pid 5806] exit_group(0 [pid 5810] <... memfd_create resumed>) = 3 [pid 5808] mkdir("\x2e\x02", 0777 [pid 5806] <... exit_group resumed>) = ? [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 5 entries */, 32768) = 128 [pid 5810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5808] <... mkdir resumed>) = 0 [pid 5806] +++ exited with 0 +++ [pid 5014] umount2("./128/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5810] <... mmap resumed>) = 0x7f3634699000 [pid 5808] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5806, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5810] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5809] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5015] restart_syscall(<... resuming interrupted clone ...> [pid 5014] <... umount2 resumed>) = 0 [pid 5015] <... restart_syscall resumed>) = 0 [ 156.831057][ T5807] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 156.843139][ T5808] loop2: detected capacity change from 0 to 2048 [ 156.865434][ T5807] UDF-fs: Scanning with blocksize 512 failed [pid 5014] umount2("./128/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5809] <... write resumed>) = 1048576 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5014] newfstatat(AT_FDCWD, "./128/bus", [pid 5015] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] unlink("./128/bus" [pid 5810] <... write resumed>) = 1048576 [pid 5809] munmap(0x7f3634699000, 1048576 [pid 5015] umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] unlink("./128/binderfs") = 0 [pid 5014] <... unlink resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x32\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5809] <... munmap resumed>) = 0 [pid 5014] umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5810] munmap(0x7f3634699000, 1048576) = 0 [pid 5810] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5810] ioctl(4, LOOP_SET_FD, 3 [pid 5807] <... mount resumed>) = 0 [pid 5807] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5807] chdir("\x2e\x02") = 0 [pid 5807] ioctl(4, LOOP_CLR_FD) = 0 [pid 5807] close(4) = 0 [pid 5807] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5809] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5809] <... openat resumed>) = 4 [pid 5014] newfstatat(AT_FDCWD, "./128/binderfs", [ 156.899246][ T5808] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 156.907115][ T5807] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 156.929304][ T5808] UDF-fs: Scanning with blocksize 512 failed [ 156.940313][ T5809] loop5: detected capacity change from 0 to 2048 [pid 5809] ioctl(4, LOOP_SET_FD, 3 [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5809] <... ioctl resumed>) = 0 [pid 5807] <... open resumed>) = 4 [pid 5015] <... umount2 resumed>) = 0 [pid 5014] unlink("./128/binderfs" [pid 5809] close(3 [pid 5808] <... mount resumed>) = 0 [pid 5807] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5015] umount2("\x2e\x2f\x31\x32\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... unlink resumed>) = 0 [pid 5810] <... ioctl resumed>) = 0 [pid 5809] <... close resumed>) = 0 [pid 5807] <... mount resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5809] mkdir("\x2e\x02", 0777 [pid 5807] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x38\x2f\x2e\x02", [pid 5014] umount2("\x2e\x2f\x31\x32\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5809] <... mkdir resumed>) = 0 [pid 5808] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5807] <... open resumed>) = 5 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5809] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5808] <... openat resumed>) = 3 [pid 5807] openat(AT_FDCWD, NULL, O_RDWR [pid 5015] umount2("\x2e\x2f\x31\x32\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5808] chdir("\x2e\x02" [pid 5807] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x38\x2f\x2e\x02", [pid 5810] close(3 [pid 5808] <... chdir resumed>) = 0 [pid 5807] ftruncate(-1, 2 [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5810] <... close resumed>) = 0 [pid 5808] ioctl(4, LOOP_CLR_FD [pid 5807] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5015] <... openat resumed>) = 4 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5810] mkdir("\x2e\x02", 0777 [pid 5808] <... ioctl resumed>) = 0 [pid 5807] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5015] newfstatat(4, "", [pid 5014] umount2("\x2e\x2f\x31\x32\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5810] <... mkdir resumed>) = 0 [pid 5808] close(4 [pid 5807] <... mmap resumed>) = 0x20000000 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5810] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5808] <... close resumed>) = 0 [pid 5807] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5015] getdents64(4, [pid 5014] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5808] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5807] <... open resumed>) = -1 EFAULT (Bad address) [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5808] <... open resumed>) = 4 [pid 5807] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5015] getdents64(4, [pid 5014] <... openat resumed>) = 4 [ 156.944292][ T5808] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 156.957977][ T5810] loop4: detected capacity change from 0 to 2048 [ 156.974718][ T5809] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 156.982556][ T5809] UDF-fs: Scanning with blocksize 512 failed [pid 5808] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5807] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5014] newfstatat(4, "", [pid 5808] <... mount resumed>) = 0 [pid 5807] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5015] close(4 [pid 5808] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5807] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5015] <... close resumed>) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5808] <... open resumed>) = 5 [pid 5807] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5015] rmdir("\x2e\x2f\x31\x32\x38\x2f\x2e\x02" [pid 5808] openat(AT_FDCWD, NULL, O_RDWR [pid 5807] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5015] <... rmdir resumed>) = 0 [pid 5014] getdents64(4, [pid 5808] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5807] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5015] getdents64(3, [pid 5808] ftruncate(-1, 2 [pid 5807] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5808] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5807] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5015] close(3 [pid 5014] getdents64(4, [pid 5808] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5807] memfd_create("syzkaller", 0 [pid 5015] <... close resumed>) = 0 [pid 5014] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5808] <... mmap resumed>) = 0x20000000 [pid 5807] <... memfd_create resumed>) = 6 [pid 5015] rmdir("./128" [pid 5014] close(4 [pid 5808] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5807] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5015] <... rmdir resumed>) = 0 [pid 5014] <... close resumed>) = 0 [pid 5808] <... open resumed>) = -1 EFAULT (Bad address) [pid 5807] <... mmap resumed>) = 0x7f362c399000 [pid 5015] mkdir("./129", 0777 [pid 5014] rmdir("\x2e\x2f\x31\x32\x38\x2f\x2e\x02" [pid 5808] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5807] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5015] <... mkdir resumed>) = 0 [pid 5808] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5807] exit_group(0 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5014] <... rmdir resumed>) = 0 [pid 5808] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5807] <... exit_group resumed>) = ? [pid 5015] <... openat resumed>) = 3 [pid 5014] getdents64(3, [pid 5808] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5807] +++ exited with 0 +++ [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5808] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5014] close(3 [pid 5808] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [ 157.006755][ T5810] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5807, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5015] close(3 [pid 5808] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5017] restart_syscall(<... resuming interrupted clone ...> [pid 5015] <... close resumed>) = 0 [pid 5014] <... close resumed>) = 0 [pid 5808] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5017] <... restart_syscall resumed>) = 0 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5014] rmdir("./128" [pid 5808] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5808] memfd_create("syzkaller", 0 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5811 [pid 5808] <... memfd_create resumed>) = 6 [pid 5017] umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... rmdir resumed>) = 0 [pid 5808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] mkdir("./129", 0777 [pid 5808] <... mmap resumed>) = 0x7f362c399000 [pid 5017] openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5808] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5017] <... openat resumed>) = 3 [pid 5808] exit_group(0 [pid 5017] newfstatat(3, "", [pid 5808] <... exit_group resumed>) = ? [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 5811 attached [pid 5808] +++ exited with 0 +++ [pid 5017] getdents64(3, [pid 5811] set_robust_list(0x555557506760, 24 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5808, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5811] <... set_robust_list resumed>) = 0 [pid 5017] umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] restart_syscall(<... resuming interrupted clone ...> [pid 5811] chdir("./129" [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... restart_syscall resumed>) = 0 [pid 5811] <... chdir resumed>) = 0 [pid 5017] newfstatat(AT_FDCWD, "./126/binderfs", [pid 5811] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5811] <... prctl resumed>) = 0 [pid 5017] unlink("./126/binderfs" [pid 5016] umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5811] setpgid(0, 0 [pid 5017] <... unlink resumed>) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5811] <... setpgid resumed>) = 0 [pid 5017] umount2("\x2e\x2f\x31\x32\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5811] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5016] <... openat resumed>) = 3 [pid 5014] <... mkdir resumed>) = 0 [pid 5811] <... openat resumed>) = 3 [pid 5016] newfstatat(3, "", [pid 5811] write(3, "1000", 4 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5811] <... write resumed>) = 4 [pid 5017] <... umount2 resumed>) = 0 [pid 5016] getdents64(3, [pid 5811] close(3 [pid 5017] umount2("\x2e\x2f\x31\x32\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] <... openat resumed>) = 3 [pid 5811] <... close resumed>) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] ioctl(3, LOOP_CLR_FD [pid 5811] symlink("/dev/binderfs", "./binderfs" [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x36\x2f\x2e\x02", [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5811] <... symlink resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] newfstatat(AT_FDCWD, "./128/binderfs", [pid 5014] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5811] memfd_create("syzkaller", 0 [pid 5017] umount2("\x2e\x2f\x31\x32\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5811] <... memfd_create resumed>) = 3 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] unlink("./128/binderfs" [pid 5014] close(3 [pid 5811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] <... unlink resumed>) = 0 [ 157.048525][ T5810] UDF-fs: Scanning with blocksize 512 failed [ 157.060904][ T5809] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5811] <... mmap resumed>) = 0x7f3634699000 [pid 5809] <... mount resumed>) = 0 [pid 5017] <... openat resumed>) = 4 [pid 5016] umount2("\x2e\x2f\x31\x32\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... close resumed>) = 0 [pid 5809] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5017] newfstatat(4, "", [pid 5809] <... openat resumed>) = 3 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5811] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5809] chdir("\x2e\x02" [pid 5017] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5017] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5017] close(4) = 0 [pid 5017] rmdir("\x2e\x2f\x31\x32\x36\x2f\x2e\x02") = 0 [pid 5017] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5017] close(3) = 0 [pid 5809] <... chdir resumed>) = 0 [pid 5017] rmdir("./126" [pid 5809] ioctl(4, LOOP_CLR_FD [pid 5017] <... rmdir resumed>) = 0 [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 5812 [pid 5809] <... ioctl resumed>) = 0 [pid 5017] mkdir("./127", 0777 [pid 5809] close(4 [pid 5017] <... mkdir resumed>) = 0 [pid 5809] <... close resumed>) = 0 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5016] <... umount2 resumed>) = 0 [pid 5017] <... openat resumed>) = 3 [pid 5017] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5017] close(3) = 0 [pid 5809] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5809] <... open resumed>) = 4 [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5813 [pid 5016] umount2("\x2e\x2f\x31\x32\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5809] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL./strace-static-x86_64: Process 5813 attached ) = 0 [pid 5809] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5813] set_robust_list(0x555557506760, 24 [pid 5809] <... open resumed>) = 5 [pid 5813] <... set_robust_list resumed>) = 0 [pid 5809] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5809] ftruncate(-1, 2 [pid 5813] chdir("./127" [pid 5809] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5813] <... chdir resumed>) = 0 [pid 5809] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5813] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5813] setpgid(0, 0) = 0 [pid 5813] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5809] <... mmap resumed>) = 0x20000000 ./strace-static-x86_64: Process 5812 attached [pid 5813] <... openat resumed>) = 3 [pid 5809] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x38\x2f\x2e\x02", [pid 5813] write(3, "1000", 4 [pid 5812] set_robust_list(0x555557506760, 24 [pid 5809] <... open resumed>) = -1 EFAULT (Bad address) [pid 5813] <... write resumed>) = 4 [pid 5809] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5813] close(3 [pid 5809] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5813] <... close resumed>) = 0 [pid 5812] <... set_robust_list resumed>) = 0 [pid 5809] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5016] umount2("\x2e\x2f\x31\x32\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5813] symlink("/dev/binderfs", "./binderfs" [pid 5812] chdir("./129" [pid 5810] <... mount resumed>) = 0 [pid 5809] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5813] <... symlink resumed>) = 0 [pid 5811] <... write resumed>) = 1048576 [pid 5810] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5809] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5812] <... chdir resumed>) = 0 [pid 5813] memfd_create("syzkaller", 0 [pid 5811] munmap(0x7f3634699000, 1048576 [pid 5810] <... openat resumed>) = 3 [pid 5809] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5813] <... memfd_create resumed>) = 3 [pid 5812] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5811] <... munmap resumed>) = 0 [pid 5810] chdir("\x2e\x02" [pid 5809] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5016] <... openat resumed>) = 4 [pid 5813] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5812] <... prctl resumed>) = 0 [pid 5811] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5810] <... chdir resumed>) = 0 [pid 5809] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5813] <... mmap resumed>) = 0x7f3634699000 [pid 5812] setpgid(0, 0 [pid 5811] <... openat resumed>) = 4 [pid 5810] ioctl(4, LOOP_CLR_FD [pid 5809] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [ 157.104534][ T5810] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5016] newfstatat(4, "", [pid 5813] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5812] <... setpgid resumed>) = 0 [pid 5811] ioctl(4, LOOP_SET_FD, 3 [pid 5810] <... ioctl resumed>) = 0 [pid 5809] memfd_create("syzkaller", 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5812] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5811] <... ioctl resumed>) = 0 [pid 5810] close(4 [pid 5809] <... memfd_create resumed>) = 6 [pid 5811] close(3 [pid 5810] <... close resumed>) = 0 [pid 5016] getdents64(4, [pid 5811] <... close resumed>) = 0 [pid 5810] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5812] <... openat resumed>) = 3 [pid 5811] mkdir("\x2e\x02", 0777 [pid 5810] <... open resumed>) = 4 [pid 5812] write(3, "1000", 4 [pid 5811] <... mkdir resumed>) = 0 [pid 5810] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5809] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5812] <... write resumed>) = 4 [pid 5811] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5810] <... mount resumed>) = 0 [pid 5812] close(3 [pid 5810] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5809] <... mmap resumed>) = 0x7f362c399000 [pid 5016] getdents64(4, [pid 5812] <... close resumed>) = 0 [pid 5810] <... open resumed>) = 5 [pid 5812] symlink("/dev/binderfs", "./binderfs" [pid 5810] openat(AT_FDCWD, NULL, O_RDWR [pid 5809] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5810] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5810] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5016] close(4 [pid 5810] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5812] <... symlink resumed>) = 0 [pid 5810] <... mmap resumed>) = 0x20000000 [pid 5809] exit_group(0 [pid 5016] <... close resumed>) = 0 [pid 5810] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5016] rmdir("\x2e\x2f\x31\x32\x38\x2f\x2e\x02" [pid 5809] <... exit_group resumed>) = ? [pid 5810] <... open resumed>) = -1 EFAULT (Bad address) [pid 5812] memfd_create("syzkaller", 0 [pid 5810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5809] +++ exited with 0 +++ [pid 5810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5810] memfd_create("syzkaller", 0 [pid 5016] <... rmdir resumed>) = 0 [pid 5812] <... memfd_create resumed>) = 3 [pid 5810] <... memfd_create resumed>) = 6 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5809, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5812] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5016] getdents64(3, [pid 5812] <... mmap resumed>) = 0x7f3634699000 [pid 5810] <... mmap resumed>) = 0x7f362c399000 [ 157.165156][ T5811] loop1: detected capacity change from 0 to 2048 [ 157.188836][ T5811] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [pid 5810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5810] exit_group(0) = ? [pid 5810] +++ exited with 0 +++ [pid 5813] <... write resumed>) = 1048576 [pid 5813] munmap(0x7f3634699000, 1048576 [pid 5812] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5810, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5016] close(3) = 0 [pid 5016] rmdir("./128" [pid 5019] umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5813] <... munmap resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... rmdir resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5813] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5019] openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] mkdir("./129", 0777 [pid 5019] <... openat resumed>) = 3 [pid 5018] <... openat resumed>) = 3 [pid 5813] <... openat resumed>) = 4 [pid 5813] ioctl(4, LOOP_SET_FD, 3 [pid 5019] newfstatat(3, "", [pid 5018] newfstatat(3, "", [pid 5016] <... mkdir resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5019] getdents64(3, [pid 5018] getdents64(3, [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5019] umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] <... openat resumed>) = 3 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] newfstatat(AT_FDCWD, "./131/binderfs", [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] newfstatat(AT_FDCWD, "./130/binderfs", [pid 5019] unlink("./131/binderfs" [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] <... unlink resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x33\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] unlink("./130/binderfs" [pid 5016] close(3 [pid 5018] <... unlink resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x33\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... close resumed>) = 0 [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 5814 [pid 5813] <... ioctl resumed>) = 0 [pid 5813] close(3) = 0 [pid 5813] mkdir("\x2e\x02", 0777 [pid 5019] <... umount2 resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x33\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x31\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] umount2("\x2e\x2f\x31\x33\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x31\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5813] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5814 attached [pid 5814] set_robust_list(0x555557506760, 24 [pid 5813] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5814] <... set_robust_list resumed>) = 0 [pid 5814] chdir("./129" [pid 5812] <... write resumed>) = 1048576 [pid 5019] <... openat resumed>) = 4 [pid 5018] <... umount2 resumed>) = 0 [pid 5814] <... chdir resumed>) = 0 [pid 5812] munmap(0x7f3634699000, 1048576 [pid 5019] newfstatat(4, "", [pid 5018] umount2("\x2e\x2f\x31\x33\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5814] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5814] <... prctl resumed>) = 0 [pid 5812] <... munmap resumed>) = 0 [pid 5019] getdents64(4, [ 157.227778][ T5811] UDF-fs: Scanning with blocksize 512 failed [ 157.240309][ T5813] loop3: detected capacity change from 0 to 2048 [ 157.267036][ T5811] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x30\x2f\x2e\x02", [pid 5814] setpgid(0, 0 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5812] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5814] <... setpgid resumed>) = 0 [pid 5812] <... openat resumed>) = 4 [pid 5019] getdents64(4, [pid 5018] umount2("\x2e\x2f\x31\x33\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5814] <... openat resumed>) = 3 [pid 5019] close(4 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5814] write(3, "1000", 4 [pid 5019] <... close resumed>) = 0 [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5814] <... write resumed>) = 4 [pid 5019] rmdir("\x2e\x2f\x31\x33\x31\x2f\x2e\x02" [pid 5814] close(3 [pid 5018] <... openat resumed>) = 4 [pid 5814] <... close resumed>) = 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5018] newfstatat(4, "", [pid 5814] symlink("/dev/binderfs", "./binderfs" [pid 5019] getdents64(3, [pid 5814] <... symlink resumed>) = 0 [pid 5812] ioctl(4, LOOP_SET_FD, 3 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5814] memfd_create("syzkaller", 0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5814] <... memfd_create resumed>) = 3 [pid 5814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] close(3 [pid 5018] getdents64(4, [pid 5814] <... mmap resumed>) = 0x7f3634699000 [pid 5814] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5811] <... mount resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5811] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5811] chdir("\x2e\x02") = 0 [pid 5811] ioctl(4, LOOP_CLR_FD) = 0 [pid 5811] close(4) = 0 [pid 5811] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] rmdir("./131" [pid 5018] getdents64(4, [pid 5811] <... open resumed>) = 4 [pid 5019] <... rmdir resumed>) = 0 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5811] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] mkdir("./132", 0777 [pid 5018] close(4 [pid 5811] <... mount resumed>) = 0 [pid 5019] <... mkdir resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5811] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5018] rmdir("\x2e\x2f\x31\x33\x30\x2f\x2e\x02" [pid 5811] <... open resumed>) = 5 [pid 5811] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5018] <... rmdir resumed>) = 0 [pid 5811] ftruncate(-1, 2 [pid 5019] <... openat resumed>) = 3 [pid 5811] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5018] getdents64(3, [pid 5811] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5811] <... mmap resumed>) = 0x20000000 [pid 5019] close(3 [pid 5018] close(3 [pid 5811] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] <... close resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5811] <... open resumed>) = -1 EFAULT (Bad address) [ 157.290601][ T5813] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 157.315078][ T5813] UDF-fs: Scanning with blocksize 512 failed [ 157.322216][ T5812] loop0: detected capacity change from 0 to 2048 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5018] rmdir("./130" [pid 5812] <... ioctl resumed>) = 0 [pid 5811] memfd_create("syzkaller", 0 [pid 5018] <... rmdir resumed>) = 0 [pid 5811] <... memfd_create resumed>) = 6 [pid 5018] mkdir("./131", 0777 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5815 ./strace-static-x86_64: Process 5815 attached [pid 5812] close(3 [pid 5811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] <... mkdir resumed>) = 0 [pid 5812] <... close resumed>) = 0 [pid 5811] <... mmap resumed>) = 0x7f362c399000 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5815] set_robust_list(0x555557506760, 24 [pid 5812] mkdir("\x2e\x02", 0777 [pid 5018] <... openat resumed>) = 3 [pid 5815] <... set_robust_list resumed>) = 0 [pid 5812] <... mkdir resumed>) = 0 [pid 5018] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5815] chdir("./132" [pid 5814] <... write resumed>) = 1048576 [pid 5812] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [pid 5018] close(3 [pid 5815] <... chdir resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5814] munmap(0x7f3634699000, 1048576 [pid 5815] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5814] <... munmap resumed>) = 0 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5815] <... prctl resumed>) = 0 [pid 5814] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5815] setpgid(0, 0 [pid 5814] <... openat resumed>) = 4 [pid 5815] <... setpgid resumed>) = 0 [pid 5814] ioctl(4, LOOP_SET_FD, 3 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5816 ./strace-static-x86_64: Process 5816 attached [pid 5815] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5815] write(3, "1000", 4 [pid 5816] set_robust_list(0x555557506760, 24 [pid 5815] <... write resumed>) = 4 [pid 5816] <... set_robust_list resumed>) = 0 [pid 5815] close(3 [pid 5816] chdir("./131" [pid 5815] <... close resumed>) = 0 [pid 5813] <... mount resumed>) = 0 [pid 5816] <... chdir resumed>) = 0 [pid 5815] symlink("/dev/binderfs", "./binderfs" [pid 5813] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5816] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5815] <... symlink resumed>) = 0 [pid 5813] <... openat resumed>) = 3 [ 157.393807][ T5813] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 157.414690][ T5812] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 157.427898][ T5814] loop2: detected capacity change from 0 to 2048 [ 157.432044][ T5812] UDF-fs: Scanning with blocksize 512 failed [pid 5816] <... prctl resumed>) = 0 [pid 5815] memfd_create("syzkaller", 0 [pid 5813] chdir("\x2e\x02" [pid 5816] setpgid(0, 0 [pid 5815] <... memfd_create resumed>) = 3 [pid 5813] <... chdir resumed>) = 0 [pid 5816] <... setpgid resumed>) = 0 [pid 5815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5813] ioctl(4, LOOP_CLR_FD [pid 5816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5815] <... mmap resumed>) = 0x7f3634699000 [pid 5814] <... ioctl resumed>) = 0 [pid 5813] <... ioctl resumed>) = 0 [pid 5814] close(3) = 0 [pid 5814] mkdir("\x2e\x02", 0777 [pid 5816] <... openat resumed>) = 3 [pid 5814] <... mkdir resumed>) = 0 [pid 5814] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5816] write(3, "1000", 4 [pid 5815] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5813] close(4 [pid 5816] <... write resumed>) = 4 [pid 5813] <... close resumed>) = 0 [pid 5816] close(3 [pid 5813] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5816] <... close resumed>) = 0 [pid 5816] symlink("/dev/binderfs", "./binderfs" [pid 5813] <... open resumed>) = 4 [pid 5816] <... symlink resumed>) = 0 [pid 5815] <... write resumed>) = 1048576 [pid 5813] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5816] memfd_create("syzkaller", 0 [pid 5815] munmap(0x7f3634699000, 1048576 [pid 5813] <... mount resumed>) = 0 [pid 5816] <... memfd_create resumed>) = 3 [pid 5813] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5816] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5815] <... munmap resumed>) = 0 [pid 5813] <... open resumed>) = 5 [pid 5816] <... mmap resumed>) = 0x7f3634699000 [pid 5815] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5813] openat(AT_FDCWD, NULL, O_RDWR [pid 5816] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5815] <... openat resumed>) = 4 [pid 5813] <... openat resumed>) = -1 EFAULT (Bad address) [ 157.481661][ T5812] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 157.509798][ T5814] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 157.521556][ T5812] UDF-fs: Scanning with blocksize 1024 failed [pid 5815] ioctl(4, LOOP_SET_FD, 3 [pid 5813] ftruncate(-1, 2 [pid 5811] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5813] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5815] <... ioctl resumed>) = 0 [pid 5813] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5815] close(3) = 0 [pid 5813] <... mmap resumed>) = 0x20000000 [pid 5815] mkdir("\x2e\x02", 0777 [pid 5813] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5815] <... mkdir resumed>) = 0 [pid 5813] <... open resumed>) = -1 EFAULT (Bad address) [ 157.546458][ T5815] loop5: detected capacity change from 0 to 2048 [ 157.560403][ T5814] UDF-fs: Scanning with blocksize 512 failed [ 157.565983][ T5812] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 157.573819][ T5812] UDF-fs: Scanning with blocksize 2048 failed [pid 5815] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5813] memfd_create("syzkaller", 0 [pid 5816] <... write resumed>) = 1048576 [pid 5813] <... memfd_create resumed>) = 6 [pid 5816] munmap(0x7f3634699000, 1048576 [pid 5813] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5816] <... munmap resumed>) = 0 [pid 5813] <... mmap resumed>) = 0x7f362c399000 [pid 5816] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5816] ioctl(4, LOOP_SET_FD, 3 [pid 5811] <... write resumed>) = 2097152 [ 157.589574][ T5815] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 157.602969][ T5815] UDF-fs: Scanning with blocksize 512 failed [ 157.624698][ T5815] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 157.633850][ T5816] loop4: detected capacity change from 0 to 2048 [pid 5811] munmap(0x7f362c399000, 2097152 [pid 5816] <... ioctl resumed>) = 0 [pid 5811] <... munmap resumed>) = 0 [pid 5816] close(3) = 0 [pid 5816] mkdir("\x2e\x02", 0777 [pid 5811] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 7 [pid 5816] <... mkdir resumed>) = 0 [pid 5811] ioctl(7, LOOP_SET_FD, 6 [pid 5816] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5815] <... mount resumed>) = 0 [pid 5811] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5811] ioctl(7, LOOP_CLR_FD) = 0 [pid 5815] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5811] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5811] close(7) = 0 [pid 5811] close(6 [pid 5815] chdir("\x2e\x02") = 0 [pid 5814] <... mount resumed>) = 0 [pid 5815] ioctl(4, LOOP_CLR_FD [pid 5814] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5811] <... close resumed>) = 0 [pid 5815] <... ioctl resumed>) = 0 [pid 5814] <... openat resumed>) = 3 [pid 5815] close(4 [ 157.642925][ T5814] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 157.661034][ T5812] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 157.665337][ T5816] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 157.681489][ T5812] UDF-fs: Scanning with blocksize 4096 failed [pid 5814] chdir("\x2e\x02" [pid 5812] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5815] <... close resumed>) = 0 [pid 5814] <... chdir resumed>) = 0 [pid 5813] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5812] ioctl(4, LOOP_CLR_FD [pid 5811] exit_group(0 [pid 5815] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5814] ioctl(4, LOOP_CLR_FD [pid 5811] <... exit_group resumed>) = ? [pid 5815] <... open resumed>) = 4 [pid 5814] <... ioctl resumed>) = 0 [pid 5812] <... ioctl resumed>) = 0 [pid 5815] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5814] close(4 [pid 5812] close(4 [pid 5811] +++ exited with 0 +++ [pid 5814] <... close resumed>) = 0 [pid 5814] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5811, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5814] <... open resumed>) = 4 [pid 5015] umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5814] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5814] <... mount resumed>) = 0 [pid 5015] openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5814] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5015] <... openat resumed>) = 3 [pid 5814] <... open resumed>) = 5 [pid 5815] <... mount resumed>) = 0 [pid 5015] newfstatat(3, "", [pid 5815] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5814] openat(AT_FDCWD, NULL, O_RDWR [pid 5812] <... close resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5815] <... open resumed>) = 5 [pid 5814] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5812] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5015] getdents64(3, [pid 5814] ftruncate(-1, 2 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5814] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5015] umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5815] openat(AT_FDCWD, NULL, O_RDWR [pid 5814] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5812] <... open resumed>) = 3 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5815] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5814] <... mmap resumed>) = 0x20000000 [pid 5812] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5015] newfstatat(AT_FDCWD, "./129/binderfs", [pid 5815] ftruncate(-1, 2 [pid 5814] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5812] <... mount resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5815] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5814] <... open resumed>) = -1 EFAULT (Bad address) [pid 5812] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5015] unlink("./129/binderfs" [pid 5815] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5814] memfd_create("syzkaller", 0 [pid 5812] <... open resumed>) = 4 [pid 5015] <... unlink resumed>) = 0 [pid 5815] <... mmap resumed>) = 0x20000000 [pid 5814] <... memfd_create resumed>) = 6 [pid 5812] openat(AT_FDCWD, NULL, O_RDWR [pid 5015] umount2("\x2e\x2f\x31\x32\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5815] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5812] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5815] <... open resumed>) = -1 EFAULT (Bad address) [pid 5814] <... mmap resumed>) = 0x7f362c399000 [pid 5813] <... write resumed>) = 2097152 [pid 5812] ftruncate(-1, 2 [pid 5015] <... umount2 resumed>) = 0 [pid 5815] memfd_create("syzkaller", 0 [pid 5813] munmap(0x7f362c399000, 2097152 [pid 5812] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5815] <... memfd_create resumed>) = 6 [pid 5812] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 5015] umount2("\x2e\x2f\x31\x32\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5816] <... mount resumed>) = 0 [pid 5815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5812] <... mmap resumed>) = 0x20000000 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5816] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5815] <... mmap resumed>) = 0x7f362c399000 [pid 5812] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x39\x2f\x2e\x02", [pid 5816] <... openat resumed>) = 3 [pid 5813] <... munmap resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5816] chdir("\x2e\x02" [pid 5015] umount2("\x2e\x2f\x31\x32\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5816] <... chdir resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 157.703971][ T5816] UDF-fs: Scanning with blocksize 512 failed [ 157.721330][ T5816] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5816] ioctl(4, LOOP_CLR_FD [pid 5812] <... open resumed>) = -1 EFAULT (Bad address) [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5816] <... ioctl resumed>) = 0 [pid 5812] memfd_create("syzkaller", 0 [pid 5015] <... openat resumed>) = 4 [pid 5816] close(4 [pid 5812] <... memfd_create resumed>) = 5 [pid 5015] newfstatat(4, "", [pid 5816] <... close resumed>) = 0 [pid 5812] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5816] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5813] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5812] <... mmap resumed>) = 0x7f362c399000 [pid 5015] getdents64(4, [pid 5816] <... open resumed>) = 4 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5816] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5015] getdents64(4, [pid 5816] <... mount resumed>) = 0 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5816] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5015] close(4 [pid 5816] <... open resumed>) = 5 [pid 5015] <... close resumed>) = 0 [pid 5816] openat(AT_FDCWD, NULL, O_RDWR [pid 5015] rmdir("\x2e\x2f\x31\x32\x39\x2f\x2e\x02" [pid 5816] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5015] <... rmdir resumed>) = 0 [pid 5816] ftruncate(-1, 2 [pid 5813] <... openat resumed>) = 7 [pid 5015] getdents64(3, [pid 5816] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5813] ioctl(7, LOOP_SET_FD, 6 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5816] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5813] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5015] close(3 [pid 5816] <... mmap resumed>) = 0x20000000 [pid 5813] ioctl(7, LOOP_CLR_FD [pid 5015] <... close resumed>) = 0 [pid 5816] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5813] <... ioctl resumed>) = 0 [pid 5015] rmdir("./129" [pid 5816] <... open resumed>) = -1 EFAULT (Bad address) [pid 5015] <... rmdir resumed>) = 0 [pid 5816] memfd_create("syzkaller", 0 [pid 5015] mkdir("./130", 0777 [pid 5816] <... memfd_create resumed>) = 6 [pid 5015] <... mkdir resumed>) = 0 [pid 5816] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5814] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5813] ioctl(7, LOOP_SET_FD, 6 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5816] <... mmap resumed>) = 0x7f362c399000 [pid 5813] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5015] <... openat resumed>) = 3 [pid 5813] close(7 [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5813] <... close resumed>) = 0 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5813] close(6 [pid 5015] close(3) = 0 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5813] <... close resumed>) = 0 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5817 ./strace-static-x86_64: Process 5817 attached [pid 5817] set_robust_list(0x555557506760, 24) = 0 [pid 5817] chdir("./130") = 0 [pid 5815] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5813] exit_group(0 [pid 5817] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5813] <... exit_group resumed>) = ? [pid 5817] <... prctl resumed>) = 0 [pid 5817] setpgid(0, 0) = 0 [pid 5812] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5817] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5813] +++ exited with 0 +++ [pid 5817] <... openat resumed>) = 3 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5813, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5817] write(3, "1000", 4) = 4 [pid 5817] close(3 [pid 5816] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5017] umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5817] <... close resumed>) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5817] symlink("/dev/binderfs", "./binderfs" [pid 5017] openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5817] <... symlink resumed>) = 0 [pid 5017] <... openat resumed>) = 3 [pid 5817] memfd_create("syzkaller", 0 [pid 5017] newfstatat(3, "", [pid 5817] <... memfd_create resumed>) = 3 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5817] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] getdents64(3, [pid 5817] <... mmap resumed>) = 0x7f3634699000 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(AT_FDCWD, "./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] unlink("./127/binderfs") = 0 [pid 5817] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5017] umount2("\x2e\x2f\x31\x32\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5017] umount2("\x2e\x2f\x31\x32\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x37\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] umount2("\x2e\x2f\x31\x32\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x37\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5017] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] getdents64(4, [pid 5814] <... write resumed>) = 2097152 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5814] munmap(0x7f362c399000, 2097152 [pid 5017] getdents64(4, [pid 5817] <... write resumed>) = 1048576 [pid 5815] <... write resumed>) = 2097152 [pid 5814] <... munmap resumed>) = 0 [pid 5812] <... write resumed>) = 2097152 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5017] close(4) = 0 [pid 5017] rmdir("\x2e\x2f\x31\x32\x37\x2f\x2e\x02") = 0 [pid 5017] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5815] munmap(0x7f362c399000, 2097152 [pid 5017] close(3 [pid 5817] munmap(0x7f3634699000, 1048576 [pid 5812] munmap(0x7f362c399000, 2097152 [pid 5017] <... close resumed>) = 0 [pid 5017] rmdir("./127" [pid 5817] <... munmap resumed>) = 0 [pid 5814] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5017] <... rmdir resumed>) = 0 [pid 5817] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5814] <... openat resumed>) = 7 [pid 5017] mkdir("./128", 0777 [pid 5817] <... openat resumed>) = 4 [pid 5815] <... munmap resumed>) = 0 [pid 5814] ioctl(7, LOOP_SET_FD, 6 [pid 5017] <... mkdir resumed>) = 0 [pid 5817] ioctl(4, LOOP_SET_FD, 3 [pid 5815] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5814] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5812] <... munmap resumed>) = 0 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5814] ioctl(7, LOOP_CLR_FD [pid 5017] <... openat resumed>) = 3 [pid 5814] <... ioctl resumed>) = 0 [pid 5017] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5017] close(3) = 0 [pid 5814] ioctl(7, LOOP_SET_FD, 6 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5815] <... openat resumed>) = 7 [pid 5814] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5812] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5817] <... ioctl resumed>) = 0 [pid 5815] ioctl(7, LOOP_SET_FD, 6 [pid 5814] close(7 [pid 5812] <... openat resumed>) = 6 [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5818 [pid 5817] close(3 [pid 5815] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5814] <... close resumed>) = 0 [pid 5812] ioctl(6, LOOP_SET_FD, 5./strace-static-x86_64: Process 5818 attached [pid 5817] <... close resumed>) = 0 [pid 5815] ioctl(7, LOOP_CLR_FD [pid 5814] close(6 [pid 5812] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5818] set_robust_list(0x555557506760, 24 [pid 5817] mkdir("\x2e\x02", 0777 [pid 5815] <... ioctl resumed>) = 0 [pid 5812] ioctl(6, LOOP_CLR_FD [pid 5818] <... set_robust_list resumed>) = 0 [pid 5812] <... ioctl resumed>) = 0 [pid 5818] chdir("./128" [pid 5817] <... mkdir resumed>) = 0 [pid 5816] <... write resumed>) = 2097152 [pid 5818] <... chdir resumed>) = 0 [pid 5817] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5814] <... close resumed>) = 0 [pid 5818] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5815] ioctl(7, LOOP_SET_FD, 6 [pid 5812] ioctl(6, LOOP_SET_FD, 5 [pid 5818] setpgid(0, 0 [pid 5815] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5812] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5818] <... setpgid resumed>) = 0 [pid 5816] munmap(0x7f362c399000, 2097152 [pid 5815] close(7 [pid 5812] close(6 [pid 5818] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5816] <... munmap resumed>) = 0 [pid 5818] <... openat resumed>) = 3 [pid 5814] exit_group(0 [pid 5818] write(3, "1000", 4 [pid 5814] <... exit_group resumed>) = ? [pid 5818] <... write resumed>) = 4 [pid 5815] <... close resumed>) = 0 [pid 5814] +++ exited with 0 +++ [pid 5812] <... close resumed>) = 0 [pid 5818] close(3 [pid 5815] close(6 [pid 5812] close(5 [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5814, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5818] <... close resumed>) = 0 [pid 5818] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5816] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5016] umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5818] memfd_create("syzkaller", 0 [pid 5816] <... openat resumed>) = 7 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... memfd_create resumed>) = 3 [pid 5816] ioctl(7, LOOP_SET_FD, 6 [pid 5016] openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5816] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5016] <... openat resumed>) = 3 [pid 5818] <... mmap resumed>) = 0x7f3634699000 [pid 5816] ioctl(7, LOOP_CLR_FD [pid 5016] newfstatat(3, "", [pid 5818] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5816] <... ioctl resumed>) = 0 [pid 5812] <... close resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5815] <... close resumed>) = 0 [ 157.944023][ T5817] loop1: detected capacity change from 0 to 2048 [ 157.980155][ T5817] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [pid 5016] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5816] ioctl(7, LOOP_SET_FD, 6 [pid 5815] exit_group(0 [pid 5812] exit_group(0 [pid 5016] umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5816] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5815] <... exit_group resumed>) = ? [pid 5812] <... exit_group resumed>) = ? [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5816] close(7 [pid 5016] newfstatat(AT_FDCWD, "./129/binderfs", [pid 5816] <... close resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5816] close(6 [pid 5812] +++ exited with 0 +++ [pid 5016] unlink("./129/binderfs" [pid 5816] <... close resumed>) = 0 [pid 5815] +++ exited with 0 +++ [pid 5016] <... unlink resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x32\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5812, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5815, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=7 /* 0.07 s */} --- [pid 5014] umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5019] openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] <... openat resumed>) = 3 [pid 5019] <... openat resumed>) = 3 [pid 5014] newfstatat(3, "", [pid 5817] <... mount resumed>) = 0 [pid 5019] newfstatat(3, "", [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... write resumed>) = 1048576 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] getdents64(3, [pid 5019] getdents64(3, [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 5 entries */, 32768) = 128 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] umount2("./129/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5817] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5019] umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... umount2 resumed>) = 0 [pid 5014] <... umount2 resumed>) = 0 [pid 5817] <... openat resumed>) = 3 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] umount2("./129/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5817] chdir("\x2e\x02" [pid 5019] newfstatat(AT_FDCWD, "./132/binderfs", [pid 5016] umount2("\x2e\x2f\x31\x32\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] munmap(0x7f3634699000, 1048576 [pid 5817] <... chdir resumed>) = 0 [pid 5816] exit_group(0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] newfstatat(AT_FDCWD, "./129/bus", [pid 5818] <... munmap resumed>) = 0 [pid 5817] ioctl(4, LOOP_CLR_FD [pid 5816] <... exit_group resumed>) = ? [pid 5019] unlink("./132/binderfs" [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x39\x2f\x2e\x02", [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5817] <... ioctl resumed>) = 0 [pid 5816] +++ exited with 0 +++ [pid 5019] <... unlink resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] unlink("./129/bus" [pid 5818] <... openat resumed>) = 4 [pid 5817] close(4 [pid 5019] umount2("\x2e\x2f\x31\x33\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5816, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [ 158.016760][ T5817] UDF-fs: Scanning with blocksize 512 failed [ 158.044951][ T5817] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5016] umount2("\x2e\x2f\x31\x32\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... unlink resumed>) = 0 [pid 5818] ioctl(4, LOOP_SET_FD, 3 [pid 5817] <... close resumed>) = 0 [pid 5019] <... umount2 resumed>) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5817] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] umount2("\x2e\x2f\x31\x33\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5817] <... open resumed>) = 4 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... openat resumed>) = 4 [pid 5014] newfstatat(AT_FDCWD, "./129/binderfs", [pid 5817] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x32\x2f\x2e\x02", [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(4, "", [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... ioctl resumed>) = 0 [pid 5817] <... mount resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] unlink("./129/binderfs" [pid 5818] close(3 [pid 5817] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5019] umount2("\x2e\x2f\x31\x33\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... openat resumed>) = 3 [pid 5016] getdents64(4, [pid 5014] <... unlink resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 5817] <... open resumed>) = 5 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(3, "", [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5014] umount2("\x2e\x2f\x31\x32\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5818] mkdir("\x2e\x02", 0777 [pid 5817] openat(AT_FDCWD, NULL, O_RDWR [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] getdents64(4, [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... mkdir resumed>) = 0 [pid 5817] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5019] <... openat resumed>) = 4 [pid 5018] getdents64(3, [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5014] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x39\x2f\x2e\x02", [pid 5818] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5817] ftruncate(-1, 2 [pid 5019] newfstatat(4, "", [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] close(4 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5817] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... close resumed>) = 0 [pid 5014] umount2("\x2e\x2f\x31\x32\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5817] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] getdents64(4, [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] rmdir("\x2e\x2f\x31\x32\x39\x2f\x2e\x02" [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5817] <... mmap resumed>) = 0x20000000 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5018] newfstatat(AT_FDCWD, "./131/binderfs", [pid 5014] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5817] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] getdents64(4, [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... rmdir resumed>) = 0 [pid 5014] <... openat resumed>) = 4 [pid 5817] <... open resumed>) = -1 EFAULT (Bad address) [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] unlink("./131/binderfs" [pid 5016] getdents64(3, [pid 5014] newfstatat(4, "", [pid 5817] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5019] close(4 [pid 5018] <... unlink resumed>) = 0 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5817] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5019] <... close resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x33\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] close(3 [pid 5014] getdents64(4, [pid 5817] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5019] rmdir("\x2e\x2f\x31\x33\x32\x2f\x2e\x02" [pid 5016] <... close resumed>) = 0 [pid 5014] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5817] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5019] <... rmdir resumed>) = 0 [pid 5016] rmdir("./129" [pid 5014] getdents64(4, [pid 5817] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5019] getdents64(3, [pid 5014] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5817] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] <... rmdir resumed>) = 0 [pid 5014] close(4 [pid 5817] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5019] close(3 [pid 5014] <... close resumed>) = 0 [pid 5817] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5019] <... close resumed>) = 0 [pid 5016] mkdir("./130", 0777 [pid 5014] rmdir("\x2e\x2f\x31\x32\x39\x2f\x2e\x02" [pid 5019] rmdir("./132" [pid 5014] <... rmdir resumed>) = 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5014] getdents64(3, [pid 5019] mkdir("./133", 0777 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5019] <... mkdir resumed>) = 0 [pid 5014] close(3 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5018] <... umount2 resumed>) = 0 [pid 5014] <... close resumed>) = 0 [pid 5817] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5019] <... openat resumed>) = 3 [pid 5014] rmdir("./129" [pid 5817] memfd_create("syzkaller", 0 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5016] <... mkdir resumed>) = 0 [pid 5014] <... rmdir resumed>) = 0 [pid 5817] <... memfd_create resumed>) = 6 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5018] umount2("\x2e\x2f\x31\x33\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5014] mkdir("./130", 0777 [pid 5817] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] close(3 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... openat resumed>) = 3 [pid 5014] <... mkdir resumed>) = 0 [pid 5817] <... mmap resumed>) = 0x7f362c399000 [pid 5019] <... close resumed>) = 0 [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x31\x2f\x2e\x02", [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5817] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5014] <... openat resumed>) = 3 [pid 5817] exit_group(0 [pid 5018] umount2("\x2e\x2f\x31\x33\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] close(3 [pid 5014] ioctl(3, LOOP_CLR_FD [pid 5817] <... exit_group resumed>) = ? [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5819 [ 158.087904][ T5818] loop3: detected capacity change from 0 to 2048 [ 158.116325][ T5818] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 158.130684][ T5818] UDF-fs: Scanning with blocksize 512 failed [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... close resumed>) = 0 [pid 5014] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5014] close(3 [pid 5817] +++ exited with 0 +++ [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x31\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5014] <... close resumed>) = 0 [pid 5018] <... openat resumed>) = 4 [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5817, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5018] newfstatat(4, "", [pid 5015] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 5819 attached [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5820 [pid 5015] <... restart_syscall resumed>) = 0 [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 5821 ./strace-static-x86_64: Process 5820 attached [pid 5819] set_robust_list(0x555557506760, 24 [pid 5018] getdents64(4, [pid 5820] set_robust_list(0x555557506760, 24 [pid 5819] <... set_robust_list resumed>) = 0 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 5821 attached [pid 5820] <... set_robust_list resumed>) = 0 [pid 5819] chdir("./133" [pid 5018] getdents64(4, [pid 5015] umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5821] set_robust_list(0x555557506760, 24 [pid 5820] chdir("./130" [pid 5819] <... chdir resumed>) = 0 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... set_robust_list resumed>) = 0 [pid 5820] <... chdir resumed>) = 0 [pid 5819] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5018] close(4 [pid 5015] openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] chdir("./130" [pid 5820] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5819] <... prctl resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5015] <... openat resumed>) = 3 [pid 5821] <... chdir resumed>) = 0 [pid 5820] <... prctl resumed>) = 0 [pid 5819] setpgid(0, 0 [pid 5018] rmdir("\x2e\x2f\x31\x33\x31\x2f\x2e\x02" [pid 5015] newfstatat(3, "", [pid 5821] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] setpgid(0, 0 [pid 5819] <... setpgid resumed>) = 0 [pid 5018] <... rmdir resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... prctl resumed>) = 0 [pid 5820] <... setpgid resumed>) = 0 [pid 5819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5018] getdents64(3, [pid 5015] getdents64(3, [pid 5821] setpgid(0, 0 [pid 5820] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5819] <... openat resumed>) = 3 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5821] <... setpgid resumed>) = 0 [pid 5820] <... openat resumed>) = 3 [pid 5819] write(3, "1000", 4 [pid 5018] close(3 [pid 5015] umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5821] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5820] write(3, "1000", 4 [pid 5819] <... write resumed>) = 4 [pid 5018] <... close resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... openat resumed>) = 3 [pid 5820] <... write resumed>) = 4 [pid 5819] close(3 [pid 5018] rmdir("./131" [pid 5015] newfstatat(AT_FDCWD, "./130/binderfs", [pid 5821] write(3, "1000", 4 [pid 5820] close(3 [pid 5819] <... close resumed>) = 0 [pid 5018] <... rmdir resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] <... write resumed>) = 4 [pid 5820] <... close resumed>) = 0 [pid 5819] symlink("/dev/binderfs", "./binderfs" [pid 5018] mkdir("./132", 0777 [pid 5015] unlink("./130/binderfs" [pid 5821] close(3 [pid 5820] symlink("/dev/binderfs", "./binderfs" [pid 5819] <... symlink resumed>) = 0 [pid 5015] <... unlink resumed>) = 0 [pid 5821] <... close resumed>) = 0 [pid 5819] memfd_create("syzkaller", 0 [pid 5018] <... mkdir resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x33\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5821] symlink("/dev/binderfs", "./binderfs" [pid 5820] <... symlink resumed>) = 0 [pid 5819] <... memfd_create resumed>) = 3 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5015] <... umount2 resumed>) = 0 [pid 5821] <... symlink resumed>) = 0 [pid 5820] memfd_create("syzkaller", 0 [pid 5819] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5818] <... mount resumed>) = 0 [pid 5018] <... openat resumed>) = 3 [pid 5015] umount2("\x2e\x2f\x31\x33\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5821] memfd_create("syzkaller", 0 [pid 5820] <... memfd_create resumed>) = 3 [pid 5819] <... mmap resumed>) = 0x7f3634699000 [pid 5818] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5821] <... memfd_create resumed>) = 3 [ 158.178053][ T5818] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5819] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5818] <... openat resumed>) = 3 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5820] <... mmap resumed>) = 0x7f3634699000 [pid 5818] chdir("\x2e\x02" [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x30\x2f\x2e\x02", [pid 5821] <... mmap resumed>) = 0x7f3634699000 [pid 5818] <... chdir resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5820] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5818] ioctl(4, LOOP_CLR_FD [pid 5018] close(3 [pid 5015] umount2("\x2e\x2f\x31\x33\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5818] <... ioctl resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] close(4 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... close resumed>) = 0 [pid 5015] <... openat resumed>) = 4 [pid 5819] <... write resumed>) = 1048576 [pid 5818] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5015] newfstatat(4, "", [pid 5818] <... open resumed>) = 4 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5822 [pid 5015] getdents64(4, [pid 5818] <... mount resumed>) = 0 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 5822 attached [pid 5820] <... write resumed>) = 1048576 [pid 5818] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5015] getdents64(4, [pid 5822] set_robust_list(0x555557506760, 24 [pid 5818] <... open resumed>) = 5 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5822] <... set_robust_list resumed>) = 0 [pid 5818] openat(AT_FDCWD, NULL, O_RDWR [pid 5015] close(4 [pid 5822] chdir("./132" [pid 5818] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5015] <... close resumed>) = 0 [pid 5822] <... chdir resumed>) = 0 [pid 5818] ftruncate(-1, 2 [pid 5015] rmdir("\x2e\x2f\x31\x33\x30\x2f\x2e\x02" [pid 5822] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] munmap(0x7f3634699000, 1048576 [pid 5818] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5015] <... rmdir resumed>) = 0 [pid 5822] <... prctl resumed>) = 0 [pid 5819] munmap(0x7f3634699000, 1048576 [pid 5818] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5015] getdents64(3, [pid 5822] setpgid(0, 0 [pid 5820] <... munmap resumed>) = 0 [pid 5819] <... munmap resumed>) = 0 [pid 5818] <... mmap resumed>) = 0x20000000 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5821] <... write resumed>) = 1048576 [pid 5819] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5818] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5015] close(3 [pid 5819] <... openat resumed>) = 4 [pid 5818] <... open resumed>) = -1 EFAULT (Bad address) [pid 5015] <... close resumed>) = 0 [pid 5822] <... setpgid resumed>) = 0 [pid 5821] munmap(0x7f3634699000, 1048576 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] ioctl(4, LOOP_SET_FD, 3 [pid 5818] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5015] rmdir("./130" [pid 5822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5821] <... munmap resumed>) = 0 [pid 5820] <... openat resumed>) = 4 [pid 5818] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5015] <... rmdir resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5821] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5820] ioctl(4, LOOP_SET_FD, 3 [pid 5818] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5015] mkdir("./131", 0777 [pid 5822] write(3, "1000", 4 [pid 5821] <... openat resumed>) = 4 [pid 5818] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5015] <... mkdir resumed>) = 0 [pid 5821] ioctl(4, LOOP_SET_FD, 3 [pid 5818] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5822] <... write resumed>) = 4 [pid 5818] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5015] <... openat resumed>) = 3 [pid 5822] close(3 [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5822] <... close resumed>) = 0 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5822] symlink("/dev/binderfs", "./binderfs" [pid 5015] close(3 [pid 5822] <... symlink resumed>) = 0 [pid 5015] <... close resumed>) = 0 [pid 5822] memfd_create("syzkaller", 0 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5822] <... memfd_create resumed>) = 3 [pid 5820] <... ioctl resumed>) = 0 [pid 5822] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5820] close(3 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5823 [pid 5822] <... mmap resumed>) = 0x7f3634699000 [pid 5820] <... close resumed>) = 0 [pid 5819] <... ioctl resumed>) = 0 [pid 5819] close(3) = 0 ./strace-static-x86_64: Process 5823 attached [pid 5819] mkdir("\x2e\x02", 0777 [pid 5823] set_robust_list(0x555557506760, 24 [pid 5819] <... mkdir resumed>) = 0 [pid 5823] <... set_robust_list resumed>) = 0 [pid 5819] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5823] chdir("./131" [ 158.301856][ T5819] loop5: detected capacity change from 0 to 2048 [ 158.313873][ T5820] loop2: detected capacity change from 0 to 2048 [ 158.317323][ T5821] loop0: detected capacity change from 0 to 2048 [ 158.332725][ T5818] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2 [pid 5820] mkdir("\x2e\x02", 0777 [pid 5823] <... chdir resumed>) = 0 [pid 5822] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5820] <... mkdir resumed>) = 0 [pid 5823] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5823] <... prctl resumed>) = 0 [pid 5823] setpgid(0, 0) = 0 [pid 5823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5822] <... write resumed>) = 1048576 [pid 5823] <... openat resumed>) = 3 [pid 5823] write(3, "1000", 4) = 4 [pid 5823] close(3 [pid 5821] <... ioctl resumed>) = 0 [pid 5823] <... close resumed>) = 0 [pid 5821] close(3 [pid 5823] symlink("/dev/binderfs", "./binderfs" [pid 5821] <... close resumed>) = 0 [pid 5823] <... symlink resumed>) = 0 [pid 5821] mkdir("\x2e\x02", 0777 [pid 5823] memfd_create("syzkaller", 0 [pid 5821] <... mkdir resumed>) = 0 [pid 5823] <... memfd_create resumed>) = 3 [pid 5821] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [pid 5823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5823] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [ 158.367269][ T5818] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 158.383946][ T5819] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 158.392809][ T5820] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [pid 5822] munmap(0x7f3634699000, 1048576) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5822] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5823] <... write resumed>) = 1048576 [pid 5822] close(3 [pid 5823] munmap(0x7f3634699000, 1048576 [pid 5822] <... close resumed>) = 0 [pid 5823] <... munmap resumed>) = 0 [pid 5822] mkdir("\x2e\x02", 0777 [pid 5823] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5822] <... mkdir resumed>) = 0 [pid 5823] ioctl(4, LOOP_SET_FD, 3 [ 158.422206][ T5818] Buffer I/O error on dev loop0, logical block 0, async page read [ 158.425667][ T5820] UDF-fs: Scanning with blocksize 512 failed [ 158.431280][ T5819] UDF-fs: Scanning with blocksize 512 failed [ 158.445928][ T5820] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 158.455036][ T5822] loop4: detected capacity change from 0 to 2048 [ 158.460609][ T5821] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [pid 5822] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5823] <... ioctl resumed>) = 0 [pid 5818] memfd_create("syzkaller", 0 [pid 5823] close(3) = 0 [pid 5818] <... memfd_create resumed>) = 6 [pid 5823] mkdir("\x2e\x02", 0777) = 0 [pid 5820] <... mount resumed>) = 0 [pid 5823] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5820] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5818] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5820] <... openat resumed>) = 3 [pid 5818] <... mmap resumed>) = 0x7f362c399000 [ 158.476977][ T5823] loop1: detected capacity change from 0 to 2048 [ 158.479042][ T5821] UDF-fs: Scanning with blocksize 512 failed [ 158.486704][ T5822] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 158.506482][ T5819] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 158.508724][ T5823] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [pid 5820] chdir("\x2e\x02") = 0 [pid 5820] ioctl(4, LOOP_CLR_FD) = 0 [pid 5820] close(4) = 0 [pid 5820] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5819] <... mount resumed>) = 0 [pid 5818] munmap(0x7f362c399000, 138412032 [pid 5820] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5819] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5820] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5819] <... openat resumed>) = 3 [pid 5820] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5819] chdir("\x2e\x02" [pid 5820] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5820] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5819] <... chdir resumed>) = 0 [pid 5820] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5819] ioctl(4, LOOP_CLR_FD [pid 5820] <... open resumed>) = -1 EFAULT (Bad address) [pid 5819] <... ioctl resumed>) = 0 [pid 5819] close(4) = 0 [pid 5819] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5820] memfd_create("syzkaller", 0 [pid 5819] <... open resumed>) = 4 [pid 5818] <... munmap resumed>) = 0 [pid 5819] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5818] close(6 [pid 5819] <... mount resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 5819] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5818] exit_group(0 [pid 5819] <... open resumed>) = 5 [pid 5818] <... exit_group resumed>) = ? [ 158.523182][ T5822] UDF-fs: Scanning with blocksize 512 failed [ 158.531271][ T5823] UDF-fs: Scanning with blocksize 512 failed [ 158.540139][ T5821] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 158.549887][ T5821] UDF-fs: Scanning with blocksize 1024 failed [pid 5819] openat(AT_FDCWD, NULL, O_RDWR [pid 5818] +++ exited with 0 +++ [pid 5820] <... memfd_create resumed>) = 6 [pid 5819] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5819] ftruncate(-1, 2 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5818, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5819] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5017] restart_syscall(<... resuming interrupted clone ...> [pid 5819] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5017] <... restart_syscall resumed>) = 0 [pid 5819] <... mmap resumed>) = 0x20000000 [pid 5819] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5017] umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5819] memfd_create("syzkaller", 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... memfd_create resumed>) = 6 [pid 5017] openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] <... openat resumed>) = 3 [pid 5820] <... mmap resumed>) = 0x7f362c399000 [pid 5819] <... mmap resumed>) = 0x7f362c399000 [pid 5017] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] unlink("./128/binderfs") = 0 [pid 5017] umount2("\x2e\x2f\x31\x32\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5823] <... mount resumed>) = 0 [pid 5822] <... mount resumed>) = 0 [pid 5017] <... umount2 resumed>) = 0 [pid 5823] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5822] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5017] umount2("\x2e\x2f\x31\x32\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5823] <... openat resumed>) = 3 [pid 5822] <... openat resumed>) = 3 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5823] chdir("\x2e\x02" [ 158.569203][ T5822] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 158.579431][ T5823] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5822] chdir("\x2e\x02" [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x38\x2f\x2e\x02", [pid 5823] <... chdir resumed>) = 0 [pid 5822] <... chdir resumed>) = 0 [pid 5820] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] umount2("\x2e\x2f\x31\x32\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5017] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] ioctl(4, LOOP_CLR_FD [pid 5822] ioctl(4, LOOP_CLR_FD [pid 5017] getdents64(4, [pid 5823] <... ioctl resumed>) = 0 [pid 5822] <... ioctl resumed>) = 0 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5823] close(4 [pid 5822] close(4 [pid 5017] getdents64(4, [pid 5823] <... close resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5823] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5822] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5017] close(4) = 0 [pid 5823] <... open resumed>) = 4 [pid 5822] <... open resumed>) = 4 [pid 5017] rmdir("\x2e\x2f\x31\x32\x38\x2f\x2e\x02" [pid 5823] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5822] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5017] <... rmdir resumed>) = 0 [pid 5823] <... mount resumed>) = 0 [pid 5822] <... mount resumed>) = 0 [pid 5017] getdents64(3, [pid 5823] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5822] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5823] <... open resumed>) = 5 [pid 5822] <... open resumed>) = 5 [pid 5017] close(3 [pid 5823] openat(AT_FDCWD, NULL, O_RDWR [pid 5822] openat(AT_FDCWD, NULL, O_RDWR [pid 5017] <... close resumed>) = 0 [pid 5823] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5822] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5017] rmdir("./128" [pid 5823] ftruncate(-1, 2 [pid 5822] ftruncate(-1, 2 [pid 5017] <... rmdir resumed>) = 0 [pid 5823] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5822] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5819] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5017] mkdir("./129", 0777 [pid 5823] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5822] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5017] <... mkdir resumed>) = 0 [pid 5823] <... mmap resumed>) = 0x20000000 [pid 5822] <... mmap resumed>) = 0x20000000 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5823] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5822] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5017] <... openat resumed>) = 3 [pid 5823] <... open resumed>) = -1 EFAULT (Bad address) [pid 5822] <... open resumed>) = -1 EFAULT (Bad address) [pid 5017] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5017] close(3 [pid 5822] memfd_create("syzkaller", 0 [pid 5017] <... close resumed>) = 0 [pid 5823] memfd_create("syzkaller", 0 [pid 5822] <... memfd_create resumed>) = 6 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5823] <... memfd_create resumed>) = 6 [pid 5822] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5822] <... mmap resumed>) = 0x7f362c399000 [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5824 [pid 5823] <... mmap resumed>) = 0x7f362c399000 ./strace-static-x86_64: Process 5824 attached [pid 5824] set_robust_list(0x555557506760, 24) = 0 [pid 5824] chdir("./129") = 0 [pid 5824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 158.680854][ T5821] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [pid 5824] setpgid(0, 0) = 0 [pid 5824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5824] write(3, "1000", 4) = 4 [pid 5824] close(3 [pid 5819] <... write resumed>) = 2097152 [pid 5824] <... close resumed>) = 0 [pid 5824] symlink("/dev/binderfs", "./binderfs" [pid 5820] <... write resumed>) = 2097152 [pid 5824] <... symlink resumed>) = 0 [pid 5824] memfd_create("syzkaller", 0 [pid 5820] munmap(0x7f362c399000, 2097152 [pid 5824] <... memfd_create resumed>) = 3 [pid 5824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5820] <... munmap resumed>) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 7 [pid 5824] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5820] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5820] ioctl(7, LOOP_CLR_FD) = 0 [pid 5820] ioctl(7, LOOP_SET_FD, 6 [pid 5819] munmap(0x7f362c399000, 2097152 [ 158.722385][ T5821] UDF-fs: Scanning with blocksize 2048 failed [pid 5822] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5820] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5819] <... munmap resumed>) = 0 [pid 5820] close(7) = 0 [pid 5820] close(6 [pid 5819] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5823] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5819] <... openat resumed>) = 7 [pid 5820] <... close resumed>) = 0 [pid 5819] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5819] ioctl(7, LOOP_CLR_FD) = 0 [pid 5824] <... write resumed>) = 1048576 [pid 5819] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5824] munmap(0x7f3634699000, 1048576 [pid 5819] close(7 [pid 5824] <... munmap resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 5819] close(6 [pid 5824] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5820] exit_group(0 [pid 5824] ioctl(4, LOOP_SET_FD, 3 [pid 5820] <... exit_group resumed>) = ? [pid 5820] +++ exited with 0 +++ [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5820, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5016] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5819] <... close resumed>) = 0 [pid 5016] umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] <... write resumed>) = 2097152 [pid 5016] openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5016] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5819] exit_group(0 [pid 5016] umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5819] <... exit_group resumed>) = ? [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(AT_FDCWD, "./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] unlink("./130/binderfs" [pid 5819] +++ exited with 0 +++ [pid 5016] <... unlink resumed>) = 0 [ 158.819819][ T5821] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 158.838790][ T5824] loop3: detected capacity change from 0 to 2048 [pid 5824] <... ioctl resumed>) = 0 [pid 5823] <... write resumed>) = 2097152 [pid 5016] umount2("\x2e\x2f\x31\x33\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5824] close(3 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5819, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5824] <... close resumed>) = 0 [pid 5019] restart_syscall(<... resuming interrupted clone ...> [pid 5824] mkdir("\x2e\x02", 0777 [pid 5019] <... restart_syscall resumed>) = 0 [pid 5824] <... mkdir resumed>) = 0 [pid 5823] munmap(0x7f362c399000, 2097152 [pid 5824] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5019] umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5019] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5823] <... munmap resumed>) = 0 [pid 5019] umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5823] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5823] <... openat resumed>) = 7 [pid 5019] newfstatat(AT_FDCWD, "./133/binderfs", [pid 5823] ioctl(7, LOOP_SET_FD, 6 [pid 5822] munmap(0x7f362c399000, 2097152 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] <... munmap resumed>) = 0 [pid 5019] unlink("./133/binderfs" [pid 5823] ioctl(7, LOOP_CLR_FD [pid 5019] <... unlink resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x33\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5823] <... ioctl resumed>) = 0 [pid 5016] <... umount2 resumed>) = 0 [pid 5821] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5019] <... umount2 resumed>) = 0 [pid 5821] ioctl(4, LOOP_CLR_FD [pid 5019] umount2("\x2e\x2f\x31\x33\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5821] <... ioctl resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] umount2("\x2e\x2f\x31\x33\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5823] ioctl(7, LOOP_SET_FD, 6 [pid 5821] close(4 [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x33\x2f\x2e\x02", [pid 5823] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] <... close resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] close(7 [pid 5822] <... openat resumed>) = 7 [pid 5821] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] umount2("\x2e\x2f\x31\x33\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5823] <... close resumed>) = 0 [pid 5822] ioctl(7, LOOP_SET_FD, 6 [pid 5821] <... open resumed>) = 3 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5823] close(6 [pid 5822] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x33\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x30\x2f\x2e\x02", [pid 5822] ioctl(7, LOOP_CLR_FD [pid 5821] <... mount resumed>) = 0 [pid 5019] <... openat resumed>) = 4 [pid 5822] <... ioctl resumed>) = 0 [pid 5821] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5019] newfstatat(4, "", [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 158.878383][ T5821] UDF-fs: Scanning with blocksize 4096 failed [ 158.899202][ T5824] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [pid 5821] <... open resumed>) = 4 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] openat(AT_FDCWD, NULL, O_RDWR [pid 5019] getdents64(4, [pid 5016] umount2("\x2e\x2f\x31\x33\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5822] ioctl(7, LOOP_SET_FD, 6 [pid 5821] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5822] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] ftruncate(-1, 2 [pid 5019] getdents64(4, [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] close(7 [pid 5821] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... close resumed>) = 0 [pid 5821] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 5019] close(4 [pid 5822] close(6 [pid 5821] <... mmap resumed>) = 0x20000000 [pid 5019] <... close resumed>) = 0 [pid 5016] <... openat resumed>) = 4 [pid 5822] <... close resumed>) = 0 [pid 5821] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] rmdir("\x2e\x2f\x31\x33\x33\x2f\x2e\x02" [pid 5016] newfstatat(4, "", [pid 5821] <... open resumed>) = -1 EFAULT (Bad address) [pid 5823] <... close resumed>) = 0 [pid 5821] memfd_create("syzkaller", 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] exit_group(0 [pid 5821] <... memfd_create resumed>) = 5 [pid 5019] getdents64(3, [pid 5016] getdents64(4, [pid 5821] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5823] <... exit_group resumed>) = ? [pid 5821] <... mmap resumed>) = 0x7f362c399000 [pid 5019] close(3 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5823] +++ exited with 0 +++ [pid 5019] <... close resumed>) = 0 [pid 5016] getdents64(4, [pid 5019] rmdir("./133" [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5823, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5019] <... rmdir resumed>) = 0 [pid 5016] close(4 [pid 5019] mkdir("./134", 0777 [pid 5016] <... close resumed>) = 0 [pid 5019] <... mkdir resumed>) = 0 [pid 5016] rmdir("\x2e\x2f\x31\x33\x30\x2f\x2e\x02" [pid 5822] exit_group(0 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5016] <... rmdir resumed>) = 0 [pid 5822] <... exit_group resumed>) = ? [pid 5019] <... openat resumed>) = 3 [pid 5016] getdents64(3, [pid 5015] umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5822] +++ exited with 0 +++ [ 158.935745][ T5824] UDF-fs: Scanning with blocksize 512 failed [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5822, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5016] close(3 [pid 5015] openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5019] close(3 [pid 5016] <... close resumed>) = 0 [pid 5015] <... openat resumed>) = 3 [pid 5019] <... close resumed>) = 0 [pid 5016] rmdir("./130" [pid 5015] newfstatat(3, "", [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5016] <... rmdir resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] mkdir("./131", 0777 [pid 5015] getdents64(3, [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5825 [pid 5018] umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... mkdir resumed>) = 0 [pid 5015] umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5825 attached [pid 5018] openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5825] set_robust_list(0x555557506760, 24 [pid 5018] <... openat resumed>) = 3 [pid 5016] <... openat resumed>) = 3 [pid 5015] newfstatat(AT_FDCWD, "./131/binderfs", [pid 5825] <... set_robust_list resumed>) = 0 [pid 5018] newfstatat(3, "", [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5825] chdir("./134" [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5015] unlink("./131/binderfs" [pid 5825] <... chdir resumed>) = 0 [pid 5018] getdents64(3, [pid 5016] close(3 [pid 5015] <... unlink resumed>) = 0 [pid 5825] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] <... close resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x33\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5825] <... prctl resumed>) = 0 [pid 5018] umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5825] setpgid(0, 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... umount2 resumed>) = 0 [pid 5825] <... setpgid resumed>) = 0 [pid 5018] newfstatat(AT_FDCWD, "./132/binderfs", [pid 5015] umount2("\x2e\x2f\x31\x33\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5826 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5825] <... openat resumed>) = 3 [pid 5018] unlink("./132/binderfs" [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x31\x2f\x2e\x02", [pid 5825] write(3, "1000", 4 [pid 5018] <... unlink resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5825] <... write resumed>) = 4 [pid 5018] umount2("\x2e\x2f\x31\x33\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] umount2("\x2e\x2f\x31\x33\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5826 attached [pid 5825] close(3 [pid 5826] set_robust_list(0x555557506760, 24 [pid 5825] <... close resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5826] <... set_robust_list resumed>) = 0 [pid 5825] symlink("/dev/binderfs", "./binderfs" [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x31\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5826] chdir("./131" [pid 5015] <... openat resumed>) = 4 [pid 5826] <... chdir resumed>) = 0 [pid 5015] newfstatat(4, "", [pid 5826] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5826] <... prctl resumed>) = 0 [pid 5015] getdents64(4, [pid 5826] setpgid(0, 0 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5826] <... setpgid resumed>) = 0 [pid 5018] <... umount2 resumed>) = 0 [pid 5015] getdents64(4, [pid 5826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5825] <... symlink resumed>) = 0 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5826] <... openat resumed>) = 3 [pid 5825] memfd_create("syzkaller", 0 [pid 5824] <... mount resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x33\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] close(4 [pid 5826] write(3, "1000", 4 [pid 5825] <... memfd_create resumed>) = 3 [pid 5824] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... close resumed>) = 0 [pid 5826] <... write resumed>) = 4 [pid 5825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5824] <... openat resumed>) = 3 [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x32\x2f\x2e\x02", [pid 5015] rmdir("\x2e\x2f\x31\x33\x31\x2f\x2e\x02" [pid 5826] close(3 [pid 5825] <... mmap resumed>) = 0x7f3634699000 [pid 5824] chdir("\x2e\x02" [pid 5821] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... rmdir resumed>) = 0 [pid 5826] <... close resumed>) = 0 [pid 5824] <... chdir resumed>) = 0 [pid 5015] getdents64(3, [pid 5826] symlink("/dev/binderfs", "./binderfs" [pid 5824] ioctl(4, LOOP_CLR_FD [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5826] <... symlink resumed>) = 0 [pid 5824] <... ioctl resumed>) = 0 [pid 5015] close(3 [pid 5826] memfd_create("syzkaller", 0 [pid 5824] close(4 [pid 5018] umount2("\x2e\x2f\x31\x33\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... close resumed>) = 0 [pid 5826] <... memfd_create resumed>) = 3 [pid 5824] <... close resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] rmdir("./131" [pid 5826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5825] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [ 159.001321][ T5824] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5824] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] <... rmdir resumed>) = 0 [pid 5826] <... mmap resumed>) = 0x7f3634699000 [pid 5824] <... open resumed>) = 4 [pid 5018] <... openat resumed>) = 4 [pid 5015] mkdir("./132", 0777 [pid 5826] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5824] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5018] newfstatat(4, "", [pid 5015] <... mkdir resumed>) = 0 [pid 5826] <... write resumed>) = 1048576 [pid 5824] <... mount resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5824] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5015] <... openat resumed>) = 3 [pid 5824] <... open resumed>) = 5 [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5824] openat(AT_FDCWD, NULL, O_RDWR [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5824] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5015] close(3 [pid 5824] ftruncate(-1, 2 [pid 5018] getdents64(4, [pid 5015] <... close resumed>) = 0 [pid 5824] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5824] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5018] getdents64(4, [pid 5825] <... write resumed>) = 1048576 [pid 5824] <... mmap resumed>) = 0x20000000 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5827 [pid 5825] munmap(0x7f3634699000, 1048576 [pid 5824] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5018] close(4 [pid 5824] <... open resumed>) = -1 EFAULT (Bad address) [pid 5018] <... close resumed>) = 0 [pid 5824] memfd_create("syzkaller", 0 [pid 5018] rmdir("\x2e\x2f\x31\x33\x32\x2f\x2e\x02"./strace-static-x86_64: Process 5827 attached [pid 5825] <... munmap resumed>) = 0 [pid 5824] <... memfd_create resumed>) = 6 [pid 5018] <... rmdir resumed>) = 0 [pid 5827] set_robust_list(0x555557506760, 24 [pid 5825] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] getdents64(3, [pid 5827] <... set_robust_list resumed>) = 0 [pid 5825] <... openat resumed>) = 4 [pid 5824] <... mmap resumed>) = 0x7f362c399000 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5827] chdir("./132" [pid 5825] ioctl(4, LOOP_SET_FD, 3 [pid 5018] close(3 [pid 5827] <... chdir resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5827] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5827] setpgid(0, 0) = 0 [pid 5827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5018] rmdir("./132" [pid 5827] <... openat resumed>) = 3 [pid 5827] write(3, "1000", 4 [pid 5018] <... rmdir resumed>) = 0 [pid 5827] <... write resumed>) = 4 [pid 5825] <... ioctl resumed>) = 0 [pid 5821] <... write resumed>) = 2097152 [pid 5018] mkdir("./133", 0777 [pid 5827] close(3 [pid 5826] munmap(0x7f3634699000, 1048576 [pid 5825] close(3 [pid 5821] munmap(0x7f362c399000, 2097152 [pid 5827] <... close resumed>) = 0 [pid 5826] <... munmap resumed>) = 0 [pid 5825] <... close resumed>) = 0 [pid 5018] <... mkdir resumed>) = 0 [pid 5827] symlink("/dev/binderfs", "./binderfs" [pid 5826] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5825] mkdir("\x2e\x02", 0777 [pid 5827] <... symlink resumed>) = 0 [pid 5826] <... openat resumed>) = 4 [pid 5821] <... munmap resumed>) = 0 [pid 5018] <... openat resumed>) = 3 [pid 5827] memfd_create("syzkaller", 0 [pid 5826] ioctl(4, LOOP_SET_FD, 3 [pid 5825] <... mkdir resumed>) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5827] <... memfd_create resumed>) = 3 [pid 5825] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5821] <... openat resumed>) = 6 [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5821] ioctl(6, LOOP_SET_FD, 5 [pid 5018] close(3 [pid 5827] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5821] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5018] <... close resumed>) = 0 [pid 5821] ioctl(6, LOOP_CLR_FD [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5826] <... ioctl resumed>) = 0 [pid 5826] close(3) = 0 [pid 5826] mkdir("\x2e\x02", 0777) = 0 [ 159.106335][ T5825] loop5: detected capacity change from 0 to 2048 [ 159.127693][ T5826] loop2: detected capacity change from 0 to 2048 [ 159.144546][ T5825] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [pid 5826] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5821] <... ioctl resumed>) = 0 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5828 [pid 5824] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5821] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5821] close(6) = 0 [pid 5821] close(5./strace-static-x86_64: Process 5828 attached [pid 5828] set_robust_list(0x555557506760, 24) = 0 [pid 5827] <... write resumed>) = 1048576 [pid 5828] chdir("./133") = 0 [pid 5828] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5828] setpgid(0, 0 [pid 5827] munmap(0x7f3634699000, 1048576 [pid 5828] <... setpgid resumed>) = 0 [pid 5827] <... munmap resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5821] <... close resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5827] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5821] exit_group(0 [pid 5828] write(3, "1000", 4 [pid 5827] <... openat resumed>) = 4 [pid 5821] <... exit_group resumed>) = ? [pid 5828] <... write resumed>) = 4 [pid 5827] ioctl(4, LOOP_SET_FD, 3 [pid 5828] close(3) = 0 [pid 5821] +++ exited with 0 +++ [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5821, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- [pid 5828] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5828] memfd_create("syzkaller", 0) = 3 [pid 5828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5828] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5824] <... write resumed>) = 2097152 [ 159.152254][ T5825] UDF-fs: Scanning with blocksize 512 failed [ 159.175418][ T5826] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 159.194270][ T5827] loop1: detected capacity change from 0 to 2048 [pid 5014] umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5014] openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5014] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] getdents64(3, 0x5555575077f0 /* 5 entries */, 32768) = 128 [pid 5014] umount2("./130/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5828] <... write resumed>) = 1048576 [pid 5827] <... ioctl resumed>) = 0 [pid 5014] <... umount2 resumed>) = 0 [pid 5827] close(3 [pid 5014] umount2("./130/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5827] <... close resumed>) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5827] mkdir("\x2e\x02", 0777 [pid 5014] newfstatat(AT_FDCWD, "./130/bus", [pid 5827] <... mkdir resumed>) = 0 [pid 5827] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] munmap(0x7f362c399000, 2097152 [pid 5014] unlink("./130/bus") = 0 [ 159.214966][ T5825] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 159.216572][ T5826] UDF-fs: Scanning with blocksize 512 failed [pid 5014] umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5825] <... mount resumed>) = 0 [pid 5824] <... munmap resumed>) = 0 [pid 5014] newfstatat(AT_FDCWD, "./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] unlink("./130/binderfs" [pid 5828] munmap(0x7f3634699000, 1048576 [pid 5824] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5014] <... unlink resumed>) = 0 [pid 5824] <... openat resumed>) = 7 [pid 5014] umount2("\x2e\x2f\x31\x33\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5825] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5824] ioctl(7, LOOP_SET_FD, 6 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5825] <... openat resumed>) = 3 [pid 5824] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5014] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x30\x2f\x2e\x02", [pid 5825] chdir("\x2e\x02" [pid 5824] ioctl(7, LOOP_CLR_FD [pid 5825] <... chdir resumed>) = 0 [pid 5824] <... ioctl resumed>) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... munmap resumed>) = 0 [pid 5825] ioctl(4, LOOP_CLR_FD [pid 5828] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5828] ioctl(4, LOOP_SET_FD, 3 [pid 5825] <... ioctl resumed>) = 0 [pid 5014] umount2("\x2e\x2f\x31\x33\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5825] close(4 [pid 5824] ioctl(7, LOOP_SET_FD, 6 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5825] <... close resumed>) = 0 [pid 5824] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5014] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5825] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5824] close(7) = 0 [pid 5014] <... openat resumed>) = 4 [pid 5825] <... open resumed>) = 4 [pid 5824] close(6 [pid 5014] newfstatat(4, "", [ 159.257993][ T5827] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 159.281776][ T5828] loop4: detected capacity change from 0 to 2048 [pid 5825] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5825] <... mount resumed>) = 0 [pid 5825] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5014] getdents64(4, [pid 5825] <... open resumed>) = 5 [pid 5825] openat(AT_FDCWD, NULL, O_RDWR [pid 5014] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5825] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5824] <... close resumed>) = 0 [pid 5014] getdents64(4, [pid 5825] ftruncate(-1, 2 [pid 5824] exit_group(0 [pid 5014] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5825] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5824] <... exit_group resumed>) = ? [pid 5014] close(4 [pid 5825] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5014] <... close resumed>) = 0 [pid 5825] <... mmap resumed>) = 0x20000000 [pid 5014] rmdir("\x2e\x2f\x31\x33\x30\x2f\x2e\x02" [pid 5825] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5824] +++ exited with 0 +++ [pid 5828] <... ioctl resumed>) = 0 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5824, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5828] close(3 [pid 5825] <... open resumed>) = -1 EFAULT (Bad address) [pid 5014] <... rmdir resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5825] memfd_create("syzkaller", 0 [pid 5828] mkdir("\x2e\x02", 0777 [pid 5825] <... memfd_create resumed>) = 6 [pid 5014] getdents64(3, [pid 5828] <... mkdir resumed>) = 0 [pid 5825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5825] <... mmap resumed>) = 0x7f362c399000 [pid 5017] umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] close(3 [pid 5017] openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5014] <... close resumed>) = 0 [pid 5017] newfstatat(3, "", [pid 5014] rmdir("./130" [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] getdents64(3, [pid 5014] <... rmdir resumed>) = 0 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [ 159.308309][ T5827] UDF-fs: Scanning with blocksize 512 failed [ 159.329207][ T5826] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5017] umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] mkdir("./131", 0777 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(AT_FDCWD, "./129/binderfs", [pid 5014] <... mkdir resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5017] unlink("./129/binderfs") = 0 [pid 5014] <... openat resumed>) = 3 [pid 5017] umount2("\x2e\x2f\x31\x32\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] ioctl(3, LOOP_CLR_FD) = 0 [pid 5014] close(3) = 0 [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 5829 ./strace-static-x86_64: Process 5829 attached [pid 5826] <... mount resumed>) = 0 [pid 5829] set_robust_list(0x555557506760, 24) = 0 [pid 5829] chdir("./131") = 0 [pid 5829] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5826] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5829] <... prctl resumed>) = 0 [pid 5829] setpgid(0, 0 [pid 5826] chdir("\x2e\x02" [pid 5829] <... setpgid resumed>) = 0 [pid 5826] <... chdir resumed>) = 0 [pid 5826] ioctl(4, LOOP_CLR_FD [pid 5829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5826] <... ioctl resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5826] close(4 [pid 5829] write(3, "1000", 4 [pid 5826] <... close resumed>) = 0 [pid 5829] <... write resumed>) = 4 [pid 5826] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5829] close(3 [pid 5826] <... open resumed>) = 4 [pid 5826] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5829] <... close resumed>) = 0 [pid 5826] <... mount resumed>) = 0 [pid 5829] symlink("/dev/binderfs", "./binderfs" [pid 5826] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5829] <... symlink resumed>) = 0 [pid 5826] <... open resumed>) = 5 [pid 5017] <... umount2 resumed>) = 0 [pid 5829] memfd_create("syzkaller", 0 [pid 5827] <... mount resumed>) = 0 [pid 5826] openat(AT_FDCWD, NULL, O_RDWR [pid 5017] umount2("\x2e\x2f\x31\x32\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5829] <... memfd_create resumed>) = 3 [pid 5827] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5826] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5827] <... openat resumed>) = 3 [pid 5826] ftruncate(-1, 2 [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x39\x2f\x2e\x02", [pid 5829] <... mmap resumed>) = 0x7f3634699000 [pid 5827] chdir("\x2e\x02" [pid 5826] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5827] <... chdir resumed>) = 0 [pid 5826] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5017] umount2("\x2e\x2f\x31\x32\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5827] ioctl(4, LOOP_CLR_FD [pid 5826] <... mmap resumed>) = 0x20000000 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5827] <... ioctl resumed>) = 0 [pid 5826] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5827] close(4 [pid 5826] <... open resumed>) = -1 EFAULT (Bad address) [pid 5017] <... openat resumed>) = 4 [pid 5827] <... close resumed>) = 0 [pid 5826] memfd_create("syzkaller", 0 [pid 5017] newfstatat(4, "", [pid 5827] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5826] <... memfd_create resumed>) = 6 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5827] <... open resumed>) = 4 [pid 5826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] getdents64(4, [ 159.357431][ T5828] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 159.371642][ T5827] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 159.384014][ T5828] UDF-fs: Scanning with blocksize 512 failed [pid 5827] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5826] <... mmap resumed>) = 0x7f362c399000 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5829] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5827] <... mount resumed>) = 0 [pid 5825] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5017] getdents64(4, [pid 5827] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5827] <... open resumed>) = 5 [pid 5017] close(4 [pid 5827] openat(AT_FDCWD, NULL, O_RDWR [pid 5017] <... close resumed>) = 0 [pid 5827] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5017] rmdir("\x2e\x2f\x31\x32\x39\x2f\x2e\x02" [pid 5827] ftruncate(-1, 2 [pid 5017] <... rmdir resumed>) = 0 [pid 5827] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5017] getdents64(3, [pid 5827] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5827] <... mmap resumed>) = 0x20000000 [pid 5017] close(3 [pid 5827] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5017] <... close resumed>) = 0 [pid 5827] <... open resumed>) = -1 EFAULT (Bad address) [pid 5017] rmdir("./129" [pid 5827] memfd_create("syzkaller", 0 [pid 5017] <... rmdir resumed>) = 0 [pid 5827] <... memfd_create resumed>) = 6 [pid 5017] mkdir("./130", 0777 [pid 5827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] <... mkdir resumed>) = 0 [pid 5827] <... mmap resumed>) = 0x7f362c399000 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] <... write resumed>) = 1048576 [pid 5017] <... openat resumed>) = 3 [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5829] munmap(0x7f3634699000, 1048576 [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5017] close(3) = 0 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 5830 [pid 5829] <... munmap resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5829] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5830 attached ) = -1 EBUSY (Device or resource busy) [pid 5830] set_robust_list(0x555557506760, 24 [pid 5829] ioctl(4, LOOP_CLR_FD [pid 5830] <... set_robust_list resumed>) = 0 [pid 5829] <... ioctl resumed>) = 0 [pid 5830] chdir("./130") = 0 [ 159.447013][ T5828] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5830] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] <... mount resumed>) = 0 [pid 5826] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5830] <... prctl resumed>) = 0 [pid 5829] ioctl(4, LOOP_SET_FD, 3 [pid 5828] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5830] setpgid(0, 0 [pid 5829] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] <... openat resumed>) = 3 [pid 5830] <... setpgid resumed>) = 0 [pid 5829] close(4 [pid 5828] chdir("\x2e\x02" [pid 5830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] <... close resumed>) = 0 [pid 5828] <... chdir resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5829] close(3 [pid 5830] write(3, "1000", 4 [pid 5828] ioctl(4, LOOP_CLR_FD [pid 5827] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5825] <... write resumed>) = 2097152 [pid 5830] <... write resumed>) = 4 [pid 5829] <... close resumed>) = 0 [pid 5828] <... ioctl resumed>) = 0 [pid 5825] munmap(0x7f362c399000, 2097152 [pid 5830] close(3 [pid 5829] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5828] close(4 [pid 5830] <... close resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5830] symlink("/dev/binderfs", "./binderfs" [pid 5828] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5830] <... symlink resumed>) = 0 [pid 5829] <... open resumed>) = 3 [pid 5828] <... open resumed>) = 4 [pid 5825] <... munmap resumed>) = 0 [pid 5830] memfd_create("syzkaller", 0 [pid 5829] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5828] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5825] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5830] <... memfd_create resumed>) = 3 [pid 5829] <... mount resumed>) = 0 [pid 5828] <... mount resumed>) = 0 [pid 5825] <... openat resumed>) = 7 [pid 5830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5828] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5825] ioctl(7, LOOP_SET_FD, 6 [pid 5830] <... mmap resumed>) = 0x7f3634699000 [pid 5829] <... open resumed>) = 4 [pid 5828] <... open resumed>) = 5 [pid 5830] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5829] openat(AT_FDCWD, NULL, O_RDWR [pid 5828] openat(AT_FDCWD, NULL, O_RDWR [pid 5825] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5828] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5825] ioctl(7, LOOP_CLR_FD [pid 5829] ftruncate(-1, 2 [pid 5828] ftruncate(-1, 2 [pid 5825] <... ioctl resumed>) = 0 [pid 5829] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5828] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5829] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 5828] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5829] <... mmap resumed>) = 0x20000000 [pid 5828] <... mmap resumed>) = 0x20000000 [pid 5829] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5828] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5825] ioctl(7, LOOP_SET_FD, 6 [pid 5829] <... open resumed>) = -1 EFAULT (Bad address) [pid 5828] <... open resumed>) = -1 EFAULT (Bad address) [pid 5825] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] memfd_create("syzkaller", 0 [pid 5828] memfd_create("syzkaller", 0 [pid 5825] close(7 [pid 5829] <... memfd_create resumed>) = 5 [pid 5828] <... memfd_create resumed>) = 6 [pid 5825] <... close resumed>) = 0 [pid 5829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5825] close(6 [pid 5829] <... mmap resumed>) = 0x7f362c399000 [pid 5828] <... mmap resumed>) = 0x7f362c399000 [pid 5825] <... close resumed>) = 0 [pid 5830] <... write resumed>) = 1048576 [pid 5830] munmap(0x7f3634699000, 1048576) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5830] <... openat resumed>) = 4 [pid 5830] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5826] <... write resumed>) = 2097152 [pid 5825] exit_group(0 [pid 5826] munmap(0x7f362c399000, 2097152 [pid 5825] <... exit_group resumed>) = ? [pid 5825] +++ exited with 0 +++ [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5825, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5019] umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5019] newfstatat(3, "", [pid 5827] <... write resumed>) = 2097152 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5830] close(3 [pid 5019] umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5830] <... close resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] mkdir("\x2e\x02", 0777 [pid 5019] newfstatat(AT_FDCWD, "./134/binderfs", [pid 5830] <... mkdir resumed>) = 0 [pid 5827] munmap(0x7f362c399000, 2097152 [pid 5826] <... munmap resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5827] <... munmap resumed>) = 0 [pid 5826] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5019] unlink("./134/binderfs" [pid 5826] <... openat resumed>) = 7 [pid 5019] <... unlink resumed>) = 0 [ 159.634830][ T5830] loop3: detected capacity change from 0 to 2048 [pid 5826] ioctl(7, LOOP_SET_FD, 6 [pid 5019] umount2("\x2e\x2f\x31\x33\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5829] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5826] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] <... umount2 resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x33\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5826] ioctl(7, LOOP_CLR_FD [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x34\x2f\x2e\x02", [pid 5827] <... openat resumed>) = 7 [pid 5826] <... ioctl resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5827] ioctl(7, LOOP_SET_FD, 6 [pid 5019] umount2("\x2e\x2f\x31\x33\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5827] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5827] ioctl(7, LOOP_CLR_FD [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5827] <... ioctl resumed>) = 0 [pid 5826] ioctl(7, LOOP_SET_FD, 6 [pid 5019] <... openat resumed>) = 4 [pid 5826] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] newfstatat(4, "", [pid 5826] close(7 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5827] ioctl(7, LOOP_SET_FD, 6 [pid 5826] <... close resumed>) = 0 [pid 5019] getdents64(4, [pid 5827] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5827] close(7 [pid 5826] close(6 [pid 5019] getdents64(4, [pid 5827] <... close resumed>) = 0 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5827] close(6 [pid 5019] close(4) = 0 [pid 5019] rmdir("\x2e\x2f\x31\x33\x34\x2f\x2e\x02") = 0 [pid 5019] getdents64(3, [pid 5828] <... write resumed>) = 2097152 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5828] munmap(0x7f362c399000, 2097152 [pid 5019] close(3) = 0 [pid 5019] rmdir("./134") = 0 [ 159.693254][ T5830] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [pid 5019] mkdir("./135", 0777 [pid 5829] <... write resumed>) = 2097152 [pid 5019] <... mkdir resumed>) = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5019] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5019] close(3) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 5831 [pid 5826] <... close resumed>) = 0 [pid 5826] exit_group(0) = ? [pid 5827] <... close resumed>) = 0 ./strace-static-x86_64: Process 5831 attached [pid 5827] exit_group(0 [pid 5831] set_robust_list(0x555557506760, 24 [pid 5827] <... exit_group resumed>) = ? [pid 5831] <... set_robust_list resumed>) = 0 [pid 5827] +++ exited with 0 +++ [pid 5831] chdir("./135" [pid 5828] <... munmap resumed>) = 0 [pid 5826] +++ exited with 0 +++ [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5827, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5831] <... chdir resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5831] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] <... openat resumed>) = 7 [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5826, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=9 /* 0.09 s */} --- [pid 5831] <... prctl resumed>) = 0 [pid 5828] ioctl(7, LOOP_SET_FD, 6 [pid 5016] restart_syscall(<... resuming interrupted clone ...> [pid 5015] umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5831] setpgid(0, 0 [pid 5829] munmap(0x7f362c399000, 2097152 [pid 5828] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5016] <... restart_syscall resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... setpgid resumed>) = 0 [pid 5828] ioctl(7, LOOP_CLR_FD [pid 5015] openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] <... ioctl resumed>) = 0 [pid 5015] <... openat resumed>) = 3 [pid 5831] <... openat resumed>) = 3 [pid 5016] umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] newfstatat(3, "", [pid 5831] write(3, "1000", 4 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... write resumed>) = 4 [pid 5829] <... munmap resumed>) = 0 [pid 5828] ioctl(7, LOOP_SET_FD, 6 [pid 5016] openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] getdents64(3, [pid 5831] close(3 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5828] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [ 159.752969][ T5830] UDF-fs: Scanning with blocksize 512 failed [pid 5016] <... openat resumed>) = 3 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5831] <... close resumed>) = 0 [pid 5829] <... openat resumed>) = 6 [pid 5828] close(7 [pid 5016] newfstatat(3, "", [pid 5015] umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5831] symlink("/dev/binderfs", "./binderfs" [pid 5829] ioctl(6, LOOP_SET_FD, 5 [pid 5828] <... close resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... symlink resumed>) = 0 [pid 5829] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5828] close(6 [pid 5016] getdents64(3, [pid 5015] newfstatat(AT_FDCWD, "./132/binderfs", [pid 5831] memfd_create("syzkaller", 0 [pid 5829] ioctl(6, LOOP_CLR_FD [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... memfd_create resumed>) = 3 [pid 5015] unlink("./132/binderfs" [pid 5831] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5015] <... unlink resumed>) = 0 [pid 5831] <... mmap resumed>) = 0x7f3634699000 [pid 5015] umount2("\x2e\x2f\x31\x33\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5831] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5829] <... ioctl resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5831] <... write resumed>) = 1048576 [pid 5016] umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... umount2 resumed>) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] umount2("\x2e\x2f\x31\x33\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] newfstatat(AT_FDCWD, "./131/binderfs", [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] ioctl(6, LOOP_SET_FD, 5 [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5016] unlink("./131/binderfs" [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x32\x2f\x2e\x02", [pid 5829] close(6) = 0 [pid 5016] <... unlink resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] close(5 [pid 5016] umount2("\x2e\x2f\x31\x33\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] umount2("\x2e\x2f\x31\x33\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5015] newfstatat(4, "", [pid 5828] exit_group(0) = ? [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] getdents64(4, [pid 5830] <... mount resumed>) = 0 [pid 5828] +++ exited with 0 +++ [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5830] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5828, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [ 159.801942][ T5830] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5015] close(4 [pid 5830] <... openat resumed>) = 3 [pid 5829] <... close resumed>) = 0 [pid 5015] <... close resumed>) = 0 [pid 5830] chdir("\x2e\x02" [pid 5831] munmap(0x7f3634699000, 1048576 [pid 5830] <... chdir resumed>) = 0 [pid 5015] rmdir("\x2e\x2f\x31\x33\x32\x2f\x2e\x02" [pid 5831] <... munmap resumed>) = 0 [pid 5830] ioctl(4, LOOP_CLR_FD [pid 5018] umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5830] <... ioctl resumed>) = 0 [pid 5015] <... rmdir resumed>) = 0 [pid 5830] close(4 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] getdents64(3, [pid 5831] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5830] <... close resumed>) = 0 [pid 5829] exit_group(0 [pid 5018] openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] <... umount2 resumed>) = 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5830] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5829] <... exit_group resumed>) = ? [pid 5018] <... openat resumed>) = 3 [pid 5016] umount2("\x2e\x2f\x31\x33\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] close(3 [pid 5831] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... open resumed>) = 4 [pid 5018] newfstatat(3, "", [pid 5830] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... close resumed>) = 0 [pid 5830] <... mount resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x31\x2f\x2e\x02", [pid 5015] rmdir("./132" [pid 5830] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5018] getdents64(3, [pid 5830] <... open resumed>) = 5 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... rmdir resumed>) = 0 [pid 5830] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] mkdir("./133", 0777 [pid 5830] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5829] +++ exited with 0 +++ [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] umount2("\x2e\x2f\x31\x33\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5830] ftruncate(-1, 2 [pid 5018] newfstatat(AT_FDCWD, "./133/binderfs", [pid 5015] <... mkdir resumed>) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x31\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5829, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5830] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5018] unlink("./133/binderfs" [pid 5016] <... openat resumed>) = 4 [pid 5015] <... openat resumed>) = 3 [pid 5830] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5018] <... unlink resumed>) = 0 [pid 5016] newfstatat(4, "", [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5830] memfd_create("syzkaller", 0 [pid 5018] umount2("\x2e\x2f\x31\x33\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] <... memfd_create resumed>) = 6 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5016] getdents64(4, [pid 5830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5014] umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5830] <... mmap resumed>) = 0x7f362c399000 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] close(3 [pid 5018] <... umount2 resumed>) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] getdents64(4, [pid 5018] umount2("\x2e\x2f\x31\x33\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... close resumed>) = 0 [pid 5014] openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5016] close(4 [pid 5014] <... openat resumed>) = 3 [pid 5831] <... ioctl resumed>) = 0 [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x33\x2f\x2e\x02", [pid 5016] <... close resumed>) = 0 [pid 5014] newfstatat(3, "", [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] rmdir("\x2e\x2f\x31\x33\x31\x2f\x2e\x02" [pid 5018] umount2("\x2e\x2f\x31\x33\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5832 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... rmdir resumed>) = 0 [pid 5014] getdents64(3, [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] getdents64(3, [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x33\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5018] <... openat resumed>) = 4 [pid 5016] close(3 [pid 5018] newfstatat(4, "", [pid 5014] umount2("./131/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5831] <... close resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... close resumed>) = 0 [pid 5831] mkdir("\x2e\x02", 0777 [pid 5018] getdents64(4, [pid 5016] rmdir("./131" [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5018] getdents64(4, [pid 5016] <... rmdir resumed>) = 0 [pid 5831] <... mkdir resumed>) = 0 [ 159.879347][ T5831] loop5: detected capacity change from 0 to 2048 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5016] mkdir("./132", 0777 [pid 5831] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5018] close(4 [pid 5016] <... mkdir resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 5832 attached [pid 5018] rmdir("\x2e\x2f\x31\x33\x33\x2f\x2e\x02" [pid 5016] <... openat resumed>) = 3 [pid 5018] <... rmdir resumed>) = 0 [pid 5832] set_robust_list(0x555557506760, 24 [pid 5018] getdents64(3, [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5832] <... set_robust_list resumed>) = 0 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] close(3 [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5832] chdir("./133" [pid 5018] <... close resumed>) = 0 [pid 5832] <... chdir resumed>) = 0 [pid 5018] rmdir("./133" [pid 5016] close(3 [pid 5832] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5018] <... rmdir resumed>) = 0 [pid 5016] <... close resumed>) = 0 [pid 5832] <... prctl resumed>) = 0 [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5018] mkdir("./134", 0777 [pid 5014] <... umount2 resumed>) = 0 [pid 5018] <... mkdir resumed>) = 0 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5833 [pid 5014] umount2("./131/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... openat resumed>) = 3 [pid 5014] newfstatat(AT_FDCWD, "./131/bus", [pid 5832] setpgid(0, 0 [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5832] <... setpgid resumed>) = 0 [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5018] close(3 [pid 5014] unlink("./131/bus" [pid 5018] <... close resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5014] <... unlink resumed>) = 0 [pid 5830] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5832] write(3, "1000", 4 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5834 [pid 5014] umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5832] <... write resumed>) = 4 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5833 attached [pid 5832] close(3 [pid 5014] newfstatat(AT_FDCWD, "./131/binderfs", [pid 5833] set_robust_list(0x555557506760, 24 [pid 5832] <... close resumed>) = 0 [pid 5833] <... set_robust_list resumed>) = 0 [pid 5832] symlink("/dev/binderfs", "./binderfs" [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5833] chdir("./132" [pid 5832] <... symlink resumed>) = 0 [pid 5014] unlink("./131/binderfs" [pid 5833] <... chdir resumed>) = 0 [pid 5832] memfd_create("syzkaller", 0) = 3 [pid 5014] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 5834 attached [pid 5833] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5014] getdents64(3, [pid 5834] set_robust_list(0x555557506760, 24 [pid 5833] <... prctl resumed>) = 0 [pid 5832] <... mmap resumed>) = 0x7f3634699000 [pid 5834] <... set_robust_list resumed>) = 0 [pid 5833] setpgid(0, 0 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5834] chdir("./134") = 0 [pid 5834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5834] setpgid(0, 0) = 0 [pid 5834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5833] <... setpgid resumed>) = 0 [pid 5014] close(3 [pid 5834] <... openat resumed>) = 3 [pid 5833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] write(3, "1000", 4 [pid 5833] <... openat resumed>) = 3 [pid 5014] <... close resumed>) = 0 [pid 5834] <... write resumed>) = 4 [pid 5833] write(3, "1000", 4 [pid 5832] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5014] rmdir("./131" [pid 5834] close(3 [pid 5833] <... write resumed>) = 4 [pid 5834] <... close resumed>) = 0 [pid 5834] symlink("/dev/binderfs", "./binderfs" [pid 5014] <... rmdir resumed>) = 0 [pid 5833] close(3 [pid 5834] <... symlink resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5014] mkdir("./132", 0777 [pid 5834] memfd_create("syzkaller", 0 [pid 5833] symlink("/dev/binderfs", "./binderfs" [pid 5834] <... memfd_create resumed>) = 3 [pid 5014] <... mkdir resumed>) = 0 [pid 5834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5833] <... symlink resumed>) = 0 [pid 5832] <... write resumed>) = 1048576 [pid 5830] <... write resumed>) = 2097152 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5834] <... mmap resumed>) = 0x7f3634699000 [ 159.969201][ T5831] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [pid 5833] memfd_create("syzkaller", 0 [pid 5834] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5833] <... memfd_create resumed>) = 3 [pid 5014] <... openat resumed>) = 3 [pid 5833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5014] ioctl(3, LOOP_CLR_FD [pid 5833] <... mmap resumed>) = 0x7f3634699000 [pid 5014] <... ioctl resumed>) = 0 [pid 5014] close(3) = 0 [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 5835 [pid 5833] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5832] munmap(0x7f3634699000, 1048576./strace-static-x86_64: Process 5835 attached ) = 0 [pid 5835] set_robust_list(0x555557506760, 24) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] munmap(0x7f362c399000, 2097152 [ 160.022149][ T5831] UDF-fs: Scanning with blocksize 512 failed [pid 5835] chdir("./132" [pid 5832] <... openat resumed>) = 4 [pid 5830] <... munmap resumed>) = 0 [pid 5835] <... chdir resumed>) = 0 [pid 5834] <... write resumed>) = 1048576 [pid 5833] <... write resumed>) = 1048576 [pid 5835] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] munmap(0x7f3634699000, 1048576 [pid 5833] munmap(0x7f3634699000, 1048576 [pid 5835] <... prctl resumed>) = 0 [pid 5834] <... munmap resumed>) = 0 [pid 5833] <... munmap resumed>) = 0 [pid 5835] setpgid(0, 0 [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5835] <... setpgid resumed>) = 0 [pid 5834] <... openat resumed>) = 4 [pid 5833] <... openat resumed>) = 4 [pid 5835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] ioctl(4, LOOP_SET_FD, 3 [pid 5833] ioctl(4, LOOP_SET_FD, 3 [pid 5835] <... openat resumed>) = 3 [pid 5832] ioctl(4, LOOP_SET_FD, 3 [pid 5831] <... mount resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5835] write(3, "1000", 4 [pid 5832] <... ioctl resumed>) = 0 [pid 5831] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5830] <... openat resumed>) = 7 [pid 5832] close(3 [pid 5831] <... openat resumed>) = 3 [pid 5830] ioctl(7, LOOP_SET_FD, 6 [pid 5832] <... close resumed>) = 0 [pid 5831] chdir("\x2e\x02" [pid 5830] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5835] <... write resumed>) = 4 [pid 5834] <... ioctl resumed>) = 0 [pid 5833] <... ioctl resumed>) = 0 [pid 5830] ioctl(7, LOOP_CLR_FD [pid 5835] close(3 [pid 5834] close(3 [pid 5833] close(3 [pid 5830] <... ioctl resumed>) = 0 [pid 5832] mkdir("\x2e\x02", 0777 [pid 5835] <... close resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 5833] <... close resumed>) = 0 [pid 5835] symlink("/dev/binderfs", "./binderfs" [pid 5834] mkdir("\x2e\x02", 0777 [pid 5833] mkdir("\x2e\x02", 0777 [pid 5835] <... symlink resumed>) = 0 [pid 5833] <... mkdir resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5831] <... chdir resumed>) = 0 [pid 5835] memfd_create("syzkaller", 0 [pid 5834] <... mkdir resumed>) = 0 [pid 5833] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5832] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5830] ioctl(7, LOOP_SET_FD, 6 [pid 5831] ioctl(4, LOOP_CLR_FD [pid 5835] <... memfd_create resumed>) = 3 [pid 5831] <... ioctl resumed>) = 0 [pid 5830] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5831] close(4 [pid 5830] close(7 [pid 5831] <... close resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5831] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5830] close(6) = 0 [ 160.062489][ T5831] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 160.070404][ T5833] loop2: detected capacity change from 0 to 2048 [ 160.074185][ T5832] loop1: detected capacity change from 0 to 2048 [ 160.078117][ T5834] loop4: detected capacity change from 0 to 2048 [ 160.100615][ T5833] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [pid 5835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5834] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5831] <... open resumed>) = 4 [pid 5831] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5831] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5831] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5831] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5831] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5835] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5831] <... mmap resumed>) = 0x20000000 [pid 5831] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5830] exit_group(0 [pid 5831] <... open resumed>) = -1 EFAULT (Bad address) [pid 5830] <... exit_group resumed>) = ? [pid 5831] memfd_create("syzkaller", 0 [pid 5830] +++ exited with 0 +++ [pid 5831] <... memfd_create resumed>) = 6 [pid 5831] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5830, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5831] <... mmap resumed>) = 0x7f362c399000 [ 160.115430][ T5832] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 160.123115][ T5832] UDF-fs: Scanning with blocksize 512 failed [ 160.124479][ T5833] UDF-fs: Scanning with blocksize 512 failed [ 160.145906][ T5834] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [pid 5017] umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5835] <... write resumed>) = 1048576 [pid 5017] openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5017] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(AT_FDCWD, "./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] unlink("./130/binderfs") = 0 [ 160.161444][ T5834] UDF-fs: Scanning with blocksize 512 failed [pid 5017] umount2("\x2e\x2f\x31\x33\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5835] munmap(0x7f3634699000, 1048576 [pid 5017] umount2("\x2e\x2f\x31\x33\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x30\x2f\x2e\x02", [pid 5835] <... munmap resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5835] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5017] umount2("\x2e\x2f\x31\x33\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5835] <... openat resumed>) = 4 [pid 5831] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5835] ioctl(4, LOOP_SET_FD, 3 [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5835] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] <... openat resumed>) = 4 [pid 5835] ioctl(4, LOOP_CLR_FD [pid 5017] newfstatat(4, "", [pid 5835] <... ioctl resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5835] ioctl(4, LOOP_SET_FD, 3 [pid 5017] getdents64(4, [pid 5835] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5835] close(4 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5835] <... close resumed>) = 0 [ 160.203071][ T5832] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 160.218166][ T5834] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5017] close(4 [pid 5835] close(3 [pid 5834] <... mount resumed>) = 0 [pid 5832] <... mount resumed>) = 0 [pid 5831] <... write resumed>) = 2097152 [pid 5017] <... close resumed>) = 0 [pid 5835] <... close resumed>) = 0 [pid 5834] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5832] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5831] munmap(0x7f362c399000, 2097152 [pid 5017] rmdir("\x2e\x2f\x31\x33\x30\x2f\x2e\x02" [pid 5835] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5834] <... openat resumed>) = 3 [pid 5833] <... mount resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5834] chdir("\x2e\x02" [pid 5833] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5832] chdir("\x2e\x02" [pid 5831] <... munmap resumed>) = 0 [pid 5017] <... rmdir resumed>) = 0 [pid 5835] <... open resumed>) = 3 [pid 5834] <... chdir resumed>) = 0 [pid 5832] <... chdir resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5017] getdents64(3, [pid 5835] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5834] ioctl(4, LOOP_CLR_FD [pid 5832] ioctl(4, LOOP_CLR_FD [pid 5831] <... openat resumed>) = 7 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5835] <... mount resumed>) = 0 [pid 5834] <... ioctl resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5831] ioctl(7, LOOP_SET_FD, 6 [pid 5017] close(3 [pid 5835] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5834] close(4 [pid 5832] close(4 [pid 5831] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] <... close resumed>) = 0 [pid 5835] <... open resumed>) = 4 [pid 5834] <... close resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 5832] <... close resumed>) = 0 [pid 5831] ioctl(7, LOOP_CLR_FD [pid 5017] rmdir("./130" [pid 5835] openat(AT_FDCWD, NULL, O_RDWR [pid 5834] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5832] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5831] <... ioctl resumed>) = 0 [pid 5017] <... rmdir resumed>) = 0 [pid 5835] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5834] <... open resumed>) = 4 [pid 5832] <... open resumed>) = 4 [pid 5017] mkdir("./131", 0777 [pid 5835] ftruncate(-1, 2 [pid 5834] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5832] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5017] <... mkdir resumed>) = 0 [pid 5835] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5834] <... mount resumed>) = 0 [pid 5832] <... mount resumed>) = 0 [pid 5831] ioctl(7, LOOP_SET_FD, 6 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5835] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 5834] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5832] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5831] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] <... openat resumed>) = 3 [pid 5835] <... mmap resumed>) = 0x20000000 [pid 5834] <... open resumed>) = 5 [pid 5833] chdir("\x2e\x02" [pid 5832] <... open resumed>) = 5 [pid 5831] close(7 [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5835] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5834] openat(AT_FDCWD, NULL, O_RDWR [pid 5833] <... chdir resumed>) = 0 [pid 5832] openat(AT_FDCWD, NULL, O_RDWR [pid 5831] <... close resumed>) = 0 [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5835] <... open resumed>) = -1 EFAULT (Bad address) [pid 5834] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5833] ioctl(4, LOOP_CLR_FD [pid 5832] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5831] close(6 [pid 5017] close(3 [pid 5835] memfd_create("syzkaller", 0 [pid 5834] ftruncate(-1, 2 [pid 5833] <... ioctl resumed>) = 0 [pid 5832] ftruncate(-1, 2 [pid 5831] <... close resumed>) = 0 [pid 5017] <... close resumed>) = 0 [pid 5835] <... memfd_create resumed>) = 5 [pid 5834] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5833] close(4 [pid 5832] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5834] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5833] <... close resumed>) = 0 [pid 5832] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5835] <... mmap resumed>) = 0x7f362c399000 [ 160.250906][ T5833] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5834] <... mmap resumed>) = 0x20000000 [pid 5833] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5832] <... mmap resumed>) = 0x20000000 [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5836 [pid 5834] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5832] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5831] exit_group(0 [pid 5834] <... open resumed>) = -1 EFAULT (Bad address) [pid 5833] <... open resumed>) = 4 [pid 5832] memfd_create("syzkaller", 0 [pid 5831] <... exit_group resumed>) = ? [pid 5834] memfd_create("syzkaller", 0 [pid 5833] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5832] <... memfd_create resumed>) = 6 [pid 5834] <... memfd_create resumed>) = 6 [pid 5833] <... mount resumed>) = 0 [pid 5832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] +++ exited with 0 +++ ./strace-static-x86_64: Process 5836 attached [pid 5834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5833] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5832] <... mmap resumed>) = 0x7f362c399000 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5831, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5836] set_robust_list(0x555557506760, 24 [pid 5834] <... mmap resumed>) = 0x7f362c399000 [pid 5833] <... open resumed>) = 5 [pid 5836] <... set_robust_list resumed>) = 0 [pid 5836] chdir("./131") = 0 [pid 5019] restart_syscall(<... resuming interrupted clone ...> [pid 5836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5836] setpgid(0, 0) = 0 [pid 5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5836] write(3, "1000", 4) = 4 [pid 5836] close(3) = 0 [pid 5836] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5836] memfd_create("syzkaller", 0) = 3 [pid 5836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5836] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5833] openat(AT_FDCWD, NULL, O_RDWR [pid 5019] <... restart_syscall resumed>) = 0 [pid 5833] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5833] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5833] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5833] <... mmap resumed>) = 0x20000000 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] <... open resumed>) = -1 EFAULT (Bad address) [pid 5832] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5019] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5833] memfd_create("syzkaller", 0 [pid 5019] getdents64(3, [pid 5836] <... write resumed>) = 1048576 [pid 5833] <... memfd_create resumed>) = 6 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5833] <... mmap resumed>) = 0x7f362c399000 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] newfstatat(AT_FDCWD, "./135/binderfs", [pid 5835] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] unlink("./135/binderfs") = 0 [pid 5019] umount2("\x2e\x2f\x31\x33\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5834] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5836] munmap(0x7f3634699000, 1048576) = 0 [pid 5836] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5836] ioctl(4, LOOP_SET_FD, 3 [pid 5835] <... write resumed>) = 2097152 [pid 5836] <... ioctl resumed>) = 0 [pid 5836] close(3) = 0 [pid 5836] mkdir("\x2e\x02", 0777 [pid 5019] <... umount2 resumed>) = 0 [pid 5836] <... mkdir resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x33\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x35\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5836] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5019] umount2("\x2e\x2f\x31\x33\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x35\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5019] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] getdents64(4, [pid 5835] munmap(0x7f362c399000, 2097152 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5019] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5832] <... write resumed>) = 2097152 [pid 5019] close(4) = 0 [pid 5835] <... munmap resumed>) = 0 [pid 5019] rmdir("\x2e\x2f\x31\x33\x35\x2f\x2e\x02" [ 160.401442][ T5836] loop3: detected capacity change from 0 to 2048 [pid 5832] munmap(0x7f362c399000, 2097152 [pid 5019] <... rmdir resumed>) = 0 [pid 5833] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5019] getdents64(3, [pid 5835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5835] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5835] ioctl(6, LOOP_CLR_FD) = 0 [pid 5835] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5835] close(6) = 0 [pid 5835] close(5) = 0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5832] <... munmap resumed>) = 0 [pid 5019] close(3 [pid 5832] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 7 [pid 5019] <... close resumed>) = 0 [pid 5832] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5832] ioctl(7, LOOP_CLR_FD) = 0 [ 160.453733][ T5836] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [pid 5019] rmdir("./135") = 0 [pid 5832] ioctl(7, LOOP_SET_FD, 6 [pid 5019] mkdir("./136", 0777 [pid 5832] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] close(7) = 0 [pid 5832] close(6 [pid 5019] <... mkdir resumed>) = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5834] <... write resumed>) = 2097152 [pid 5832] <... close resumed>) = 0 [pid 5019] <... openat resumed>) = 3 [pid 5019] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5019] close(3) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5835] exit_group(0) = ? [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5837 [pid 5834] munmap(0x7f362c399000, 2097152./strace-static-x86_64: Process 5837 attached [pid 5835] +++ exited with 0 +++ [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5835, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5014] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5837] set_robust_list(0x555557506760, 24) = 0 [pid 5014] umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5014] openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5837] chdir("./136") = 0 [pid 5832] exit_group(0 [pid 5014] <... openat resumed>) = 3 [pid 5837] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] <... exit_group resumed>) = ? [pid 5014] newfstatat(3, "", [pid 5837] <... prctl resumed>) = 0 [pid 5834] <... munmap resumed>) = 0 [pid 5832] +++ exited with 0 +++ [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] setpgid(0, 0) = 0 [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5832, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=7 /* 0.07 s */} --- [pid 5014] getdents64(3, [pid 5837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5015] restart_syscall(<... resuming interrupted clone ...> [pid 5837] <... openat resumed>) = 3 [pid 5015] <... restart_syscall resumed>) = 0 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5837] write(3, "1000", 4) = 4 [pid 5014] umount2("./132/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5837] close(3 [pid 5015] umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5837] <... close resumed>) = 0 [ 160.495416][ T5836] UDF-fs: Scanning with blocksize 512 failed [pid 5834] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... umount2 resumed>) = 0 [pid 5837] symlink("/dev/binderfs", "./binderfs" [pid 5015] openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5837] <... symlink resumed>) = 0 [pid 5834] <... openat resumed>) = 7 [pid 5015] <... openat resumed>) = 3 [pid 5014] umount2("./132/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5837] memfd_create("syzkaller", 0 [pid 5834] ioctl(7, LOOP_SET_FD, 6 [pid 5833] <... write resumed>) = 2097152 [pid 5015] newfstatat(3, "", [pid 5837] <... memfd_create resumed>) = 3 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5015] getdents64(3, [pid 5837] <... mmap resumed>) = 0x7f3634699000 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5837] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5834] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5015] umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(AT_FDCWD, "./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] unlink("./133/binderfs" [pid 5834] ioctl(7, LOOP_CLR_FD [pid 5015] <... unlink resumed>) = 0 [pid 5014] newfstatat(AT_FDCWD, "./132/bus", [pid 5834] <... ioctl resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x33\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] unlink("./132/bus") = 0 [pid 5834] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5015] <... umount2 resumed>) = 0 [pid 5014] umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5834] close(7) = 0 [pid 5015] umount2("\x2e\x2f\x31\x33\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5834] close(6 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x33\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] umount2("\x2e\x2f\x31\x33\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x33\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5837] <... write resumed>) = 1048576 [pid 5015] <... openat resumed>) = 4 [pid 5015] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] close(4) = 0 [pid 5015] rmdir("\x2e\x2f\x31\x33\x33\x2f\x2e\x02" [pid 5833] munmap(0x7f362c399000, 2097152 [pid 5015] <... rmdir resumed>) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5833] <... munmap resumed>) = 0 [pid 5014] newfstatat(AT_FDCWD, "./132/binderfs", [pid 5015] getdents64(3, [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] unlink("./132/binderfs" [pid 5015] close(3 [pid 5014] <... unlink resumed>) = 0 [pid 5014] getdents64(3, [pid 5015] <... close resumed>) = 0 [ 160.556176][ T5836] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5836] <... mount resumed>) = 0 [pid 5015] rmdir("./133" [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5836] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5015] <... rmdir resumed>) = 0 [pid 5014] close(3 [pid 5836] <... openat resumed>) = 3 [pid 5015] mkdir("./134", 0777 [pid 5014] <... close resumed>) = 0 [pid 5836] chdir("\x2e\x02" [pid 5015] <... mkdir resumed>) = 0 [pid 5014] rmdir("./132" [pid 5836] <... chdir resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5836] ioctl(4, LOOP_CLR_FD [pid 5833] <... openat resumed>) = 7 [pid 5015] <... openat resumed>) = 3 [pid 5014] <... rmdir resumed>) = 0 [pid 5837] munmap(0x7f3634699000, 1048576 [pid 5836] <... ioctl resumed>) = 0 [pid 5833] ioctl(7, LOOP_SET_FD, 6 [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5014] mkdir("./133", 0777 [pid 5837] <... munmap resumed>) = 0 [pid 5836] close(4 [pid 5833] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5836] <... close resumed>) = 0 [pid 5833] ioctl(7, LOOP_CLR_FD [pid 5015] close(3 [pid 5837] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5836] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5833] <... ioctl resumed>) = 0 [pid 5015] <... close resumed>) = 0 [pid 5014] <... mkdir resumed>) = 0 [pid 5837] <... openat resumed>) = 4 [pid 5836] <... open resumed>) = 4 [pid 5834] <... close resumed>) = 0 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5837] ioctl(4, LOOP_SET_FD, 3 [pid 5836] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5837] <... ioctl resumed>) = 0 [pid 5836] <... mount resumed>) = 0 [pid 5833] ioctl(7, LOOP_SET_FD, 6 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5838 [pid 5836] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5833] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5014] <... openat resumed>) = 3 [pid 5836] <... open resumed>) = 5 [pid 5834] exit_group(0 [pid 5833] close(7 [pid 5836] openat(AT_FDCWD, NULL, O_RDWR [pid 5834] <... exit_group resumed>) = ? [pid 5833] <... close resumed>) = 0 [pid 5014] ioctl(3, LOOP_CLR_FD [pid 5836] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5834] +++ exited with 0 +++ [pid 5833] close(6./strace-static-x86_64: Process 5838 attached [pid 5836] ftruncate(-1, 2 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5834, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5014] <... ioctl resumed>) = 0 [pid 5838] set_robust_list(0x555557506760, 24 [pid 5836] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5838] <... set_robust_list resumed>) = 0 [pid 5836] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5014] close(3 [pid 5838] chdir("./134" [pid 5836] <... mmap resumed>) = 0x20000000 [pid 5018] umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5838] <... chdir resumed>) = 0 [pid 5836] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5836] <... open resumed>) = -1 EFAULT (Bad address) [pid 5018] openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] <... close resumed>) = 0 [pid 5838] <... prctl resumed>) = 0 [pid 5836] memfd_create("syzkaller", 0 [pid 5018] <... openat resumed>) = 3 [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5838] setpgid(0, 0 [pid 5836] <... memfd_create resumed>) = 6 [pid 5018] newfstatat(3, "", [pid 5838] <... setpgid resumed>) = 0 [pid 5836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5833] <... close resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5836] <... mmap resumed>) = 0x7f362c399000 [pid 5018] getdents64(3, [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 5839 [pid 5838] <... openat resumed>) = 3 [pid 5837] close(3 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5838] write(3, "1000", 4 [pid 5837] <... close resumed>) = 0 [pid 5833] exit_group(0 [pid 5018] umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5838] <... write resumed>) = 4 [pid 5837] mkdir("\x2e\x02", 0777 [pid 5833] <... exit_group resumed>) = ? [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] close(3 [pid 5837] <... mkdir resumed>) = 0 [pid 5833] +++ exited with 0 +++ [pid 5018] newfstatat(AT_FDCWD, "./134/binderfs", [pid 5838] <... close resumed>) = 0 [pid 5837] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 5839 attached [pid 5838] symlink("/dev/binderfs", "./binderfs" [ 160.622837][ T27] kauditd_printk_skb: 30 callbacks suppressed [ 160.622851][ T27] audit: type=1800 audit(1692541364.278:804): pid=5836 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop3" ino=851 res=0 errno=0 [ 160.655298][ T5837] loop5: detected capacity change from 0 to 2048 [pid 5018] unlink("./134/binderfs" [pid 5839] set_robust_list(0x555557506760, 24 [pid 5838] <... symlink resumed>) = 0 [pid 5018] <... unlink resumed>) = 0 [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5833, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5839] <... set_robust_list resumed>) = 0 [pid 5838] memfd_create("syzkaller", 0 [pid 5018] umount2("\x2e\x2f\x31\x33\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5839] chdir("./133" [pid 5838] <... memfd_create resumed>) = 3 [pid 5838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5839] <... chdir resumed>) = 0 [pid 5838] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5016] openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] <... prctl resumed>) = 0 [pid 5016] <... openat resumed>) = 3 [pid 5839] setpgid(0, 0 [pid 5016] newfstatat(3, "", [pid 5839] <... setpgid resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5016] getdents64(3, [pid 5839] <... openat resumed>) = 3 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5839] write(3, "1000", 4 [pid 5016] umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5839] <... write resumed>) = 4 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] close(3 [pid 5018] <... umount2 resumed>) = 0 [pid 5016] newfstatat(AT_FDCWD, "./132/binderfs", [pid 5839] <... close resumed>) = 0 [pid 5839] symlink("/dev/binderfs", "./binderfs" [pid 5018] umount2("\x2e\x2f\x31\x33\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... symlink resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] unlink("./132/binderfs") = 0 [pid 5839] memfd_create("syzkaller", 0 [pid 5016] umount2("\x2e\x2f\x31\x33\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5839] <... memfd_create resumed>) = 3 [ 160.705895][ T5837] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 160.713578][ T5837] UDF-fs: Scanning with blocksize 512 failed [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x34\x2f\x2e\x02", [pid 5839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5836] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5839] <... mmap resumed>) = 0x7f3634699000 [pid 5838] <... write resumed>) = 1048576 [pid 5018] umount2("\x2e\x2f\x31\x33\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5838] munmap(0x7f3634699000, 1048576) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5838] ioctl(4, LOOP_SET_FD, 3 [pid 5839] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5018] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5018] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] close(4) = 0 [pid 5018] rmdir("\x2e\x2f\x31\x33\x34\x2f\x2e\x02") = 0 [pid 5018] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] close(3 [pid 5016] <... umount2 resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5018] rmdir("./134") = 0 [pid 5018] mkdir("./135", 0777) = 0 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5016] umount2("\x2e\x2f\x31\x33\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... openat resumed>) = 3 [pid 5018] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] close(3) = 0 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x32\x2f\x2e\x02", [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5840 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] umount2("\x2e\x2f\x31\x33\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5838] <... ioctl resumed>) = 0 [pid 5838] close(3./strace-static-x86_64: Process 5840 attached [pid 5839] <... write resumed>) = 1048576 [pid 5838] <... close resumed>) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] mkdir("\x2e\x02", 0777) = 0 [pid 5838] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5836] <... write resumed>) = 2097152 [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5840] set_robust_list(0x555557506760, 24) = 0 [pid 5016] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] chdir("./135" [pid 5016] getdents64(4, [pid 5840] <... chdir resumed>) = 0 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [ 160.758291][ T5838] loop1: detected capacity change from 0 to 2048 [ 160.782126][ T5837] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5840] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] munmap(0x7f3634699000, 1048576 [pid 5016] getdents64(4, [pid 5840] <... prctl resumed>) = 0 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5016] close(4 [pid 5840] setpgid(0, 0 [pid 5016] <... close resumed>) = 0 [pid 5840] <... setpgid resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5016] rmdir("\x2e\x2f\x31\x33\x32\x2f\x2e\x02" [pid 5839] <... munmap resumed>) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5016] <... rmdir resumed>) = 0 [pid 5840] write(3, "1000", 4 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5016] getdents64(3, [pid 5840] <... write resumed>) = 4 [pid 5840] close(3 [pid 5839] <... openat resumed>) = 4 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5840] <... close resumed>) = 0 [pid 5839] ioctl(4, LOOP_SET_FD, 3 [pid 5837] <... mount resumed>) = 0 [pid 5016] close(3 [pid 5839] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] symlink("/dev/binderfs", "./binderfs" [pid 5016] <... close resumed>) = 0 [pid 5837] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5837] chdir("\x2e\x02" [pid 5836] munmap(0x7f362c399000, 2097152 [pid 5840] <... symlink resumed>) = 0 [pid 5839] ioctl(4, LOOP_CLR_FD [pid 5837] <... chdir resumed>) = 0 [pid 5016] rmdir("./132" [pid 5837] ioctl(4, LOOP_CLR_FD [pid 5839] <... ioctl resumed>) = 0 [pid 5837] <... ioctl resumed>) = 0 [pid 5840] memfd_create("syzkaller", 0 [pid 5837] close(4 [pid 5016] <... rmdir resumed>) = 0 [pid 5837] <... close resumed>) = 0 [pid 5837] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5016] mkdir("./133", 0777 [pid 5840] <... memfd_create resumed>) = 3 [pid 5840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5837] <... open resumed>) = 4 [pid 5836] <... munmap resumed>) = 0 [pid 5016] <... mkdir resumed>) = 0 [pid 5837] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5840] <... mmap resumed>) = 0x7f3634699000 [pid 5839] ioctl(4, LOOP_SET_FD, 3 [pid 5837] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [ 160.819883][ T5838] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 160.848383][ T27] audit: type=1800 audit(1692541364.508:805): pid=5837 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop5" ino=851 res=0 errno=0 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5840] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5839] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5837] <... open resumed>) = 5 [pid 5836] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5016] <... openat resumed>) = 3 [pid 5837] openat(AT_FDCWD, NULL, O_RDWR [pid 5836] <... openat resumed>) = 7 [pid 5839] close(4 [pid 5837] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5836] ioctl(7, LOOP_SET_FD, 6 [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5839] <... close resumed>) = 0 [pid 5837] ftruncate(-1, 2 [pid 5836] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5839] close(3 [pid 5837] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5836] ioctl(7, LOOP_CLR_FD [pid 5016] close(3 [pid 5837] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5836] <... ioctl resumed>) = 0 [pid 5837] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5837] memfd_create("syzkaller", 0 [pid 5016] <... close resumed>) = 0 [pid 5837] <... memfd_create resumed>) = 6 [pid 5836] ioctl(7, LOOP_SET_FD, 6 [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5836] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5837] <... mmap resumed>) = 0x7f362c399000 [pid 5836] close(7 [pid 5839] <... close resumed>) = 0 [pid 5836] <... close resumed>) = 0 [pid 5836] close(6 [pid 5839] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5841 [pid 5839] <... open resumed>) = 3 [pid 5839] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5839] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c./strace-static-x86_64: Process 5841 attached [pid 5841] set_robust_list(0x555557506760, 24) = 0 [pid 5841] chdir("./133" [pid 5839] <... open resumed>) = 4 [pid 5839] openat(AT_FDCWD, NULL, O_RDWR [pid 5841] <... chdir resumed>) = 0 [pid 5841] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5841] <... prctl resumed>) = 0 [pid 5839] ftruncate(-1, 2 [pid 5841] setpgid(0, 0 [pid 5839] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5836] <... close resumed>) = 0 [pid 5841] <... setpgid resumed>) = 0 [ 160.882787][ T5838] UDF-fs: Scanning with blocksize 512 failed [pid 5839] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 5841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5840] <... write resumed>) = 1048576 [pid 5839] <... mmap resumed>) = 0x20000000 [pid 5841] <... openat resumed>) = 3 [pid 5841] write(3, "1000", 4) = 4 [pid 5836] exit_group(0 [pid 5841] close(3 [pid 5836] <... exit_group resumed>) = ? [pid 5841] <... close resumed>) = 0 [pid 5836] +++ exited with 0 +++ [pid 5841] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5841] memfd_create("syzkaller", 0) = 3 [pid 5841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5841] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5839] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5836, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5839] memfd_create("syzkaller", 0 [pid 5017] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5839] <... memfd_create resumed>) = 5 [pid 5017] umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] munmap(0x7f3634699000, 1048576 [pid 5017] openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] <... mmap resumed>) = 0x7f362c399000 [pid 5017] <... openat resumed>) = 3 [pid 5017] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(AT_FDCWD, "./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] unlink("./131/binderfs" [pid 5838] <... mount resumed>) = 0 [pid 5017] <... unlink resumed>) = 0 [pid 5017] umount2("\x2e\x2f\x31\x33\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5838] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5017] <... umount2 resumed>) = 0 [pid 5838] chdir("\x2e\x02" [pid 5840] <... munmap resumed>) = 0 [pid 5838] <... chdir resumed>) = 0 [pid 5837] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5838] ioctl(4, LOOP_CLR_FD) = 0 [pid 5838] close(4) = 0 [pid 5838] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5840] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5838] <... open resumed>) = 4 [pid 5838] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5840] <... openat resumed>) = 4 [pid 5838] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5838] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5838] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5838] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5017] umount2("\x2e\x2f\x31\x33\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5840] ioctl(4, LOOP_SET_FD, 3 [pid 5838] <... mmap resumed>) = 0x20000000 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x31\x2f\x2e\x02", [pid 5838] <... open resumed>) = -1 EFAULT (Bad address) [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 160.936272][ T5838] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 160.938082][ T27] audit: type=1800 audit(1692541364.568:806): pid=5839 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="sda1" ino=1946 res=0 errno=0 [pid 5841] <... write resumed>) = 1048576 [pid 5838] memfd_create("syzkaller", 0 [pid 5017] umount2("\x2e\x2f\x31\x33\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5838] <... memfd_create resumed>) = 6 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x31\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5838] <... mmap resumed>) = 0x7f362c399000 [pid 5017] <... openat resumed>) = 4 [pid 5840] <... ioctl resumed>) = 0 [pid 5017] newfstatat(4, "", [pid 5841] munmap(0x7f3634699000, 1048576 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] <... munmap resumed>) = 0 [pid 5840] close(3 [pid 5017] getdents64(4, [pid 5840] <... close resumed>) = 0 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5017] getdents64(4, [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5841] <... openat resumed>) = 4 [pid 5017] close(4 [pid 5841] ioctl(4, LOOP_SET_FD, 3 [pid 5017] <... close resumed>) = 0 [pid 5840] mkdir("\x2e\x02", 0777 [pid 5839] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5017] rmdir("\x2e\x2f\x31\x33\x31\x2f\x2e\x02") = 0 [pid 5017] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5017] close(3 [pid 5840] <... mkdir resumed>) = 0 [pid 5017] <... close resumed>) = 0 [pid 5017] rmdir("./131") = 0 [pid 5017] mkdir("./132", 0777) = 0 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5017] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5017] close(3) = 0 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5842 [pid 5841] <... ioctl resumed>) = 0 [pid 5841] close(3) = 0 [pid 5841] mkdir("\x2e\x02", 0777) = 0 ./strace-static-x86_64: Process 5842 attached [pid 5841] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5842] set_robust_list(0x555557506760, 24) = 0 [ 161.008918][ T5840] loop4: detected capacity change from 0 to 2048 [ 161.046708][ T5841] loop2: detected capacity change from 0 to 2048 [pid 5842] chdir("./132") = 0 [pid 5842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5842] setpgid(0, 0) = 0 [pid 5842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5837] <... write resumed>) = 2097152 [pid 5842] write(3, "1000", 4) = 4 [pid 5842] close(3) = 0 [pid 5842] symlink("/dev/binderfs", "./binderfs") = 0 [ 161.075556][ T5840] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 161.084792][ T5840] UDF-fs: Scanning with blocksize 512 failed [ 161.087466][ T5841] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [pid 5842] memfd_create("syzkaller", 0) = 3 [pid 5842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5842] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5837] munmap(0x7f362c399000, 2097152) = 0 [pid 5837] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 7 [pid 5837] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5837] ioctl(7, LOOP_CLR_FD) = 0 [pid 5837] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5837] close(7) = 0 [pid 5837] close(6 [pid 5839] <... write resumed>) = 2097152 [pid 5838] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5839] munmap(0x7f362c399000, 2097152 [pid 5842] <... write resumed>) = 1048576 [pid 5839] <... munmap resumed>) = 0 [ 161.114803][ T27] audit: type=1800 audit(1692541364.658:807): pid=5838 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop1" ino=851 res=0 errno=0 [ 161.138142][ T5840] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5840] <... mount resumed>) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5840] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5839] <... openat resumed>) = 6 [pid 5837] <... close resumed>) = 0 [pid 5842] munmap(0x7f3634699000, 1048576 [pid 5841] <... mount resumed>) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5839] ioctl(6, LOOP_SET_FD, 5 [pid 5840] chdir("\x2e\x02" [pid 5839] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5841] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5840] <... chdir resumed>) = 0 [pid 5839] ioctl(6, LOOP_CLR_FD [pid 5840] ioctl(4, LOOP_CLR_FD [pid 5839] <... ioctl resumed>) = 0 [pid 5841] <... openat resumed>) = 3 [pid 5840] <... ioctl resumed>) = 0 [pid 5841] chdir("\x2e\x02" [pid 5840] close(4 [pid 5842] <... munmap resumed>) = 0 [pid 5841] <... chdir resumed>) = 0 [pid 5840] <... close resumed>) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5841] ioctl(4, LOOP_CLR_FD [pid 5840] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5839] ioctl(6, LOOP_SET_FD, 5 [pid 5841] <... ioctl resumed>) = 0 [ 161.169958][ T5841] UDF-fs: Scanning with blocksize 512 failed [ 161.180735][ T5841] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5842] <... openat resumed>) = 4 [pid 5841] close(4 [pid 5839] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5840] <... open resumed>) = 4 [pid 5837] exit_group(0) = ? [pid 5837] +++ exited with 0 +++ [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5837, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5839] close(6 [pid 5842] ioctl(4, LOOP_SET_FD, 3 [pid 5841] <... close resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5841] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5839] close(5 [pid 5841] <... open resumed>) = 4 [pid 5841] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5841] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5841] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5841] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5841] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5841] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5841] memfd_create("syzkaller", 0) = 6 [pid 5841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5842] <... ioctl resumed>) = 0 [pid 5840] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5842] close(3 [pid 5840] <... mount resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5838] <... write resumed>) = 2097152 [pid 5842] <... close resumed>) = 0 [pid 5839] exit_group(0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] mkdir("\x2e\x02", 0777 [pid 5840] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5839] <... exit_group resumed>) = ? [pid 5019] openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] <... mkdir resumed>) = 0 [pid 5840] <... open resumed>) = 5 [pid 5842] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5840] openat(AT_FDCWD, NULL, O_RDWR [pid 5839] +++ exited with 0 +++ [pid 5019] <... openat resumed>) = 3 [pid 5840] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5838] munmap(0x7f362c399000, 2097152 [ 161.207245][ T27] audit: type=1800 audit(1692541364.868:808): pid=5840 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop4" ino=851 res=0 errno=0 [ 161.229028][ T5842] loop3: detected capacity change from 0 to 2048 [ 161.246038][ T27] audit: type=1800 audit(1692541364.908:809): pid=5841 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop2" ino=851 res=0 errno=0 [pid 5019] newfstatat(3, "", [pid 5840] ftruncate(-1, 2 [pid 5838] <... munmap resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5840] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] getdents64(3, [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5839, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=6 /* 0.06 s */} --- [pid 5840] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5838] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 7 [pid 5838] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5838] ioctl(7, LOOP_CLR_FD) = 0 [pid 5014] restart_syscall(<... resuming interrupted clone ...> [pid 5838] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5840] <... mmap resumed>) = 0x20000000 [pid 5840] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5838] close(7 [pid 5019] umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... restart_syscall resumed>) = 0 [pid 5840] <... open resumed>) = -1 EFAULT (Bad address) [pid 5838] <... close resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5838] close(6 [pid 5841] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5840] memfd_create("syzkaller", 0 [pid 5019] newfstatat(AT_FDCWD, "./136/binderfs", [pid 5840] <... memfd_create resumed>) = 6 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5014] umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5841] <... write resumed>) = 2097152 [pid 5840] <... mmap resumed>) = 0x7f362c399000 [pid 5019] unlink("./136/binderfs" [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... mount resumed>) = 0 [pid 5841] munmap(0x7f362c399000, 2097152 [pid 5019] <... unlink resumed>) = 0 [pid 5014] openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5841] <... munmap resumed>) = 0 [pid 5838] <... close resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x33\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... openat resumed>) = 3 [pid 5842] <... openat resumed>) = 3 [pid 5841] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5838] exit_group(0 [pid 5014] newfstatat(3, "", [pid 5842] chdir("\x2e\x02" [pid 5841] <... openat resumed>) = 7 [ 161.279770][ T5842] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 161.292834][ T5842] UDF-fs: Scanning with blocksize 512 failed [ 161.316377][ T5842] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5838] <... exit_group resumed>) = ? [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5842] <... chdir resumed>) = 0 [pid 5841] ioctl(7, LOOP_SET_FD, 6 [pid 5014] getdents64(3, [pid 5842] ioctl(4, LOOP_CLR_FD [pid 5841] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5838] +++ exited with 0 +++ [pid 5019] <... umount2 resumed>) = 0 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5842] <... ioctl resumed>) = 0 [pid 5841] ioctl(7, LOOP_CLR_FD [pid 5014] umount2("./133/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5842] close(4 [pid 5841] <... ioctl resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x33\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... umount2 resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5838, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- [pid 5014] umount2("./133/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5014] newfstatat(AT_FDCWD, "./133/bus", [pid 5842] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] <... open resumed>) = 4 [pid 5841] ioctl(7, LOOP_SET_FD, 6 [pid 5840] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x36\x2f\x2e\x02", [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5842] <... mount resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x33\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... openat resumed>) = 3 [pid 5842] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5841] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(3, "", [pid 5842] <... open resumed>) = 5 [pid 5841] close(7 [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] unlink("./133/bus" [pid 5842] openat(AT_FDCWD, NULL, O_RDWR [pid 5841] <... close resumed>) = 0 [pid 5019] <... openat resumed>) = 4 [pid 5015] getdents64(3, [pid 5842] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5841] close(6 [pid 5019] newfstatat(4, "", [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] <... unlink resumed>) = 0 [pid 5842] ftruncate(-1, 2 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5842] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] getdents64(4, [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5842] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] newfstatat(AT_FDCWD, "./134/binderfs", [pid 5842] <... mmap resumed>) = 0x20000000 [pid 5019] getdents64(4, [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] unlink("./134/binderfs" [pid 5842] <... open resumed>) = -1 EFAULT (Bad address) [pid 5841] <... close resumed>) = 0 [pid 5019] close(4 [pid 5015] <... unlink resumed>) = 0 [pid 5014] newfstatat(AT_FDCWD, "./133/binderfs", [pid 5842] memfd_create("syzkaller", 0 [pid 5841] exit_group(0 [pid 5019] <... close resumed>) = 0 [ 161.388014][ T27] audit: type=1800 audit(1692541365.048:810): pid=5842 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop3" ino=851 res=0 errno=0 [pid 5015] umount2("\x2e\x2f\x31\x33\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5842] <... memfd_create resumed>) = 6 [pid 5841] <... exit_group resumed>) = ? [pid 5019] rmdir("\x2e\x2f\x31\x33\x36\x2f\x2e\x02" [pid 5015] <... umount2 resumed>) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5842] <... mmap resumed>) = 0x7f362c399000 [pid 5841] +++ exited with 0 +++ [pid 5019] getdents64(3, [pid 5015] umount2("\x2e\x2f\x31\x33\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] unlink("./133/binderfs" [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5841, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 5019] close(3 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... unlink resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5014] getdents64(3, [pid 5019] rmdir("./136" [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x34\x2f\x2e\x02", [pid 5019] <... rmdir resumed>) = 0 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5019] mkdir("./137", 0777 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] <... mkdir resumed>) = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5015] umount2("\x2e\x2f\x31\x33\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... openat resumed>) = 3 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5015] <... openat resumed>) = 4 [pid 5019] close(3 [pid 5015] newfstatat(4, "", [pid 5019] <... close resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5015] getdents64(4, [pid 5840] <... write resumed>) = 2097152 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5014] close(3 [pid 5840] munmap(0x7f362c399000, 2097152 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5843 [pid 5015] getdents64(4, [pid 5016] umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5014] <... close resumed>) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] close(4 [pid 5016] openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] <... close resumed>) = 0 [pid 5014] rmdir("./133" [pid 5016] <... openat resumed>) = 3 [pid 5015] rmdir("\x2e\x2f\x31\x33\x34\x2f\x2e\x02"./strace-static-x86_64: Process 5843 attached [pid 5016] newfstatat(3, "", [pid 5015] <... rmdir resumed>) = 0 [pid 5014] <... rmdir resumed>) = 0 [pid 5843] set_robust_list(0x555557506760, 24 [pid 5840] <... munmap resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] getdents64(3, [pid 5014] mkdir("./134", 0777 [pid 5843] <... set_robust_list resumed>) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5016] getdents64(3, [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5843] chdir("./137" [pid 5840] <... openat resumed>) = 7 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] close(3 [pid 5014] <... mkdir resumed>) = 0 [pid 5843] <... chdir resumed>) = 0 [pid 5840] ioctl(7, LOOP_SET_FD, 6 [pid 5016] umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... close resumed>) = 0 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5843] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5015] rmdir("./134" [pid 5843] <... prctl resumed>) = 0 [pid 5015] <... rmdir resumed>) = 0 [pid 5843] setpgid(0, 0 [pid 5015] mkdir("./135", 0777 [pid 5843] <... setpgid resumed>) = 0 [pid 5015] <... mkdir resumed>) = 0 [pid 5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5843] <... openat resumed>) = 3 [pid 5840] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... openat resumed>) = 3 [pid 5014] <... openat resumed>) = 3 [pid 5843] write(3, "1000", 4 [pid 5840] ioctl(7, LOOP_CLR_FD [pid 5016] newfstatat(AT_FDCWD, "./133/binderfs", [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5014] ioctl(3, LOOP_CLR_FD [pid 5843] <... write resumed>) = 4 [pid 5840] <... ioctl resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5843] close(3 [pid 5842] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5016] unlink("./133/binderfs" [pid 5015] close(3 [pid 5014] <... ioctl resumed>) = 0 [pid 5843] <... close resumed>) = 0 [pid 5016] <... unlink resumed>) = 0 [pid 5015] <... close resumed>) = 0 [pid 5014] close(3 [pid 5843] symlink("/dev/binderfs", "./binderfs" [pid 5840] ioctl(7, LOOP_SET_FD, 6 [pid 5016] umount2("\x2e\x2f\x31\x33\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... close resumed>) = 0 [pid 5843] <... symlink resumed>) = 0 [pid 5840] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5840] close(7./strace-static-x86_64: Process 5845 attached ./strace-static-x86_64: Process 5844 attached [pid 5843] memfd_create("syzkaller", 0 [pid 5842] <... write resumed>) = 2097152 [pid 5840] <... close resumed>) = 0 [pid 5016] <... umount2 resumed>) = 0 [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 5844 [pid 5840] close(6 [pid 5845] set_robust_list(0x555557506760, 24 [pid 5844] set_robust_list(0x555557506760, 24 [pid 5843] <... memfd_create resumed>) = 3 [pid 5842] munmap(0x7f362c399000, 2097152 [pid 5840] <... close resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x33\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5845 [pid 5845] <... set_robust_list resumed>) = 0 [pid 5844] <... set_robust_list resumed>) = 0 [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5842] <... munmap resumed>) = 0 [pid 5840] exit_group(0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] chdir("./135" [pid 5844] chdir("./134" [pid 5843] <... mmap resumed>) = 0x7f3634699000 [pid 5842] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5840] <... exit_group resumed>) = ? [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x33\x2f\x2e\x02", [pid 5845] <... chdir resumed>) = 0 [pid 5844] <... chdir resumed>) = 0 [pid 5843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5842] <... openat resumed>) = 7 [pid 5845] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5844] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5843] <... write resumed>) = 1048576 [pid 5842] ioctl(7, LOOP_SET_FD, 6 [pid 5840] +++ exited with 0 +++ [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] <... prctl resumed>) = 0 [pid 5844] <... prctl resumed>) = 0 [pid 5842] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5840, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5016] umount2("\x2e\x2f\x31\x33\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5845] setpgid(0, 0 [pid 5844] setpgid(0, 0 [pid 5842] ioctl(7, LOOP_CLR_FD [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] <... setpgid resumed>) = 0 [pid 5844] <... setpgid resumed>) = 0 [pid 5842] <... ioctl resumed>) = 0 [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x33\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5845] <... openat resumed>) = 3 [pid 5844] <... openat resumed>) = 3 [pid 5845] write(3, "1000", 4 [pid 5844] write(3, "1000", 4 [pid 5845] <... write resumed>) = 4 [pid 5844] <... write resumed>) = 4 [pid 5845] close(3 [pid 5844] close(3 [pid 5842] ioctl(7, LOOP_SET_FD, 6 [pid 5845] <... close resumed>) = 0 [pid 5844] <... close resumed>) = 0 [pid 5842] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5016] <... openat resumed>) = 4 [pid 5845] symlink("/dev/binderfs", "./binderfs" [pid 5844] symlink("/dev/binderfs", "./binderfs" [pid 5843] munmap(0x7f3634699000, 1048576 [pid 5842] close(7 [pid 5016] newfstatat(4, "", [pid 5845] <... symlink resumed>) = 0 [pid 5844] <... symlink resumed>) = 0 [pid 5842] <... close resumed>) = 0 [pid 5845] memfd_create("syzkaller", 0 [pid 5844] memfd_create("syzkaller", 0 [pid 5842] close(6 [pid 5845] <... memfd_create resumed>) = 3 [pid 5844] <... memfd_create resumed>) = 3 [pid 5843] <... munmap resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5018] umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] getdents64(4, [pid 5845] <... mmap resumed>) = 0x7f3634699000 [pid 5844] <... mmap resumed>) = 0x7f3634699000 [pid 5843] <... openat resumed>) = 4 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5842] <... close resumed>) = 0 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5843] ioctl(4, LOOP_SET_FD, 3 [pid 5018] openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] getdents64(4, [pid 5844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5018] <... openat resumed>) = 3 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5842] exit_group(0 [pid 5018] newfstatat(3, "", [pid 5016] close(4 [pid 5843] <... ioctl resumed>) = 0 [pid 5842] <... exit_group resumed>) = ? [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... close resumed>) = 0 [pid 5843] close(3 [pid 5018] getdents64(3, [pid 5016] rmdir("\x2e\x2f\x31\x33\x33\x2f\x2e\x02" [pid 5845] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5843] <... close resumed>) = 0 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] <... rmdir resumed>) = 0 [pid 5843] mkdir("\x2e\x02", 0777 [pid 5018] umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] getdents64(3, [pid 5843] <... mkdir resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5843] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5018] newfstatat(AT_FDCWD, "./135/binderfs", [pid 5016] close(3 [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... close resumed>) = 0 [pid 5018] unlink("./135/binderfs" [ 161.633200][ T5843] loop5: detected capacity change from 0 to 2048 [ 161.666260][ T5843] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 161.673967][ T5843] UDF-fs: Scanning with blocksize 512 failed [pid 5016] rmdir("./133" [pid 5018] <... unlink resumed>) = 0 [pid 5016] <... rmdir resumed>) = 0 [pid 5845] <... write resumed>) = 1048576 [pid 5844] <... write resumed>) = 1048576 [pid 5842] +++ exited with 0 +++ [pid 5018] umount2("\x2e\x2f\x31\x33\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5845] munmap(0x7f3634699000, 1048576 [pid 5844] munmap(0x7f3634699000, 1048576 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5842, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5845] <... munmap resumed>) = 0 [pid 5844] <... munmap resumed>) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5844] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5845] <... openat resumed>) = 4 [pid 5844] <... openat resumed>) = 4 [pid 5845] ioctl(4, LOOP_SET_FD, 3 [pid 5844] ioctl(4, LOOP_SET_FD, 3 [pid 5016] mkdir("./134", 0777 [pid 5017] umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5016] <... mkdir resumed>) = 0 [pid 5017] openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5017] <... openat resumed>) = 3 [pid 5017] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... openat resumed>) = 3 [pid 5017] getdents64(3, [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5018] <... umount2 resumed>) = 0 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5845] <... ioctl resumed>) = 0 [pid 5844] <... ioctl resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x33\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] close(3 [pid 5845] close(3 [pid 5844] close(3 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... close resumed>) = 0 [pid 5017] newfstatat(AT_FDCWD, "./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] unlink("./132/binderfs" [pid 5845] <... close resumed>) = 0 [pid 5844] <... close resumed>) = 0 [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x35\x2f\x2e\x02", [pid 5017] <... unlink resumed>) = 0 [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5017] umount2("\x2e\x2f\x31\x33\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5845] mkdir("\x2e\x02", 0777 [pid 5844] mkdir("\x2e\x02", 0777 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] <... umount2 resumed>) = 0 [pid 5017] umount2("\x2e\x2f\x31\x33\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x32\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] umount2("\x2e\x2f\x31\x33\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5845] <... mkdir resumed>) = 0 [pid 5017] <... openat resumed>) = 4 [pid 5017] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] getdents64(4, [pid 5844] <... mkdir resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x33\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5846 [pid 5845] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5844] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x35\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] close(4 [pid 5018] <... openat resumed>) = 4 [pid 5017] <... close resumed>) = 0 [pid 5018] newfstatat(4, "", [ 161.681670][ T5845] loop1: detected capacity change from 0 to 2048 [ 161.688517][ T5844] loop0: detected capacity change from 0 to 2048 [ 161.715983][ T5843] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5017] rmdir("\x2e\x2f\x31\x33\x32\x2f\x2e\x02" [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] <... rmdir resumed>) = 0 [pid 5018] getdents64(4, [pid 5017] getdents64(3, [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5017] close(3) = 0 [pid 5017] rmdir("./132") = 0 [pid 5017] mkdir("./133", 0777) = 0 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5017] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5017] close(3 [pid 5018] getdents64(4, [pid 5017] <... close resumed>) = 0 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5843] <... mount resumed>) = 0 [pid 5843] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5847 [pid 5843] <... openat resumed>) = 3 [pid 5843] chdir("\x2e\x02") = 0 [pid 5843] ioctl(4, LOOP_CLR_FD) = 0 [ 161.747808][ T5845] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 161.756038][ T5844] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 161.764324][ T5844] UDF-fs: Scanning with blocksize 512 failed [ 161.781372][ T5845] UDF-fs: Scanning with blocksize 512 failed [pid 5843] close(4./strace-static-x86_64: Process 5846 attached ) = 0 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5843] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5843] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL./strace-static-x86_64: Process 5847 attached ) = 0 [pid 5847] set_robust_list(0x555557506760, 24 [pid 5846] set_robust_list(0x555557506760, 24 [pid 5843] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5018] close(4 [pid 5847] <... set_robust_list resumed>) = 0 [pid 5847] chdir("./133" [pid 5843] <... open resumed>) = 5 [pid 5847] <... chdir resumed>) = 0 [pid 5843] openat(AT_FDCWD, NULL, O_RDWR [pid 5847] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5843] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5847] <... prctl resumed>) = 0 [pid 5843] ftruncate(-1, 2 [pid 5847] setpgid(0, 0 [pid 5843] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5847] <... setpgid resumed>) = 0 [pid 5843] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5843] <... mmap resumed>) = 0x20000000 [pid 5847] <... openat resumed>) = 3 [pid 5843] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5847] write(3, "1000", 4 [pid 5843] <... open resumed>) = -1 EFAULT (Bad address) [pid 5847] <... write resumed>) = 4 [pid 5847] close(3) = 0 [pid 5847] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5847] memfd_create("syzkaller", 0) = 3 [pid 5847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5847] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5018] <... close resumed>) = 0 [pid 5846] <... set_robust_list resumed>) = 0 [pid 5843] memfd_create("syzkaller", 0 [pid 5846] chdir("./134" [pid 5843] <... memfd_create resumed>) = 6 [pid 5018] rmdir("\x2e\x2f\x31\x33\x35\x2f\x2e\x02" [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5846] <... chdir resumed>) = 0 [pid 5018] <... rmdir resumed>) = 0 [pid 5846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5018] getdents64(3, [pid 5846] setpgid(0, 0 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5846] <... setpgid resumed>) = 0 [pid 5018] close(3 [pid 5846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5018] <... close resumed>) = 0 [pid 5846] <... openat resumed>) = 3 [pid 5018] rmdir("./135") = 0 [pid 5846] write(3, "1000", 4) = 4 [pid 5018] mkdir("./136", 0777 [pid 5846] close(3 [pid 5844] <... mount resumed>) = 0 [pid 5018] <... mkdir resumed>) = 0 [pid 5844] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5846] <... close resumed>) = 0 [pid 5844] chdir("\x2e\x02" [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5844] <... chdir resumed>) = 0 [pid 5844] ioctl(4, LOOP_CLR_FD) = 0 [pid 5844] close(4 [pid 5847] <... write resumed>) = 1048576 [pid 5846] symlink("/dev/binderfs", "./binderfs" [pid 5844] <... close resumed>) = 0 [pid 5018] <... openat resumed>) = 3 [ 161.789948][ T5844] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 161.800096][ T27] audit: type=1800 audit(1692541365.458:811): pid=5843 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop5" ino=851 res=0 errno=0 [ 161.837061][ T5845] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5844] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5846] <... symlink resumed>) = 0 [pid 5844] <... open resumed>) = 4 [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5844] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5844] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5844] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5844] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5844] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5844] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5844] memfd_create("syzkaller", 0) = 6 [pid 5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5846] memfd_create("syzkaller", 0 [pid 5018] close(3 [pid 5847] munmap(0x7f3634699000, 1048576 [pid 5846] <... memfd_create resumed>) = 3 [pid 5845] <... mount resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5847] <... munmap resumed>) = 0 [pid 5846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5845] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5843] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5847] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5846] <... mmap resumed>) = 0x7f3634699000 [pid 5845] <... openat resumed>) = 3 [pid 5844] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5847] <... openat resumed>) = 4 [ 161.866462][ T27] audit: type=1800 audit(1692541365.528:812): pid=5844 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop0" ino=851 res=0 errno=0 [pid 5847] ioctl(4, LOOP_SET_FD, 3 [pid 5845] chdir("\x2e\x02") = 0 ./strace-static-x86_64: Process 5848 attached [pid 5848] set_robust_list(0x555557506760, 24) = 0 [pid 5848] chdir("./136") = 0 [pid 5848] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5845] ioctl(4, LOOP_CLR_FD [pid 5848] <... prctl resumed>) = 0 [pid 5848] setpgid(0, 0) = 0 [pid 5848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5845] <... ioctl resumed>) = 0 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5848 [pid 5845] close(4 [pid 5848] <... openat resumed>) = 3 [pid 5847] <... ioctl resumed>) = 0 [pid 5846] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5845] <... close resumed>) = 0 [pid 5844] <... write resumed>) = 2097152 [pid 5843] <... write resumed>) = 2097152 [pid 5848] write(3, "1000", 4 [pid 5847] close(3 [pid 5846] <... write resumed>) = 1048576 [pid 5845] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5843] munmap(0x7f362c399000, 2097152 [pid 5844] munmap(0x7f362c399000, 2097152 [pid 5847] <... close resumed>) = 0 [pid 5844] <... munmap resumed>) = 0 [pid 5843] <... munmap resumed>) = 0 [ 161.925455][ T5847] loop3: detected capacity change from 0 to 2048 [pid 5847] mkdir("\x2e\x02", 0777 [pid 5845] <... open resumed>) = 4 [pid 5844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5844] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5844] ioctl(7, LOOP_CLR_FD) = 0 [pid 5848] <... write resumed>) = 4 [pid 5848] close(3) = 0 [pid 5848] symlink("/dev/binderfs", "./binderfs" [pid 5844] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5844] close(7 [pid 5848] <... symlink resumed>) = 0 [pid 5847] <... mkdir resumed>) = 0 [pid 5846] munmap(0x7f3634699000, 1048576 [pid 5845] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5844] <... close resumed>) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5848] memfd_create("syzkaller", 0 [pid 5847] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5846] <... munmap resumed>) = 0 [pid 5845] <... mount resumed>) = 0 [pid 5843] <... openat resumed>) = 7 [pid 5844] close(6 [pid 5848] <... memfd_create resumed>) = 3 [pid 5846] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5845] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5844] <... close resumed>) = 0 [pid 5843] ioctl(7, LOOP_SET_FD, 6 [pid 5848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5846] <... openat resumed>) = 4 [pid 5845] <... open resumed>) = 5 [pid 5844] exit_group(0 [pid 5843] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5848] <... mmap resumed>) = 0x7f3634699000 [ 161.964997][ T27] audit: type=1800 audit(1692541365.628:813): pid=5845 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop1" ino=851 res=0 errno=0 [ 161.996541][ T5847] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 162.004230][ T5847] UDF-fs: Scanning with blocksize 512 failed [ 162.013969][ T5847] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5846] ioctl(4, LOOP_SET_FD, 3 [pid 5845] openat(AT_FDCWD, NULL, O_RDWR [pid 5844] <... exit_group resumed>) = ? [pid 5843] ioctl(7, LOOP_CLR_FD [pid 5848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5847] <... mount resumed>) = 0 [pid 5847] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5847] chdir("\x2e\x02") = 0 [pid 5847] ioctl(4, LOOP_CLR_FD) = 0 [pid 5847] close(4) = 0 [pid 5845] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5844] +++ exited with 0 +++ [pid 5843] <... ioctl resumed>) = 0 [pid 5847] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5844, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5847] <... open resumed>) = 4 [pid 5845] ftruncate(-1, 2 [pid 5847] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5845] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5847] <... mount resumed>) = 0 [pid 5845] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5014] umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5847] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5847] <... open resumed>) = 5 [pid 5014] openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] <... write resumed>) = 1048576 [pid 5847] openat(AT_FDCWD, NULL, O_RDWR [pid 5846] <... ioctl resumed>) = 0 [pid 5845] <... mmap resumed>) = 0x20000000 [pid 5843] ioctl(7, LOOP_SET_FD, 6 [pid 5014] <... openat resumed>) = 3 [pid 5848] munmap(0x7f3634699000, 1048576 [pid 5847] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5846] close(3 [pid 5845] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5843] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5014] newfstatat(3, "", [pid 5848] <... munmap resumed>) = 0 [pid 5847] ftruncate(-1, 2 [pid 5846] <... close resumed>) = 0 [pid 5845] <... open resumed>) = -1 EFAULT (Bad address) [pid 5843] close(7 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5847] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5846] mkdir("\x2e\x02", 0777 [pid 5845] memfd_create("syzkaller", 0 [pid 5843] <... close resumed>) = 0 [pid 5014] getdents64(3, [pid 5848] <... openat resumed>) = 4 [pid 5847] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5846] <... mkdir resumed>) = 0 [pid 5845] <... memfd_create resumed>) = 6 [ 162.016149][ T5846] loop2: detected capacity change from 0 to 2048 [pid 5843] close(6 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5848] ioctl(4, LOOP_SET_FD, 3 [pid 5847] <... mmap resumed>) = 0x20000000 [pid 5846] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5843] <... close resumed>) = 0 [pid 5014] umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5847] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5845] <... mmap resumed>) = 0x7f362c399000 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... ioctl resumed>) = 0 [pid 5847] <... open resumed>) = -1 EFAULT (Bad address) [pid 5843] exit_group(0 [pid 5014] newfstatat(AT_FDCWD, "./134/binderfs", [pid 5848] close(3 [pid 5847] memfd_create("syzkaller", 0 [pid 5843] <... exit_group resumed>) = ? [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] <... close resumed>) = 0 [pid 5847] <... memfd_create resumed>) = 6 [pid 5843] +++ exited with 0 +++ [pid 5014] unlink("./134/binderfs" [pid 5848] mkdir("\x2e\x02", 0777 [pid 5847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5843, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=10 /* 0.10 s */} --- [pid 5014] <... unlink resumed>) = 0 [pid 5848] <... mkdir resumed>) = 0 [pid 5847] <... mmap resumed>) = 0x7f362c399000 [ 162.072680][ T5848] loop4: detected capacity change from 0 to 2048 [ 162.094859][ T5846] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 162.104834][ T5846] UDF-fs: Scanning with blocksize 512 failed [pid 5014] umount2("\x2e\x2f\x31\x33\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5848] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5846] <... mount resumed>) = 0 [pid 5845] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5847] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2087093 [pid 5846] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5845] <... write resumed>) = 2097152 [pid 5848] <... mount resumed>) = 0 [pid 5019] umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... umount2 resumed>) = 0 [pid 5848] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... openat resumed>) = 3 [pid 5019] openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] chdir("\x2e\x02" [pid 5846] <... openat resumed>) = 3 [pid 5019] <... openat resumed>) = 3 [pid 5014] umount2("\x2e\x2f\x31\x33\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5848] <... chdir resumed>) = 0 [pid 5019] newfstatat(3, "", [pid 5848] ioctl(4, LOOP_CLR_FD [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] <... ioctl resumed>) = 0 [pid 5019] getdents64(3, [pid 5848] close(4 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5846] chdir("\x2e\x02" [pid 5848] <... close resumed>) = 0 [pid 5019] umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... open resumed>) = 4 [pid 5019] newfstatat(AT_FDCWD, "./137/binderfs", [pid 5848] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] <... mount resumed>) = 0 [pid 5019] unlink("./137/binderfs" [pid 5848] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5019] <... unlink resumed>) = 0 [pid 5848] <... open resumed>) = 5 [pid 5019] umount2("\x2e\x2f\x31\x33\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5848] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5848] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5848] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5846] <... chdir resumed>) = 0 [pid 5014] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x34\x2f\x2e\x02", [pid 5848] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5846] ioctl(4, LOOP_CLR_FD [pid 5848] <... open resumed>) = -1 EFAULT (Bad address) [pid 5846] <... ioctl resumed>) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] memfd_create("syzkaller", 0 [pid 5847] <... write resumed>) = 2087093 [pid 5846] close(4 [pid 5019] <... umount2 resumed>) = 0 [pid 5014] umount2("\x2e\x2f\x31\x33\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5848] <... memfd_create resumed>) = 6 [pid 5846] <... close resumed>) = 0 [pid 5845] munmap(0x7f362c399000, 2097152 [pid 5019] umount2("\x2e\x2f\x31\x33\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5846] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... mmap resumed>) = 0x7f362c399000 [ 162.125163][ T5846] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 162.145657][ T5848] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 162.153456][ T5848] UDF-fs: Scanning with blocksize 512 failed [ 162.163320][ T5848] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5014] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5847] munmap(0x7f362c399000, 2087093 [pid 5846] <... open resumed>) = 4 [pid 5845] <... munmap resumed>) = 0 [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x37\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5846] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5014] <... openat resumed>) = 4 [pid 5845] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5019] umount2("\x2e\x2f\x31\x33\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x37\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5019] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] getdents64(4, [pid 5847] <... munmap resumed>) = 0 [pid 5846] <... mount resumed>) = 0 [pid 5845] <... openat resumed>) = 7 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5014] newfstatat(4, "", [pid 5019] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5019] close(4) = 0 [pid 5019] rmdir("\x2e\x2f\x31\x33\x37\x2f\x2e\x02" [pid 5848] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5847] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5846] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5845] ioctl(7, LOOP_SET_FD, 6 [pid 5019] <... rmdir resumed>) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5847] <... openat resumed>) = 7 [pid 5846] <... open resumed>) = 5 [pid 5845] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] getdents64(3, [pid 5014] getdents64(4, [pid 5848] <... write resumed>) = 2097152 [pid 5847] ioctl(7, LOOP_SET_FD, 6 [pid 5846] openat(AT_FDCWD, NULL, O_RDWR [pid 5845] ioctl(7, LOOP_CLR_FD [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5848] munmap(0x7f362c399000, 2097152 [pid 5847] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5846] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5845] <... ioctl resumed>) = 0 [pid 5019] close(3 [pid 5014] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5847] ioctl(7, LOOP_CLR_FD [pid 5846] ftruncate(-1, 2 [pid 5019] <... close resumed>) = 0 [pid 5014] getdents64(4, [pid 5848] <... munmap resumed>) = 0 [pid 5847] <... ioctl resumed>) = 0 [pid 5846] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] rmdir("./137" [pid 5014] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5846] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5014] close(4 [pid 5848] <... openat resumed>) = 7 [pid 5019] mkdir("./138", 0777 [pid 5848] ioctl(7, LOOP_SET_FD, 6 [pid 5846] <... mmap resumed>) = 0x20000000 [pid 5845] ioctl(7, LOOP_SET_FD, 6 [pid 5019] <... mkdir resumed>) = 0 [pid 5014] <... close resumed>) = 0 [pid 5848] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5847] ioctl(7, LOOP_SET_FD, 6 [pid 5846] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5845] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5014] rmdir("\x2e\x2f\x31\x33\x34\x2f\x2e\x02" [pid 5848] ioctl(7, LOOP_CLR_FD [pid 5847] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5846] <... open resumed>) = -1 EFAULT (Bad address) [pid 5845] close(7 [pid 5019] <... openat resumed>) = 3 [pid 5014] <... rmdir resumed>) = 0 [pid 5848] <... ioctl resumed>) = 0 [pid 5847] close(7 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5847] <... close resumed>) = 0 [pid 5846] memfd_create("syzkaller", 0 [pid 5845] <... close resumed>) = 0 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5847] close(6 [pid 5019] close(3 [pid 5847] <... close resumed>) = 0 [pid 5846] <... memfd_create resumed>) = 6 [pid 5845] close(6 [pid 5019] <... close resumed>) = 0 [pid 5014] getdents64(3, [pid 5848] ioctl(7, LOOP_SET_FD, 6 [pid 5846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5848] close(7 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5849 [pid 5848] <... close resumed>) = 0 [pid 5848] close(6 [pid 5846] <... mmap resumed>) = 0x7f362c399000 [pid 5845] <... close resumed>) = 0 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5848] <... close resumed>) = 0 [pid 5848] exit_group(0) = ? [pid 5847] exit_group(0 [pid 5014] close(3./strace-static-x86_64: Process 5849 attached [pid 5848] +++ exited with 0 +++ [pid 5847] <... exit_group resumed>) = ? [pid 5845] exit_group(0 [pid 5014] <... close resumed>) = 0 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5848, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5014] rmdir("./134" [pid 5018] restart_syscall(<... resuming interrupted clone ...> [pid 5849] set_robust_list(0x555557506760, 24 [pid 5847] +++ exited with 0 +++ [pid 5845] <... exit_group resumed>) = ? [pid 5018] <... restart_syscall resumed>) = 0 [pid 5014] <... rmdir resumed>) = 0 [pid 5849] <... set_robust_list resumed>) = 0 [pid 5845] +++ exited with 0 +++ [pid 5014] mkdir("./135", 0777 [pid 5849] chdir("./138" [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5847, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5845, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- [pid 5849] <... chdir resumed>) = 0 [pid 5018] umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... mkdir resumed>) = 0 [pid 5849] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5849] <... prctl resumed>) = 0 [pid 5018] openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] setpgid(0, 0 [pid 5018] <... openat resumed>) = 3 [pid 5017] <... openat resumed>) = 3 [pid 5014] <... openat resumed>) = 3 [pid 5849] <... setpgid resumed>) = 0 [pid 5018] newfstatat(3, "", [pid 5017] newfstatat(3, "", [pid 5014] ioctl(3, LOOP_CLR_FD [pid 5849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5849] <... openat resumed>) = 3 [pid 5846] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5018] getdents64(3, [pid 5017] getdents64(3, [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... ioctl resumed>) = 0 [pid 5849] write(3, "1000", 4 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] close(3 [pid 5849] <... write resumed>) = 4 [pid 5018] umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... openat resumed>) = 3 [pid 5849] close(3 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(3, "", [pid 5014] <... close resumed>) = 0 [pid 5849] <... close resumed>) = 0 [pid 5018] newfstatat(AT_FDCWD, "./136/binderfs", [pid 5017] newfstatat(AT_FDCWD, "./133/binderfs", [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5849] symlink("/dev/binderfs", "./binderfs" [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] getdents64(3, [pid 5849] <... symlink resumed>) = 0 [pid 5018] unlink("./136/binderfs" [pid 5017] unlink("./133/binderfs" [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5849] memfd_create("syzkaller", 0 [pid 5018] <... unlink resumed>) = 0 [pid 5017] <... unlink resumed>) = 0 [pid 5015] umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 5850 [pid 5849] <... memfd_create resumed>) = 3 [pid 5018] umount2("\x2e\x2f\x31\x33\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] umount2("\x2e\x2f\x31\x33\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5850 attached [pid 5849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5846] <... write resumed>) = 2097152 [pid 5018] <... umount2 resumed>) = 0 [pid 5017] <... umount2 resumed>) = 0 [pid 5015] newfstatat(AT_FDCWD, "./135/binderfs", [pid 5850] set_robust_list(0x555557506760, 24 [pid 5849] <... mmap resumed>) = 0x7f3634699000 [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5850] <... set_robust_list resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x33\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] umount2("\x2e\x2f\x31\x33\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] unlink("./135/binderfs" [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... unlink resumed>) = 0 [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x36\x2f\x2e\x02", [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x33\x2f\x2e\x02", [pid 5015] umount2("\x2e\x2f\x31\x33\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] umount2("\x2e\x2f\x31\x33\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] umount2("\x2e\x2f\x31\x33\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5018] <... openat resumed>) = 4 [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x33\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5850] chdir("./135" [pid 5849] <... write resumed>) = 1048576 [pid 5846] munmap(0x7f362c399000, 2097152 [pid 5015] <... umount2 resumed>) = 0 [pid 5850] <... chdir resumed>) = 0 [pid 5846] <... munmap resumed>) = 0 [pid 5018] newfstatat(4, "", [pid 5017] <... openat resumed>) = 4 [pid 5850] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5846] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5850] <... prctl resumed>) = 0 [pid 5846] <... openat resumed>) = 7 [pid 5850] setpgid(0, 0 [pid 5846] ioctl(7, LOOP_SET_FD, 6 [pid 5850] <... setpgid resumed>) = 0 [pid 5846] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5846] ioctl(7, LOOP_CLR_FD [pid 5850] <... openat resumed>) = 3 [pid 5849] munmap(0x7f3634699000, 1048576 [pid 5846] <... ioctl resumed>) = 0 [pid 5850] write(3, "1000", 4 [pid 5849] <... munmap resumed>) = 0 [pid 5850] <... write resumed>) = 4 [pid 5850] close(3) = 0 [pid 5850] symlink("/dev/binderfs", "./binderfs" [pid 5849] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5850] <... symlink resumed>) = 0 [pid 5850] memfd_create("syzkaller", 0 [pid 5849] <... openat resumed>) = 4 [pid 5846] ioctl(7, LOOP_SET_FD, 6 [pid 5850] <... memfd_create resumed>) = 3 [pid 5849] ioctl(4, LOOP_SET_FD, 3 [pid 5846] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5846] close(7 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] newfstatat(4, "", [pid 5850] <... mmap resumed>) = 0x7f3634699000 [pid 5846] <... close resumed>) = 0 [pid 5018] getdents64(4, [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] umount2("\x2e\x2f\x31\x33\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5850] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5846] close(6 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5017] getdents64(4, [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5850] <... write resumed>) = 1048576 [pid 5849] <... ioctl resumed>) = 0 [pid 5846] <... close resumed>) = 0 [pid 5018] getdents64(4, [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x35\x2f\x2e\x02", [pid 5017] getdents64(4, [pid 5846] exit_group(0 [pid 5018] close(4 [pid 5849] close(3 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] <... close resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x33\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5849] <... close resumed>) = 0 [pid 5017] close(4 [pid 5846] <... exit_group resumed>) = ? [pid 5849] mkdir("\x2e\x02", 0777 [pid 5018] rmdir("\x2e\x2f\x31\x33\x36\x2f\x2e\x02" [pid 5017] <... close resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... rmdir resumed>) = 0 [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x35\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] rmdir("\x2e\x2f\x31\x33\x33\x2f\x2e\x02" [pid 5018] getdents64(3, [pid 5015] <... openat resumed>) = 4 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5017] <... rmdir resumed>) = 0 [pid 5015] newfstatat(4, "", [pid 5017] getdents64(3, [pid 5018] close(3 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] getdents64(4, [pid 5018] <... close resumed>) = 0 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5017] close(3 [pid 5018] rmdir("./136" [pid 5015] getdents64(4, [pid 5017] <... close resumed>) = 0 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] <... rmdir resumed>) = 0 [pid 5017] rmdir("./133" [pid 5015] close(4 [pid 5018] mkdir("./137", 0777 [pid 5849] <... mkdir resumed>) = 0 [pid 5018] <... mkdir resumed>) = 0 [pid 5017] <... rmdir resumed>) = 0 [pid 5015] <... close resumed>) = 0 [ 162.410745][ T5849] loop5: detected capacity change from 0 to 2048 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5017] mkdir("./134", 0777 [pid 5015] rmdir("\x2e\x2f\x31\x33\x35\x2f\x2e\x02" [pid 5849] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5018] <... openat resumed>) = 3 [pid 5018] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5850] munmap(0x7f3634699000, 1048576 [pid 5018] close(3 [pid 5850] <... munmap resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 5851 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5850] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5850] ioctl(4, LOOP_CLR_FD) = 0 [pid 5017] <... mkdir resumed>) = 0 [pid 5015] <... rmdir resumed>) = 0 [pid 5850] ioctl(4, LOOP_SET_FD, 3 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5015] getdents64(3, [pid 5850] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 5851 attached [pid 5850] close(4 [pid 5017] <... openat resumed>) = 3 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5015] close(3 [pid 5851] set_robust_list(0x555557506760, 24 [pid 5850] <... close resumed>) = 0 [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5015] <... close resumed>) = 0 [pid 5851] <... set_robust_list resumed>) = 0 [pid 5850] close(3 [pid 5017] close(3 [pid 5015] rmdir("./135" [pid 5851] chdir("./137") = 0 [pid 5851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5851] setpgid(0, 0) = 0 [pid 5850] <... close resumed>) = 0 [pid 5851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5017] <... close resumed>) = 0 [pid 5015] <... rmdir resumed>) = 0 [pid 5851] <... openat resumed>) = 3 [pid 5851] write(3, "1000", 4) = 4 [pid 5851] close(3) = 0 [pid 5851] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5851] memfd_create("syzkaller", 0) = 3 [pid 5851] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5850] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 3 [pid 5850] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5850] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5015] mkdir("./136", 0777 [pid 5850] <... open resumed>) = 4 [pid 5850] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5850] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5850] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5852 [pid 5015] <... mkdir resumed>) = 0 [pid 5850] <... mmap resumed>) = 0x20000000 [pid 5850] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5850] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [ 162.493404][ T5849] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 162.502966][ T5849] UDF-fs: Scanning with blocksize 512 failed [pid 5851] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5850] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5846] +++ exited with 0 +++ [pid 5015] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5852 attached [pid 5850] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5852] set_robust_list(0x555557506760, 24 [pid 5850] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5852] <... set_robust_list resumed>) = 0 [pid 5850] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5852] chdir("./134" [pid 5850] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5852] <... chdir resumed>) = 0 [pid 5850] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5852] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5850] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5852] <... prctl resumed>) = 0 [pid 5850] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5852] setpgid(0, 0 [pid 5850] memfd_create("syzkaller", 0 [pid 5852] <... setpgid resumed>) = 0 [pid 5850] <... memfd_create resumed>) = 5 [pid 5852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5852] <... openat resumed>) = 3 [pid 5850] <... mmap resumed>) = 0x7f362c399000 [pid 5852] write(3, "1000", 4 [pid 5850] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5846, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5852] <... write resumed>) = 4 [pid 5850] exit_group(0 [pid 5849] <... mount resumed>) = 0 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5852] close(3 [pid 5850] <... exit_group resumed>) = ? [pid 5849] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5015] close(3 [pid 5852] <... close resumed>) = 0 [pid 5850] +++ exited with 0 +++ [pid 5849] <... openat resumed>) = 3 [pid 5016] umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5852] symlink("/dev/binderfs", "./binderfs" [pid 5849] chdir("\x2e\x02" [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... close resumed>) = 0 [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5850, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5852] <... symlink resumed>) = 0 [pid 5849] <... chdir resumed>) = 0 [pid 5016] openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5852] memfd_create("syzkaller", 0 [pid 5849] ioctl(4, LOOP_CLR_FD [pid 5016] <... openat resumed>) = 3 [pid 5852] <... memfd_create resumed>) = 3 [pid 5849] <... ioctl resumed>) = 0 [pid 5016] newfstatat(3, "", [pid 5014] umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5849] close(4 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... mmap resumed>) = 0x7f3634699000 [pid 5849] <... close resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5853 [pid 5014] openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5852] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5849] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5016] getdents64(3, [pid 5014] <... openat resumed>) = 3 [pid 5849] <... open resumed>) = 4 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] newfstatat(3, "", [pid 5851] <... write resumed>) = 1048576 [pid 5849] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5016] umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] <... mount resumed>) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 162.536630][ T5849] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5014] getdents64(3, [pid 5849] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5016] newfstatat(AT_FDCWD, "./134/binderfs", [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5851] munmap(0x7f3634699000, 1048576 [pid 5849] <... open resumed>) = 5 [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] umount2("./135/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5853 attached [pid 5851] <... munmap resumed>) = 0 [pid 5849] openat(AT_FDCWD, NULL, O_RDWR [pid 5016] unlink("./134/binderfs" [pid 5014] <... umount2 resumed>) = 0 [pid 5853] set_robust_list(0x555557506760, 24 [pid 5851] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5849] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5016] <... unlink resumed>) = 0 [pid 5014] umount2("./135/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5853] <... set_robust_list resumed>) = 0 [pid 5851] <... openat resumed>) = 4 [pid 5849] ftruncate(-1, 2 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5853] chdir("./136" [pid 5851] ioctl(4, LOOP_SET_FD, 3 [pid 5014] newfstatat(AT_FDCWD, "./135/bus", [pid 5853] <... chdir resumed>) = 0 [pid 5851] <... ioctl resumed>) = 0 [pid 5849] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5016] umount2("\x2e\x2f\x31\x33\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5853] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5849] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5014] unlink("./135/bus" [pid 5853] <... prctl resumed>) = 0 [pid 5852] <... write resumed>) = 1048576 [pid 5849] <... mmap resumed>) = 0x20000000 [pid 5014] <... unlink resumed>) = 0 [pid 5853] setpgid(0, 0 [pid 5849] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5014] umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5853] <... setpgid resumed>) = 0 [pid 5849] <... open resumed>) = -1 EFAULT (Bad address) [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5014] newfstatat(AT_FDCWD, "./135/binderfs", [pid 5853] <... openat resumed>) = 3 [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5853] write(3, "1000", 4 [pid 5014] unlink("./135/binderfs" [pid 5853] <... write resumed>) = 4 [pid 5014] <... unlink resumed>) = 0 [pid 5853] close(3 [pid 5014] getdents64(3, [pid 5853] <... close resumed>) = 0 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5853] symlink("/dev/binderfs", "./binderfs" [pid 5014] close(3 [pid 5853] <... symlink resumed>) = 0 [pid 5014] <... close resumed>) = 0 [pid 5853] memfd_create("syzkaller", 0 [pid 5014] rmdir("./135" [pid 5853] <... memfd_create resumed>) = 3 [pid 5849] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5014] <... rmdir resumed>) = 0 [pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5852] munmap(0x7f3634699000, 1048576 [pid 5849] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5016] <... umount2 resumed>) = 0 [pid 5014] mkdir("./136", 0777 [pid 5853] <... mmap resumed>) = 0x7f3634699000 [pid 5852] <... munmap resumed>) = 0 [pid 5014] <... mkdir resumed>) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5849] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5016] umount2("\x2e\x2f\x31\x33\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5853] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5852] <... openat resumed>) = 4 [pid 5851] close(3 [pid 5849] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... openat resumed>) = 3 [ 162.606432][ T5851] loop4: detected capacity change from 0 to 2048 [pid 5852] ioctl(4, LOOP_SET_FD, 3 [pid 5851] <... close resumed>) = 0 [pid 5849] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x34\x2f\x2e\x02", [pid 5014] ioctl(3, LOOP_CLR_FD [pid 5851] mkdir("\x2e\x02", 0777 [pid 5849] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5851] <... mkdir resumed>) = 0 [pid 5849] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5016] umount2("\x2e\x2f\x31\x33\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] close(3 [pid 5851] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5849] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... close resumed>) = 0 [pid 5849] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5849] memfd_create("syzkaller", 0 [pid 5016] <... openat resumed>) = 4 [pid 5853] <... write resumed>) = 1048576 [pid 5849] <... memfd_create resumed>) = 6 [pid 5016] newfstatat(4, "", [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 5854 [pid 5853] munmap(0x7f3634699000, 1048576 [pid 5849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5853] <... munmap resumed>) = 0 [pid 5016] getdents64(4, ./strace-static-x86_64: Process 5854 attached [pid 5853] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5849] exit_group(0 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5854] set_robust_list(0x555557506760, 24 [pid 5853] <... openat resumed>) = 4 [pid 5849] <... exit_group resumed>) = ? [pid 5016] getdents64(4, [pid 5854] <... set_robust_list resumed>) = 0 [pid 5853] ioctl(4, LOOP_SET_FD, 3 [pid 5854] chdir("./136") = 0 [pid 5852] <... ioctl resumed>) = 0 [pid 5849] +++ exited with 0 +++ [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5852] close(3 [pid 5016] close(4 [pid 5854] <... prctl resumed>) = 0 [pid 5852] <... close resumed>) = 0 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5849, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5016] <... close resumed>) = 0 [pid 5854] setpgid(0, 0 [pid 5852] mkdir("\x2e\x02", 0777 [pid 5854] <... setpgid resumed>) = 0 [pid 5852] <... mkdir resumed>) = 0 [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5852] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5854] <... openat resumed>) = 3 [pid 5854] write(3, "1000", 4) = 4 [pid 5854] close(3) = 0 [ 162.650322][ T5852] loop3: detected capacity change from 0 to 2048 [ 162.666472][ T5851] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 162.674332][ T5851] UDF-fs: Scanning with blocksize 512 failed [pid 5019] restart_syscall(<... resuming interrupted clone ...> [pid 5854] symlink("/dev/binderfs", "./binderfs" [pid 5019] <... restart_syscall resumed>) = 0 [pid 5016] rmdir("\x2e\x2f\x31\x33\x34\x2f\x2e\x02" [pid 5854] <... symlink resumed>) = 0 [pid 5854] memfd_create("syzkaller", 0 [pid 5016] <... rmdir resumed>) = 0 [pid 5854] <... memfd_create resumed>) = 3 [pid 5019] umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] getdents64(3, [pid 5854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5853] <... ioctl resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5854] <... mmap resumed>) = 0x7f3634699000 [pid 5853] close(3 [pid 5019] openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] close(3 [pid 5854] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5853] <... close resumed>) = 0 [pid 5019] <... openat resumed>) = 3 [pid 5016] <... close resumed>) = 0 [pid 5853] mkdir("\x2e\x02", 0777 [pid 5019] newfstatat(3, "", [pid 5016] rmdir("./134" [pid 5853] <... mkdir resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] getdents64(3, [pid 5016] <... rmdir resumed>) = 0 [pid 5853] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5851] <... mount resumed>) = 0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] mkdir("./135", 0777 [pid 5019] umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... mkdir resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] newfstatat(AT_FDCWD, "./138/binderfs", [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... openat resumed>) = 3 [pid 5019] unlink("./138/binderfs" [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5854] <... write resumed>) = 1048576 [ 162.693998][ T5853] loop1: detected capacity change from 0 to 2048 [ 162.707260][ T5852] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 162.719949][ T5851] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 162.733446][ T5852] UDF-fs: Scanning with blocksize 512 failed [pid 5854] munmap(0x7f3634699000, 1048576) = 0 [pid 5019] <... unlink resumed>) = 0 [pid 5851] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5854] ioctl(4, LOOP_SET_FD, 3 [pid 5851] <... openat resumed>) = 3 [pid 5019] umount2("\x2e\x2f\x31\x33\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] close(3 [pid 5851] chdir("\x2e\x02" [pid 5016] <... close resumed>) = 0 [pid 5854] <... ioctl resumed>) = 0 [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5854] close(3) = 0 [pid 5854] mkdir("\x2e\x02", 0777) = 0 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5855 [pid 5854] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [pid 5019] <... umount2 resumed>) = 0 [pid 5852] <... mount resumed>) = 0 [pid 5851] <... chdir resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x33\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5852] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... openat resumed>) = 3 [pid 5851] ioctl(4, LOOP_CLR_FD [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x38\x2f\x2e\x02", [pid 5852] chdir("\x2e\x02" [pid 5851] <... ioctl resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 5855 attached [pid 5855] set_robust_list(0x555557506760, 24) = 0 [pid 5019] umount2("\x2e\x2f\x31\x33\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5852] <... chdir resumed>) = 0 [pid 5851] close(4 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5855] chdir("./135" [pid 5852] ioctl(4, LOOP_CLR_FD [pid 5851] <... close resumed>) = 0 [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5855] <... chdir resumed>) = 0 [pid 5852] <... ioctl resumed>) = 0 [pid 5851] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] <... openat resumed>) = 4 [pid 5855] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5852] close(4 [pid 5851] <... open resumed>) = 4 [pid 5019] newfstatat(4, "", [pid 5855] <... prctl resumed>) = 0 [pid 5852] <... close resumed>) = 0 [pid 5851] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 162.744792][ T5853] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 162.753134][ T5853] UDF-fs: Scanning with blocksize 512 failed [ 162.757030][ T5854] loop0: detected capacity change from 0 to 2048 [ 162.762578][ T5852] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 162.789379][ T5853] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5855] setpgid(0, 0 [pid 5852] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5851] <... mount resumed>) = 0 [pid 5019] getdents64(4, [pid 5855] <... setpgid resumed>) = 0 [pid 5851] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5852] <... open resumed>) = 4 [pid 5851] <... open resumed>) = 5 [pid 5019] getdents64(4, [pid 5855] <... openat resumed>) = 3 [pid 5852] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5851] openat(AT_FDCWD, NULL, O_RDWR [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5855] write(3, "1000", 4 [pid 5852] <... mount resumed>) = 0 [pid 5851] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5019] close(4 [pid 5855] <... write resumed>) = 4 [pid 5853] <... mount resumed>) = 0 [pid 5852] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5851] ftruncate(-1, 2 [pid 5019] <... close resumed>) = 0 [pid 5855] close(3 [pid 5853] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5852] <... open resumed>) = 5 [pid 5851] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] rmdir("\x2e\x2f\x31\x33\x38\x2f\x2e\x02" [pid 5855] <... close resumed>) = 0 [pid 5853] <... openat resumed>) = 3 [pid 5852] openat(AT_FDCWD, NULL, O_RDWR [pid 5851] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5855] symlink("/dev/binderfs", "./binderfs" [pid 5853] chdir("\x2e\x02" [pid 5852] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5855] <... symlink resumed>) = 0 [pid 5853] <... chdir resumed>) = 0 [pid 5852] ftruncate(-1, 2 [pid 5851] <... mmap resumed>) = 0x20000000 [pid 5019] getdents64(3, [pid 5855] memfd_create("syzkaller", 0 [pid 5853] ioctl(4, LOOP_CLR_FD [pid 5852] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5851] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5855] <... memfd_create resumed>) = 3 [pid 5853] <... ioctl resumed>) = 0 [pid 5852] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5851] <... open resumed>) = -1 EFAULT (Bad address) [pid 5019] close(3 [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5853] close(4 [pid 5855] <... mmap resumed>) = 0x7f3634699000 [pid 5853] <... close resumed>) = 0 [pid 5852] <... mmap resumed>) = 0x20000000 [pid 5019] <... close resumed>) = 0 [pid 5855] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5853] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5852] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5851] memfd_create("syzkaller", 0 [pid 5019] rmdir("./138" [pid 5855] <... write resumed>) = 1048576 [pid 5853] <... open resumed>) = 4 [ 162.821859][ T5854] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [pid 5852] <... open resumed>) = -1 EFAULT (Bad address) [pid 5851] <... memfd_create resumed>) = 6 [pid 5019] <... rmdir resumed>) = 0 [pid 5853] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5852] memfd_create("syzkaller", 0 [pid 5851] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] mkdir("./139", 0777 [pid 5853] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5852] <... memfd_create resumed>) = 6 [pid 5851] <... mmap resumed>) = 0x7f362c399000 [pid 5853] <... open resumed>) = 5 [pid 5852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] <... mkdir resumed>) = 0 [pid 5853] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5853] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5853] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5852] <... mmap resumed>) = 0x7f362c399000 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5853] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5853] memfd_create("syzkaller", 0) = 6 [pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5019] <... openat resumed>) = 3 [pid 5019] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5019] close(3) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 5856 [pid 5855] munmap(0x7f3634699000, 1048576./strace-static-x86_64: Process 5856 attached ) = 0 [pid 5856] set_robust_list(0x555557506760, 24) = 0 [pid 5855] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5856] chdir("./139" [pid 5855] <... openat resumed>) = 4 [pid 5856] <... chdir resumed>) = 0 [ 162.870762][ T5854] UDF-fs: Scanning with blocksize 512 failed [pid 5855] ioctl(4, LOOP_SET_FD, 3 [pid 5856] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5856] setpgid(0, 0) = 0 [pid 5856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5856] write(3, "1000", 4) = 4 [pid 5856] close(3) = 0 [pid 5856] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5856] memfd_create("syzkaller", 0) = 3 [pid 5853] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5852] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5851] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5855] <... ioctl resumed>) = 0 [pid 5855] close(3) = 0 [pid 5856] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5855] mkdir("\x2e\x02", 0777) = 0 [ 162.922457][ T5855] loop2: detected capacity change from 0 to 2048 [pid 5855] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5852] <... write resumed>) = 2097152 [pid 5856] <... write resumed>) = 1048576 [pid 5856] munmap(0x7f3634699000, 1048576) = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5856] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5856] close(3) = 0 [pid 5856] mkdir("\x2e\x02", 0777) = 0 [ 162.979749][ T5855] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 163.016464][ T5856] loop5: detected capacity change from 0 to 2048 [pid 5852] munmap(0x7f362c399000, 2097152 [pid 5851] <... write resumed>) = 2097152 [pid 5856] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5851] munmap(0x7f362c399000, 2097152 [pid 5852] <... munmap resumed>) = 0 [pid 5851] <... munmap resumed>) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5851] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5852] <... openat resumed>) = 7 [pid 5851] <... openat resumed>) = 7 [pid 5852] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5851] ioctl(7, LOOP_SET_FD, 6 [pid 5855] <... mount resumed>) = 0 [pid 5852] ioctl(7, LOOP_CLR_FD [pid 5851] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5855] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5852] <... ioctl resumed>) = 0 [pid 5851] ioctl(7, LOOP_CLR_FD [pid 5855] <... openat resumed>) = 3 [pid 5851] <... ioctl resumed>) = 0 [ 163.028283][ T5855] UDF-fs: Scanning with blocksize 512 failed [ 163.039190][ T5856] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 163.051274][ T5855] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 163.054596][ T5854] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 163.068839][ T5856] UDF-fs: Scanning with blocksize 512 failed [pid 5855] chdir("\x2e\x02" [pid 5853] <... write resumed>) = 2097152 [pid 5853] munmap(0x7f362c399000, 2097152) = 0 [pid 5855] <... chdir resumed>) = 0 [pid 5852] ioctl(7, LOOP_SET_FD, 6 [pid 5855] ioctl(4, LOOP_CLR_FD [pid 5852] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5855] <... ioctl resumed>) = 0 [pid 5856] <... mount resumed>) = 0 [pid 5852] close(7 [pid 5855] close(4 [pid 5853] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 7 [pid 5853] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5853] ioctl(7, LOOP_CLR_FD) = 0 [pid 5856] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5855] <... close resumed>) = 0 [pid 5852] <... close resumed>) = 0 [pid 5851] ioctl(7, LOOP_SET_FD, 6 [pid 5856] <... openat resumed>) = 3 [pid 5855] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5852] close(6 [pid 5851] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5856] chdir("\x2e\x02" [pid 5853] ioctl(7, LOOP_SET_FD, 6 [pid 5856] <... chdir resumed>) = 0 [pid 5853] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5856] ioctl(4, LOOP_CLR_FD [pid 5853] close(7 [pid 5856] <... ioctl resumed>) = 0 [pid 5853] <... close resumed>) = 0 [pid 5856] close(4 [pid 5853] close(6 [pid 5851] close(7 [pid 5856] <... close resumed>) = 0 [pid 5855] <... open resumed>) = 4 [pid 5853] <... close resumed>) = 0 [pid 5852] <... close resumed>) = 0 [pid 5851] <... close resumed>) = 0 [pid 5856] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5855] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5851] close(6 [pid 5855] <... mount resumed>) = 0 [pid 5856] <... open resumed>) = 4 [pid 5855] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5856] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5855] <... open resumed>) = 5 [pid 5855] openat(AT_FDCWD, NULL, O_RDWR [pid 5856] <... mount resumed>) = 0 [pid 5855] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5856] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5855] ftruncate(-1, 2 [pid 5852] exit_group(0 [pid 5851] <... close resumed>) = 0 [pid 5855] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5852] <... exit_group resumed>) = ? [pid 5855] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5856] <... open resumed>) = 5 [pid 5855] <... mmap resumed>) = 0x20000000 [pid 5855] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5856] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5856] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5856] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5856] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5855] memfd_create("syzkaller", 0 [pid 5856] memfd_create("syzkaller", 0 [pid 5855] <... memfd_create resumed>) = 6 [pid 5852] +++ exited with 0 +++ [pid 5851] exit_group(0 [pid 5856] <... memfd_create resumed>) = 6 [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5851] <... exit_group resumed>) = ? [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5852, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5855] <... mmap resumed>) = 0x7f362c399000 [pid 5856] <... mmap resumed>) = 0x7f362c399000 [pid 5853] exit_group(0) = ? [pid 5017] umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5853] +++ exited with 0 +++ [pid 5851] +++ exited with 0 +++ [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5853, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5851, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=10 /* 0.10 s */} --- [ 163.079878][ T5856] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 163.090675][ T5854] UDF-fs: Scanning with blocksize 1024 failed [ 163.117531][ T5854] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [pid 5018] restart_syscall(<... resuming interrupted clone ...> [pid 5017] <... openat resumed>) = 3 [pid 5018] <... restart_syscall resumed>) = 0 [pid 5017] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5018] openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5017] getdents64(3, [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(3, "", [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] getdents64(3, [pid 5015] <... openat resumed>) = 3 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] newfstatat(AT_FDCWD, "./134/binderfs", [pid 5015] newfstatat(3, "", [pid 5018] umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] unlink("./134/binderfs" [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] newfstatat(AT_FDCWD, "./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] <... unlink resumed>) = 0 [pid 5015] getdents64(3, [pid 5018] unlink("./137/binderfs" [pid 5017] umount2("\x2e\x2f\x31\x33\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... unlink resumed>) = 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5018] umount2("\x2e\x2f\x31\x33\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(AT_FDCWD, "./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] unlink("./136/binderfs") = 0 [pid 5017] <... umount2 resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x33\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] umount2("\x2e\x2f\x31\x33\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x34\x2f\x2e\x02", [pid 5856] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] <... umount2 resumed>) = 0 [pid 5017] umount2("\x2e\x2f\x31\x33\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5017] newfstatat(4, "", [pid 5018] umount2("\x2e\x2f\x31\x33\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] getdents64(4, [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [ 163.168833][ T5854] UDF-fs: Scanning with blocksize 2048 failed [pid 5017] getdents64(4, [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x37\x2f\x2e\x02", [pid 5855] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] <... umount2 resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] close(4 [pid 5015] umount2("\x2e\x2f\x31\x33\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] umount2("\x2e\x2f\x31\x33\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... close resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] rmdir("\x2e\x2f\x31\x33\x34\x2f\x2e\x02" [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x37\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] <... rmdir resumed>) = 0 [pid 5018] <... openat resumed>) = 4 [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x36\x2f\x2e\x02", [pid 5018] newfstatat(4, "", [pid 5017] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5017] close(3) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] rmdir("./134" [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] getdents64(4, [pid 5017] <... rmdir resumed>) = 0 [pid 5017] mkdir("./135", 0777) = 0 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5018] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] close(4) = 0 [pid 5018] rmdir("\x2e\x2f\x31\x33\x37\x2f\x2e\x02" [pid 5015] umount2("\x2e\x2f\x31\x33\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... rmdir resumed>) = 0 [pid 5018] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] close(3 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... close resumed>) = 0 [pid 5017] <... openat resumed>) = 3 [pid 5018] rmdir("./137" [pid 5017] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5017] close(3) = 0 [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] <... rmdir resumed>) = 0 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5018] mkdir("./138", 0777 [pid 5015] <... openat resumed>) = 4 [pid 5856] <... write resumed>) = 2097152 [pid 5018] <... mkdir resumed>) = 0 [pid 5015] newfstatat(4, "", [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5857 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] <... openat resumed>) = 3 [pid 5015] getdents64(4, ./strace-static-x86_64: Process 5857 attached [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5857] set_robust_list(0x555557506760, 24 [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5015] getdents64(4, [pid 5857] <... set_robust_list resumed>) = 0 [pid 5018] close(3 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5857] chdir("./135" [pid 5018] <... close resumed>) = 0 [pid 5015] close(4 [pid 5857] <... chdir resumed>) = 0 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5015] <... close resumed>) = 0 [ 163.211848][ T5854] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [pid 5015] rmdir("\x2e\x2f\x31\x33\x36\x2f\x2e\x02" [pid 5857] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5015] <... rmdir resumed>) = 0 [pid 5857] <... prctl resumed>) = 0 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5858 [pid 5015] getdents64(3, [pid 5857] setpgid(0, 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5857] <... setpgid resumed>) = 0 [pid 5015] close(3 [pid 5857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5015] <... close resumed>) = 0 ./strace-static-x86_64: Process 5858 attached [pid 5857] <... openat resumed>) = 3 [pid 5015] rmdir("./136" [pid 5858] set_robust_list(0x555557506760, 24 [pid 5857] write(3, "1000", 4 [pid 5015] <... rmdir resumed>) = 0 [pid 5858] <... set_robust_list resumed>) = 0 [pid 5857] <... write resumed>) = 4 [pid 5015] mkdir("./137", 0777 [pid 5858] chdir("./138" [pid 5857] close(3 [pid 5015] <... mkdir resumed>) = 0 [pid 5858] <... chdir resumed>) = 0 [pid 5857] <... close resumed>) = 0 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5858] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5857] symlink("/dev/binderfs", "./binderfs" [pid 5015] <... openat resumed>) = 3 [pid 5858] <... prctl resumed>) = 0 [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5858] setpgid(0, 0 [pid 5857] <... symlink resumed>) = 0 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5858] <... setpgid resumed>) = 0 [pid 5015] close(3 [pid 5858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5857] memfd_create("syzkaller", 0 [pid 5015] <... close resumed>) = 0 [pid 5858] <... openat resumed>) = 3 [pid 5857] <... memfd_create resumed>) = 3 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5858] write(3, "1000", 4 [pid 5857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5858] <... write resumed>) = 4 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5859 [pid 5858] close(3 [pid 5857] <... mmap resumed>) = 0x7f3634699000 [pid 5858] <... close resumed>) = 0 [pid 5858] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5856] munmap(0x7f362c399000, 2097152 [pid 5858] memfd_create("syzkaller", 0) = 3 [pid 5854] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5856] <... munmap resumed>) = 0 [pid 5854] ioctl(4, LOOP_CLR_FD [pid 5858] <... mmap resumed>) = 0x7f3634699000 [pid 5857] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5854] <... ioctl resumed>) = 0 [pid 5854] close(4) = 0 ./strace-static-x86_64: Process 5859 attached [pid 5854] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5859] set_robust_list(0x555557506760, 24 [pid 5854] <... open resumed>) = 3 [pid 5859] <... set_robust_list resumed>) = 0 [pid 5854] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5859] chdir("./137" [pid 5858] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5854] <... mount resumed>) = 0 [pid 5859] <... chdir resumed>) = 0 [pid 5854] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5859] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5856] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5854] <... open resumed>) = 4 [pid 5859] <... prctl resumed>) = 0 [pid 5856] <... openat resumed>) = 7 [pid 5854] openat(AT_FDCWD, NULL, O_RDWR [pid 5859] setpgid(0, 0 [pid 5856] ioctl(7, LOOP_SET_FD, 6 [pid 5854] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5859] <... setpgid resumed>) = 0 [pid 5857] <... write resumed>) = 1048576 [pid 5856] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5854] ftruncate(-1, 2 [pid 5859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5856] ioctl(7, LOOP_CLR_FD [pid 5854] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5859] <... openat resumed>) = 3 [pid 5856] <... ioctl resumed>) = 0 [pid 5854] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 5859] write(3, "1000", 4 [pid 5854] <... mmap resumed>) = 0x20000000 [pid 5859] <... write resumed>) = 4 [pid 5854] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5859] close(3 [pid 5854] <... open resumed>) = -1 EFAULT (Bad address) [pid 5859] <... close resumed>) = 0 [pid 5856] ioctl(7, LOOP_SET_FD, 6 [pid 5855] <... write resumed>) = 2097152 [pid 5854] memfd_create("syzkaller", 0 [pid 5859] symlink("/dev/binderfs", "./binderfs" [pid 5856] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5855] munmap(0x7f362c399000, 2097152 [pid 5854] <... memfd_create resumed>) = 5 [pid 5859] <... symlink resumed>) = 0 [ 163.252223][ T5854] UDF-fs: Scanning with blocksize 4096 failed [pid 5856] close(7 [pid 5859] memfd_create("syzkaller", 0 [pid 5856] <... close resumed>) = 0 [pid 5854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5859] <... memfd_create resumed>) = 3 [pid 5856] close(6 [pid 5854] <... mmap resumed>) = 0x7f362c399000 [pid 5859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5857] munmap(0x7f3634699000, 1048576 [pid 5856] <... close resumed>) = 0 [pid 5855] <... munmap resumed>) = 0 [pid 5859] <... mmap resumed>) = 0x7f3634699000 [pid 5859] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5857] <... munmap resumed>) = 0 [pid 5855] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5857] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5855] <... openat resumed>) = 7 [pid 5857] <... openat resumed>) = 4 [pid 5855] ioctl(7, LOOP_SET_FD, 6 [pid 5858] <... write resumed>) = 1048576 [pid 5857] ioctl(4, LOOP_SET_FD, 3 [pid 5855] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5858] munmap(0x7f3634699000, 1048576 [pid 5856] exit_group(0) = ? [pid 5858] <... munmap resumed>) = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5856] +++ exited with 0 +++ [pid 5858] ioctl(4, LOOP_SET_FD, 3 [pid 5855] ioctl(7, LOOP_CLR_FD [pid 5857] <... ioctl resumed>) = 0 [pid 5855] <... ioctl resumed>) = 0 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5856, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5859] <... write resumed>) = 1048576 [pid 5857] close(3 [pid 5019] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5857] <... close resumed>) = 0 [pid 5858] <... ioctl resumed>) = 0 [pid 5858] close(3) = 0 [pid 5858] mkdir("\x2e\x02", 0777 [pid 5855] ioctl(7, LOOP_SET_FD, 6 [pid 5857] mkdir("\x2e\x02", 0777 [pid 5855] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5858] <... mkdir resumed>) = 0 [pid 5857] <... mkdir resumed>) = 0 [pid 5855] close(7 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5857] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5855] <... close resumed>) = 0 [pid 5019] openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5858] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5855] close(6 [pid 5019] <... openat resumed>) = 3 [pid 5855] <... close resumed>) = 0 [pid 5019] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5859] munmap(0x7f3634699000, 1048576) = 0 [ 163.348811][ T5857] loop3: detected capacity change from 0 to 2048 [ 163.354063][ T5858] loop4: detected capacity change from 0 to 2048 [ 163.388213][ T5857] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [pid 5019] umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] newfstatat(AT_FDCWD, "./139/binderfs", [pid 5859] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5859] <... openat resumed>) = 4 [pid 5019] unlink("./139/binderfs" [pid 5859] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5855] exit_group(0 [pid 5019] <... unlink resumed>) = 0 [pid 5855] <... exit_group resumed>) = ? [pid 5019] umount2("\x2e\x2f\x31\x33\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5855] +++ exited with 0 +++ [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5855, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5016] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5016] umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5854] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5859] close(3) = 0 [pid 5859] mkdir("\x2e\x02", 0777) = 0 [pid 5859] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5016] openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5016] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(AT_FDCWD, "./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] unlink("./135/binderfs") = 0 [ 163.390158][ T5858] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 163.406343][ T5859] loop1: detected capacity change from 0 to 2048 [ 163.408136][ T5857] UDF-fs: Scanning with blocksize 512 failed [ 163.420832][ T5858] UDF-fs: Scanning with blocksize 512 failed [pid 5016] umount2("\x2e\x2f\x31\x33\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... umount2 resumed>) = 0 [pid 5016] <... umount2 resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x33\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] umount2("\x2e\x2f\x31\x33\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x39\x2f\x2e\x02", [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x35\x2f\x2e\x02", [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] umount2("\x2e\x2f\x31\x33\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] umount2("\x2e\x2f\x31\x33\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... openat resumed>) = 4 [pid 5019] newfstatat(4, "", [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x35\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5019] getdents64(4, [pid 5016] <... openat resumed>) = 4 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5016] newfstatat(4, "", [pid 5019] getdents64(4, [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5857] <... mount resumed>) = 0 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5016] getdents64(4, [pid 5857] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5019] close(4 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5857] <... openat resumed>) = 3 [pid 5019] <... close resumed>) = 0 [pid 5016] getdents64(4, [pid 5019] rmdir("\x2e\x2f\x31\x33\x39\x2f\x2e\x02") = 0 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5857] chdir("\x2e\x02" [pid 5016] close(4 [pid 5857] <... chdir resumed>) = 0 [pid 5019] getdents64(3, [pid 5857] ioctl(4, LOOP_CLR_FD [pid 5016] <... close resumed>) = 0 [pid 5857] <... ioctl resumed>) = 0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] rmdir("\x2e\x2f\x31\x33\x35\x2f\x2e\x02" [pid 5857] close(4 [pid 5019] close(3 [pid 5016] <... rmdir resumed>) = 0 [pid 5857] <... close resumed>) = 0 [pid 5857] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] <... close resumed>) = 0 [pid 5019] rmdir("./139" [pid 5857] <... open resumed>) = 4 [pid 5016] getdents64(3, [pid 5857] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] <... rmdir resumed>) = 0 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] close(3 [pid 5019] mkdir("./140", 0777 [pid 5857] <... mount resumed>) = 0 [pid 5019] <... mkdir resumed>) = 0 [pid 5016] <... close resumed>) = 0 [pid 5857] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5016] rmdir("./135" [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5857] <... open resumed>) = 5 [pid 5016] <... rmdir resumed>) = 0 [pid 5019] <... openat resumed>) = 3 [pid 5016] mkdir("./136", 0777 [pid 5857] openat(AT_FDCWD, NULL, O_RDWR [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5016] <... mkdir resumed>) = 0 [pid 5857] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5854] <... write resumed>) = 2097152 [pid 5857] ftruncate(-1, 2 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5857] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5854] munmap(0x7f362c399000, 2097152 [pid 5857] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] close(3 [pid 5857] <... mmap resumed>) = 0x20000000 [pid 5019] <... close resumed>) = 0 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5016] <... openat resumed>) = 3 [pid 5016] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5857] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5016] close(3 [pid 5857] <... open resumed>) = -1 EFAULT (Bad address) [pid 5016] <... close resumed>) = 0 [pid 5857] memfd_create("syzkaller", 0 [pid 5854] <... munmap resumed>) = 0 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5860 [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5857] <... memfd_create resumed>) = 6 [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5861 [ 163.448755][ T5859] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 163.471156][ T5857] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 163.473709][ T5858] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 163.491256][ T5859] UDF-fs: Scanning with blocksize 512 failed [pid 5857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5854] <... openat resumed>) = 6 [pid 5854] ioctl(6, LOOP_SET_FD, 5 [pid 5857] <... mmap resumed>) = 0x7f362c399000 [pid 5854] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5854] ioctl(6, LOOP_CLR_FD./strace-static-x86_64: Process 5861 attached ) = 0 [pid 5861] set_robust_list(0x555557506760, 24) = 0 [pid 5861] chdir("./136") = 0 [pid 5861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5861] setpgid(0, 0 [pid 5854] ioctl(6, LOOP_SET_FD, 5 [pid 5861] <... setpgid resumed>) = 0 [pid 5854] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5858] <... mount resumed>) = 0 [pid 5861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5858] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5854] close(6./strace-static-x86_64: Process 5860 attached [pid 5861] <... openat resumed>) = 3 [pid 5858] <... openat resumed>) = 3 [pid 5854] <... close resumed>) = 0 [pid 5861] write(3, "1000", 4 [pid 5858] chdir("\x2e\x02" [pid 5854] close(5 [pid 5861] <... write resumed>) = 4 [pid 5860] set_robust_list(0x555557506760, 24 [pid 5858] <... chdir resumed>) = 0 [pid 5861] close(3) = 0 [pid 5858] ioctl(4, LOOP_CLR_FD [pid 5861] symlink("/dev/binderfs", "./binderfs" [pid 5860] <... set_robust_list resumed>) = 0 [pid 5858] <... ioctl resumed>) = 0 [pid 5861] <... symlink resumed>) = 0 [pid 5858] close(4 [pid 5861] memfd_create("syzkaller", 0 [pid 5860] chdir("./140" [pid 5858] <... close resumed>) = 0 [pid 5861] <... memfd_create resumed>) = 3 [pid 5860] <... chdir resumed>) = 0 [pid 5858] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5860] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5858] <... open resumed>) = 4 [pid 5861] <... mmap resumed>) = 0x7f3634699000 [pid 5860] <... prctl resumed>) = 0 [pid 5858] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5861] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5860] setpgid(0, 0 [pid 5858] <... mount resumed>) = 0 [pid 5860] <... setpgid resumed>) = 0 [pid 5858] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5858] <... open resumed>) = 5 [pid 5858] openat(AT_FDCWD, NULL, O_RDWR [pid 5860] <... openat resumed>) = 3 [pid 5858] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5854] <... close resumed>) = 0 [pid 5860] write(3, "1000", 4 [pid 5859] <... mount resumed>) = 0 [pid 5858] ftruncate(-1, 2 [pid 5859] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5858] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5854] exit_group(0 [pid 5861] <... write resumed>) = 1048576 [pid 5860] <... write resumed>) = 4 [pid 5859] <... openat resumed>) = 3 [pid 5858] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5857] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5854] <... exit_group resumed>) = ? [pid 5860] close(3 [pid 5859] chdir("\x2e\x02" [pid 5858] <... mmap resumed>) = 0x20000000 [pid 5854] +++ exited with 0 +++ [pid 5860] <... close resumed>) = 0 [pid 5859] <... chdir resumed>) = 0 [pid 5858] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [ 163.528324][ T5859] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5860] symlink("/dev/binderfs", "./binderfs" [pid 5859] ioctl(4, LOOP_CLR_FD [pid 5858] <... open resumed>) = -1 EFAULT (Bad address) [pid 5860] <... symlink resumed>) = 0 [pid 5859] <... ioctl resumed>) = 0 [pid 5858] memfd_create("syzkaller", 0 [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5854, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [pid 5859] close(4 [pid 5858] <... memfd_create resumed>) = 6 [pid 5859] <... close resumed>) = 0 [pid 5858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5859] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5858] <... mmap resumed>) = 0x7f362c399000 [pid 5860] memfd_create("syzkaller", 0 [pid 5859] <... open resumed>) = 4 [pid 5014] umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5859] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5860] <... memfd_create resumed>) = 3 [pid 5859] <... mount resumed>) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5859] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5859] <... open resumed>) = 5 [pid 5014] openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5861] munmap(0x7f3634699000, 1048576 [pid 5860] <... mmap resumed>) = 0x7f3634699000 [pid 5014] <... openat resumed>) = 3 [pid 5859] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5859] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5859] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5859] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5859] memfd_create("syzkaller", 0) = 6 [pid 5859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5014] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] getdents64(3, 0x5555575077f0 /* 5 entries */, 32768) = 128 [pid 5014] umount2("./136/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5861] <... munmap resumed>) = 0 [pid 5861] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5861] ioctl(4, LOOP_SET_FD, 3 [pid 5014] <... umount2 resumed>) = 0 [pid 5861] <... ioctl resumed>) = 0 [pid 5860] <... write resumed>) = 1048576 [pid 5014] umount2("./136/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5860] munmap(0x7f3634699000, 1048576 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] newfstatat(AT_FDCWD, "./136/bus", [pid 5860] <... munmap resumed>) = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] unlink("./136/bus" [pid 5860] <... openat resumed>) = 4 [pid 5860] ioctl(4, LOOP_SET_FD, 3 [pid 5014] <... unlink resumed>) = 0 [pid 5014] umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5861] close(3 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] newfstatat(AT_FDCWD, "./136/binderfs", [pid 5861] <... close resumed>) = 0 [pid 5861] mkdir("\x2e\x02", 0777 [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] unlink("./136/binderfs") = 0 [pid 5014] umount2("\x2e\x2f\x31\x33\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5014] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x36\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] umount2("\x2e\x2f\x31\x33\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5861] <... mkdir resumed>) = 0 [pid 5861] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5858] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5014] newfstatat(4, "", [pid 5857] <... write resumed>) = 2097152 [ 163.626778][ T5861] loop2: detected capacity change from 0 to 2048 [ 163.643017][ T5860] loop5: detected capacity change from 0 to 2048 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5860] <... ioctl resumed>) = 0 [pid 5857] munmap(0x7f362c399000, 2097152 [pid 5014] getdents64(4, [pid 5857] <... munmap resumed>) = 0 [pid 5860] close(3 [pid 5014] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5860] <... close resumed>) = 0 [pid 5857] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5014] getdents64(4, [pid 5860] mkdir("\x2e\x02", 0777 [pid 5857] <... openat resumed>) = 7 [pid 5014] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5860] <... mkdir resumed>) = 0 [pid 5860] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5857] ioctl(7, LOOP_SET_FD, 6 [pid 5014] close(4) = 0 [pid 5014] rmdir("\x2e\x2f\x31\x33\x36\x2f\x2e\x02" [pid 5857] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5857] ioctl(7, LOOP_CLR_FD [pid 5014] <... rmdir resumed>) = 0 [pid 5857] <... ioctl resumed>) = 0 [pid 5014] getdents64(3, [pid 5859] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] close(3 [pid 5857] ioctl(7, LOOP_SET_FD, 6 [pid 5014] <... close resumed>) = 0 [pid 5857] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5014] rmdir("./136" [pid 5857] close(7) = 0 [pid 5014] <... rmdir resumed>) = 0 [pid 5857] close(6 [pid 5014] mkdir("./137", 0777) = 0 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5014] ioctl(3, LOOP_CLR_FD) = 0 [ 163.686077][ T5861] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 163.693767][ T5861] UDF-fs: Scanning with blocksize 512 failed [ 163.715639][ T5860] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [pid 5014] close(3 [pid 5858] <... write resumed>) = 2097152 [pid 5857] <... close resumed>) = 0 [pid 5014] <... close resumed>) = 0 [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5858] munmap(0x7f362c399000, 2097152 [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 5862 ./strace-static-x86_64: Process 5862 attached [pid 5862] set_robust_list(0x555557506760, 24) = 0 [pid 5862] chdir("./137") = 0 [pid 5857] exit_group(0 [pid 5862] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5857] <... exit_group resumed>) = ? [pid 5862] <... prctl resumed>) = 0 [pid 5858] <... munmap resumed>) = 0 [pid 5862] setpgid(0, 0 [pid 5858] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5862] <... setpgid resumed>) = 0 [pid 5858] <... openat resumed>) = 7 [pid 5857] +++ exited with 0 +++ [pid 5862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5858] ioctl(7, LOOP_SET_FD, 6 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5857, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5862] <... openat resumed>) = 3 [pid 5858] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5862] write(3, "1000", 4 [pid 5858] ioctl(7, LOOP_CLR_FD [pid 5862] <... write resumed>) = 4 [pid 5858] <... ioctl resumed>) = 0 [ 163.781528][ T5860] UDF-fs: Scanning with blocksize 512 failed [ 163.787944][ T5861] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5017] umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5862] close(3 [pid 5859] <... write resumed>) = 2097152 [pid 5862] <... close resumed>) = 0 [pid 5862] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5862] memfd_create("syzkaller", 0 [pid 5858] ioctl(7, LOOP_SET_FD, 6 [pid 5017] openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5862] <... memfd_create resumed>) = 3 [pid 5859] munmap(0x7f362c399000, 2097152 [pid 5858] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] <... openat resumed>) = 3 [pid 5862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5859] <... munmap resumed>) = 0 [pid 5858] close(7 [pid 5017] newfstatat(3, "", [pid 5862] <... mmap resumed>) = 0x7f3634699000 [pid 5858] <... close resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5862] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5858] close(6 [pid 5017] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5858] <... close resumed>) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(AT_FDCWD, "./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] unlink("./135/binderfs" [pid 5859] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5017] <... unlink resumed>) = 0 [pid 5859] <... openat resumed>) = 7 [pid 5017] umount2("\x2e\x2f\x31\x33\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5861] <... mount resumed>) = 0 [pid 5859] ioctl(7, LOOP_SET_FD, 6 [pid 5861] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5859] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5861] <... openat resumed>) = 3 [ 163.822122][ T5860] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5859] ioctl(7, LOOP_CLR_FD [pid 5861] chdir("\x2e\x02" [pid 5859] <... ioctl resumed>) = 0 [pid 5858] exit_group(0 [pid 5861] <... chdir resumed>) = 0 [pid 5858] <... exit_group resumed>) = ? [pid 5861] ioctl(4, LOOP_CLR_FD [pid 5858] +++ exited with 0 +++ [pid 5860] <... mount resumed>) = 0 [pid 5861] <... ioctl resumed>) = 0 [pid 5859] ioctl(7, LOOP_SET_FD, 6 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5858, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 5017] <... umount2 resumed>) = 0 [pid 5862] <... write resumed>) = 1048576 [pid 5861] close(4 [pid 5860] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5859] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] umount2("\x2e\x2f\x31\x33\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5861] <... close resumed>) = 0 [pid 5860] <... openat resumed>) = 3 [pid 5859] close(7 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5861] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5860] chdir("\x2e\x02" [pid 5859] <... close resumed>) = 0 [pid 5018] umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x35\x2f\x2e\x02", [pid 5861] <... open resumed>) = 4 [pid 5860] <... chdir resumed>) = 0 [pid 5859] close(6 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5861] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5860] ioctl(4, LOOP_CLR_FD [pid 5018] openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] umount2("\x2e\x2f\x31\x33\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5861] <... mount resumed>) = 0 [pid 5860] <... ioctl resumed>) = 0 [pid 5018] <... openat resumed>) = 3 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5861] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5860] close(4 [pid 5859] <... close resumed>) = 0 [pid 5018] newfstatat(3, "", [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x35\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5862] munmap(0x7f3634699000, 1048576 [pid 5861] <... open resumed>) = 5 [pid 5860] <... close resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] <... openat resumed>) = 4 [pid 5861] openat(AT_FDCWD, NULL, O_RDWR [pid 5860] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5018] getdents64(3, [pid 5017] newfstatat(4, "", [pid 5862] <... munmap resumed>) = 0 [pid 5861] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5861] ftruncate(-1, 2 [pid 5859] exit_group(0 [pid 5018] umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] getdents64(4, [pid 5862] <... openat resumed>) = 4 [pid 5861] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5860] <... open resumed>) = 4 [pid 5859] <... exit_group resumed>) = ? [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5862] ioctl(4, LOOP_SET_FD, 3 [pid 5861] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5860] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] getdents64(4, [pid 5862] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5861] <... mmap resumed>) = 0x20000000 [pid 5860] <... mount resumed>) = 0 [pid 5018] newfstatat(AT_FDCWD, "./138/binderfs", [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5862] ioctl(4, LOOP_CLR_FD [pid 5861] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5860] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5859] +++ exited with 0 +++ [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] close(4 [pid 5862] <... ioctl resumed>) = 0 [pid 5861] <... open resumed>) = -1 EFAULT (Bad address) [pid 5860] <... open resumed>) = 5 [pid 5018] unlink("./138/binderfs" [pid 5017] <... close resumed>) = 0 [pid 5861] memfd_create("syzkaller", 0 [pid 5860] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] <... unlink resumed>) = 0 [pid 5017] rmdir("\x2e\x2f\x31\x33\x35\x2f\x2e\x02" [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5859, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=7 /* 0.07 s */} --- [pid 5861] <... memfd_create resumed>) = 6 [pid 5860] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5018] umount2("\x2e\x2f\x31\x33\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... rmdir resumed>) = 0 [pid 5015] umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5862] ioctl(4, LOOP_SET_FD, 3 [pid 5861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5860] ftruncate(-1, 2 [pid 5017] getdents64(3, [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5862] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5861] <... mmap resumed>) = 0x7f362c399000 [pid 5860] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5862] close(4 [pid 5860] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5017] close(3 [pid 5015] <... openat resumed>) = 3 [pid 5862] <... close resumed>) = 0 [pid 5860] <... mmap resumed>) = 0x20000000 [pid 5017] <... close resumed>) = 0 [pid 5015] newfstatat(3, "", [pid 5862] close(3 [pid 5860] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5017] rmdir("./135" [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5862] <... close resumed>) = 0 [pid 5860] <... open resumed>) = -1 EFAULT (Bad address) [pid 5017] <... rmdir resumed>) = 0 [pid 5015] getdents64(3, [pid 5862] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5017] mkdir("./136", 0777 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5862] <... open resumed>) = 3 [pid 5860] memfd_create("syzkaller", 0 [pid 5017] <... mkdir resumed>) = 0 [pid 5015] umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5862] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5860] <... memfd_create resumed>) = 6 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5862] <... mount resumed>) = 0 [pid 5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] <... openat resumed>) = 3 [pid 5015] newfstatat(AT_FDCWD, "./137/binderfs", [pid 5862] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5860] <... mmap resumed>) = 0x7f362c399000 [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5862] <... open resumed>) = 4 [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5015] unlink("./137/binderfs" [pid 5862] openat(AT_FDCWD, NULL, O_RDWR [pid 5017] close(3 [pid 5015] <... unlink resumed>) = 0 [pid 5862] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5017] <... close resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x33\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5862] ftruncate(-1, 2 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5862] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5862] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5863 [pid 5862] <... mmap resumed>) = 0x20000000 [pid 5862] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5862] memfd_create("syzkaller", 0) = 5 [pid 5862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5018] <... umount2 resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x33\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 5863 attached [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x38\x2f\x2e\x02", [pid 5015] umount2("\x2e\x2f\x31\x33\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5863] set_robust_list(0x555557506760, 24 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5863] <... set_robust_list resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x33\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x37\x2f\x2e\x02", [pid 5863] chdir("./136" [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5863] <... chdir resumed>) = 0 [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] umount2("\x2e\x2f\x31\x33\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5863] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5018] <... openat resumed>) = 4 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5863] <... prctl resumed>) = 0 [pid 5018] newfstatat(4, "", [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x37\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5863] setpgid(0, 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... openat resumed>) = 4 [pid 5863] <... setpgid resumed>) = 0 [pid 5018] getdents64(4, [pid 5015] newfstatat(4, "", [pid 5863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5863] <... openat resumed>) = 3 [pid 5018] getdents64(4, [pid 5015] getdents64(4, [pid 5863] write(3, "1000", 4 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5863] <... write resumed>) = 4 [pid 5018] close(4 [pid 5015] getdents64(4, [pid 5863] close(3 [pid 5018] <... close resumed>) = 0 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5863] <... close resumed>) = 0 [pid 5018] rmdir("\x2e\x2f\x31\x33\x38\x2f\x2e\x02" [pid 5015] close(4 [pid 5863] symlink("/dev/binderfs", "./binderfs" [pid 5015] <... close resumed>) = 0 [pid 5015] rmdir("\x2e\x2f\x31\x33\x37\x2f\x2e\x02" [pid 5018] <... rmdir resumed>) = 0 [pid 5015] <... rmdir resumed>) = 0 [pid 5863] <... symlink resumed>) = 0 [pid 5018] getdents64(3, [pid 5015] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5863] memfd_create("syzkaller", 0 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] close(3 [pid 5863] <... memfd_create resumed>) = 3 [pid 5861] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5860] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5018] close(3 [pid 5015] <... close resumed>) = 0 [pid 5863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5015] rmdir("./137") = 0 [pid 5015] mkdir("./138", 0777) = 0 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5863] <... mmap resumed>) = 0x7f3634699000 [pid 5018] <... close resumed>) = 0 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5015] close(3) = 0 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 5864 ./strace-static-x86_64: Process 5864 attached [pid 5864] set_robust_list(0x555557506760, 24) = 0 [pid 5863] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5018] rmdir("./138" [pid 5864] chdir("./138") = 0 [pid 5018] <... rmdir resumed>) = 0 [pid 5864] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5018] mkdir("./139", 0777 [pid 5864] <... prctl resumed>) = 0 [pid 5864] setpgid(0, 0 [pid 5018] <... mkdir resumed>) = 0 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5864] <... setpgid resumed>) = 0 [pid 5018] <... openat resumed>) = 3 [pid 5864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5864] <... openat resumed>) = 3 [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5864] write(3, "1000", 4 [pid 5018] close(3 [pid 5864] <... write resumed>) = 4 [pid 5018] <... close resumed>) = 0 [pid 5864] close(3 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5864] <... close resumed>) = 0 [pid 5864] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5864] memfd_create("syzkaller", 0 [pid 5862] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5865 [pid 5864] <... memfd_create resumed>) = 3 [pid 5864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 ./strace-static-x86_64: Process 5865 attached [pid 5863] <... write resumed>) = 1048576 [pid 5865] set_robust_list(0x555557506760, 24) = 0 [pid 5863] munmap(0x7f3634699000, 1048576 [pid 5865] chdir("./139") = 0 [pid 5864] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5861] <... write resumed>) = 2097152 [pid 5865] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5865] setpgid(0, 0) = 0 [pid 5863] <... munmap resumed>) = 0 [pid 5860] <... write resumed>) = 2097152 [pid 5865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5863] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5860] munmap(0x7f362c399000, 2097152 [pid 5865] <... openat resumed>) = 3 [pid 5863] <... openat resumed>) = 4 [pid 5861] munmap(0x7f362c399000, 2097152 [pid 5865] write(3, "1000", 4 [pid 5863] ioctl(4, LOOP_SET_FD, 3 [pid 5860] <... munmap resumed>) = 0 [pid 5865] <... write resumed>) = 4 [pid 5861] <... munmap resumed>) = 0 [pid 5861] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5865] close(3 [pid 5860] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5865] <... close resumed>) = 0 [pid 5860] <... openat resumed>) = 7 [pid 5865] symlink("/dev/binderfs", "./binderfs" [pid 5861] <... openat resumed>) = 7 [pid 5860] ioctl(7, LOOP_SET_FD, 6 [pid 5865] <... symlink resumed>) = 0 [pid 5863] <... ioctl resumed>) = 0 [pid 5861] ioctl(7, LOOP_SET_FD, 6 [pid 5860] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5865] memfd_create("syzkaller", 0 [pid 5863] close(3 [pid 5861] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5860] ioctl(7, LOOP_CLR_FD [pid 5865] <... memfd_create resumed>) = 3 [pid 5864] <... write resumed>) = 1048576 [pid 5863] <... close resumed>) = 0 [pid 5861] ioctl(7, LOOP_CLR_FD [pid 5860] <... ioctl resumed>) = 0 [pid 5865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5863] mkdir("\x2e\x02", 0777 [pid 5862] <... write resumed>) = 2097152 [pid 5861] <... ioctl resumed>) = 0 [pid 5864] munmap(0x7f3634699000, 1048576 [pid 5865] <... mmap resumed>) = 0x7f3634699000 [pid 5863] <... mkdir resumed>) = 0 [pid 5862] munmap(0x7f362c399000, 2097152 [pid 5865] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5864] <... munmap resumed>) = 0 [pid 5863] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5864] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5860] ioctl(7, LOOP_SET_FD, 6 [ 164.204227][ T5863] loop3: detected capacity change from 0 to 2048 [pid 5864] ioctl(4, LOOP_SET_FD, 3 [pid 5861] ioctl(7, LOOP_SET_FD, 6 [pid 5860] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5861] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5861] close(7 [pid 5864] <... ioctl resumed>) = 0 [pid 5861] <... close resumed>) = 0 [pid 5864] close(3 [pid 5861] close(6 [pid 5864] <... close resumed>) = 0 [pid 5861] <... close resumed>) = 0 [pid 5864] mkdir("\x2e\x02", 0777) = 0 [pid 5864] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5861] exit_group(0) = ? [pid 5860] close(7 [pid 5861] +++ exited with 0 +++ [pid 5860] <... close resumed>) = 0 [pid 5865] <... write resumed>) = 1048576 [pid 5860] close(6 [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5861, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=6 /* 0.06 s */} --- [pid 5865] munmap(0x7f3634699000, 1048576 [pid 5862] <... munmap resumed>) = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5860] <... close resumed>) = 0 [pid 5016] restart_syscall(<... resuming interrupted clone ...> [pid 5865] <... munmap resumed>) = 0 [pid 5016] <... restart_syscall resumed>) = 0 [pid 5865] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5862] ioctl(6, LOOP_SET_FD, 5 [pid 5865] <... openat resumed>) = 4 [pid 5862] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [ 164.250182][ T5864] loop1: detected capacity change from 0 to 2048 [ 164.250196][ T5863] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 164.250212][ T5863] UDF-fs: Scanning with blocksize 512 failed [ 164.253117][ T5863] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 164.285876][ T5864] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [pid 5860] exit_group(0 [pid 5865] ioctl(4, LOOP_SET_FD, 3 [pid 5862] ioctl(6, LOOP_CLR_FD [pid 5860] <... exit_group resumed>) = ? [pid 5016] umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5862] <... ioctl resumed>) = 0 [pid 5862] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 5862] close(6) = 0 [pid 5862] close(5 [pid 5865] <... ioctl resumed>) = 0 [pid 5860] +++ exited with 0 +++ [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5860, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5016] openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5865] close(3 [pid 5019] restart_syscall(<... resuming interrupted clone ...> [pid 5016] <... openat resumed>) = 3 [pid 5865] <... close resumed>) = 0 [pid 5019] <... restart_syscall resumed>) = 0 [pid 5016] newfstatat(3, "", [pid 5865] mkdir("\x2e\x02", 0777 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5865] <... mkdir resumed>) = 0 [pid 5863] <... mount resumed>) = 0 [pid 5016] getdents64(3, [pid 5865] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5863] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5019] umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5863] <... openat resumed>) = 3 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [ 164.321845][ T5864] UDF-fs: Scanning with blocksize 512 failed [ 164.336052][ T5865] loop4: detected capacity change from 0 to 2048 [pid 5863] chdir("\x2e\x02" [pid 5019] openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(AT_FDCWD, "./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5863] <... chdir resumed>) = 0 [pid 5862] <... close resumed>) = 0 [pid 5019] <... openat resumed>) = 3 [pid 5016] unlink("./136/binderfs") = 0 [pid 5016] umount2("\x2e\x2f\x31\x33\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5863] ioctl(4, LOOP_CLR_FD [pid 5019] newfstatat(3, "", [pid 5862] exit_group(0) = ? [pid 5863] <... ioctl resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... umount2 resumed>) = 0 [pid 5864] <... mount resumed>) = 0 [pid 5863] close(4 [pid 5016] umount2("\x2e\x2f\x31\x33\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x36\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] umount2("\x2e\x2f\x31\x33\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5862] +++ exited with 0 +++ [pid 5864] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5019] getdents64(3, [pid 5863] <... close resumed>) = 0 [pid 5016] newfstatat(4, "", [pid 5864] <... openat resumed>) = 3 [pid 5863] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5865] <... mount resumed>) = 0 [pid 5864] chdir("\x2e\x02" [pid 5863] <... open resumed>) = 4 [pid 5019] umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] getdents64(4, [pid 5864] <... chdir resumed>) = 0 [pid 5863] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [ 164.369082][ T5865] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 164.379111][ T5864] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 164.388199][ T5865] UDF-fs: Scanning with blocksize 512 failed [ 164.405475][ T5865] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5862, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- [pid 5865] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5864] ioctl(4, LOOP_CLR_FD [pid 5863] <... mount resumed>) = 0 [pid 5019] newfstatat(AT_FDCWD, "./140/binderfs", [pid 5016] getdents64(4, [pid 5014] umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5865] <... openat resumed>) = 3 [pid 5864] <... ioctl resumed>) = 0 [pid 5863] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5865] chdir("\x2e\x02" [pid 5864] close(4 [pid 5863] <... open resumed>) = 5 [pid 5019] unlink("./140/binderfs" [pid 5016] close(4 [pid 5014] openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5865] <... chdir resumed>) = 0 [pid 5864] <... close resumed>) = 0 [pid 5863] openat(AT_FDCWD, NULL, O_RDWR [pid 5019] <... unlink resumed>) = 0 [pid 5016] <... close resumed>) = 0 [pid 5865] ioctl(4, LOOP_CLR_FD [pid 5864] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5863] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5019] umount2("\x2e\x2f\x31\x34\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] rmdir("\x2e\x2f\x31\x33\x36\x2f\x2e\x02" [pid 5014] <... openat resumed>) = 3 [pid 5865] <... ioctl resumed>) = 0 [pid 5863] ftruncate(-1, 2 [pid 5016] <... rmdir resumed>) = 0 [pid 5865] close(4 [pid 5864] <... open resumed>) = 4 [pid 5863] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] <... umount2 resumed>) = 0 [pid 5016] getdents64(3, [pid 5014] newfstatat(3, "", [pid 5865] <... close resumed>) = 0 [pid 5864] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5863] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] umount2("\x2e\x2f\x31\x34\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5865] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5864] <... mount resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] close(3 [pid 5863] <... mmap resumed>) = 0x20000000 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5865] <... open resumed>) = 4 [pid 5864] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5863] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x30\x2f\x2e\x02", [pid 5016] <... close resumed>) = 0 [pid 5014] getdents64(3, [pid 5865] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5864] <... open resumed>) = 5 [pid 5863] <... open resumed>) = -1 EFAULT (Bad address) [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] rmdir("./136" [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5865] <... mount resumed>) = 0 [pid 5864] openat(AT_FDCWD, NULL, O_RDWR [pid 5863] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5019] umount2("\x2e\x2f\x31\x34\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... rmdir resumed>) = 0 [pid 5014] umount2("./137/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5865] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5864] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5863] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] mkdir("./137", 0777 [pid 5865] <... open resumed>) = 5 [pid 5864] ftruncate(-1, 2 [pid 5863] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] <... mkdir resumed>) = 0 [pid 5014] <... umount2 resumed>) = 0 [pid 5865] openat(AT_FDCWD, NULL, O_RDWR [pid 5864] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5863] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5019] <... openat resumed>) = 4 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5014] umount2("./137/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5865] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5864] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5863] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5019] newfstatat(4, "", [pid 5016] <... openat resumed>) = 3 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5865] ftruncate(-1, 2 [pid 5864] <... mmap resumed>) = 0x20000000 [pid 5863] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5014] newfstatat(AT_FDCWD, "./137/bus", [pid 5865] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5864] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5863] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5019] getdents64(4, [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5865] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5864] <... open resumed>) = -1 EFAULT (Bad address) [pid 5863] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5016] close(3 [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5865] <... mmap resumed>) = 0x20000000 [pid 5864] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5863] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5019] getdents64(4, [pid 5016] <... close resumed>) = 0 [pid 5014] unlink("./137/bus" [pid 5865] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5864] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5863] memfd_create("syzkaller", 0 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5865] <... open resumed>) = -1 EFAULT (Bad address) [pid 5864] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5863] <... memfd_create resumed>) = 6 [pid 5019] close(4 [pid 5014] <... unlink resumed>) = 0 [pid 5865] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5864] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] <... close resumed>) = 0 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5866 [pid 5014] umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5865] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5864] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5863] <... mmap resumed>) = 0x7f362c399000 [pid 5019] rmdir("\x2e\x2f\x31\x34\x30\x2f\x2e\x02" [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5865] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5864] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5863] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5019] <... rmdir resumed>) = 0 [pid 5014] newfstatat(AT_FDCWD, "./137/binderfs", ./strace-static-x86_64: Process 5866 attached [pid 5865] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5864] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5863] exit_group(0 [pid 5019] getdents64(3, [pid 5866] set_robust_list(0x555557506760, 24 [pid 5865] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5864] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5863] <... exit_group resumed>) = ? [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5866] <... set_robust_list resumed>) = 0 [pid 5865] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5864] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5019] close(3 [pid 5866] chdir("./137" [pid 5863] +++ exited with 0 +++ [pid 5019] <... close resumed>) = 0 [pid 5014] unlink("./137/binderfs" [pid 5865] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5866] <... chdir resumed>) = 0 [pid 5864] memfd_create("syzkaller", 0 [pid 5019] rmdir("./140" [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5863, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5866] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5865] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5864] <... memfd_create resumed>) = 6 [pid 5019] <... rmdir resumed>) = 0 [pid 5014] <... unlink resumed>) = 0 [pid 5866] <... prctl resumed>) = 0 [pid 5865] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] mkdir("./141", 0777 [pid 5014] getdents64(3, [pid 5866] setpgid(0, 0 [pid 5865] memfd_create("syzkaller", 0 [pid 5864] <... mmap resumed>) = 0x7f362c399000 [pid 5019] <... mkdir resumed>) = 0 [pid 5017] umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5866] <... setpgid resumed>) = 0 [pid 5865] <... memfd_create resumed>) = 6 [pid 5864] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5864] exit_group(0 [pid 5019] <... openat resumed>) = 3 [pid 5017] openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] close(3 [pid 5866] <... openat resumed>) = 3 [pid 5865] <... mmap resumed>) = 0x7f362c399000 [pid 5864] <... exit_group resumed>) = ? [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5017] <... openat resumed>) = 3 [pid 5014] <... close resumed>) = 0 [pid 5866] write(3, "1000", 4 [pid 5865] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5017] newfstatat(3, "", [pid 5866] <... write resumed>) = 4 [pid 5865] exit_group(0 [pid 5864] +++ exited with 0 +++ [pid 5019] close(3 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] rmdir("./137" [pid 5866] close(3 [pid 5865] <... exit_group resumed>) = ? [pid 5019] <... close resumed>) = 0 [pid 5017] getdents64(3, [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5864, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5866] <... close resumed>) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] restart_syscall(<... resuming interrupted clone ...> [pid 5014] <... rmdir resumed>) = 0 [pid 5865] +++ exited with 0 +++ [pid 5866] symlink("/dev/binderfs", "./binderfs" [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5865, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5017] umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... restart_syscall resumed>) = 0 [pid 5014] mkdir("./138", 0777 [pid 5866] <... symlink resumed>) = 0 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5867 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5866] memfd_create("syzkaller", 0 [pid 5017] newfstatat(AT_FDCWD, "./136/binderfs", [pid 5014] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5867 attached [pid 5866] <... memfd_create resumed>) = 3 [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5867] set_robust_list(0x555557506760, 24 [pid 5866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] unlink("./136/binderfs" [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5867] <... set_robust_list resumed>) = 0 [pid 5866] <... mmap resumed>) = 0x7f3634699000 [pid 5017] <... unlink resumed>) = 0 [pid 5015] openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] <... openat resumed>) = 3 [pid 5867] chdir("./141" [pid 5866] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5018] umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] umount2("\x2e\x2f\x31\x33\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... openat resumed>) = 3 [pid 5014] ioctl(3, LOOP_CLR_FD [pid 5867] <... chdir resumed>) = 0 [pid 5866] <... write resumed>) = 1048576 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(3, "", [pid 5867] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5018] openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5867] <... prctl resumed>) = 0 [pid 5867] setpgid(0, 0 [pid 5018] <... openat resumed>) = 3 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] close(3 [pid 5867] <... setpgid resumed>) = 0 [pid 5018] newfstatat(3, "", [pid 5014] <... close resumed>) = 0 [pid 5867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] getdents64(3, [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5867] <... openat resumed>) = 3 [pid 5018] getdents64(3, [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5867] write(3, "1000", 4 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5867] <... write resumed>) = 4 [pid 5018] umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5867] close(3 [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 5868 [pid 5867] <... close resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5868 attached [pid 5867] symlink("/dev/binderfs", "./binderfs" [pid 5018] newfstatat(AT_FDCWD, "./139/binderfs", [pid 5017] <... umount2 resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5867] <... symlink resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] umount2("\x2e\x2f\x31\x33\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] newfstatat(AT_FDCWD, "./138/binderfs", [pid 5867] memfd_create("syzkaller", 0 [pid 5018] unlink("./139/binderfs" [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] <... memfd_create resumed>) = 3 [pid 5866] munmap(0x7f3634699000, 1048576 [pid 5018] <... unlink resumed>) = 0 [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x36\x2f\x2e\x02", [pid 5015] unlink("./138/binderfs" [pid 5868] set_robust_list(0x555557506760, 24 [pid 5867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5866] <... munmap resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x33\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... unlink resumed>) = 0 [pid 5868] <... set_robust_list resumed>) = 0 [pid 5867] <... mmap resumed>) = 0x7f3634699000 [pid 5866] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5018] <... umount2 resumed>) = 0 [pid 5017] umount2("\x2e\x2f\x31\x33\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] umount2("\x2e\x2f\x31\x33\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5868] chdir("./138" [pid 5867] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5866] <... openat resumed>) = 4 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... umount2 resumed>) = 0 [pid 5868] <... chdir resumed>) = 0 [pid 5866] ioctl(4, LOOP_SET_FD, 3 [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5018] umount2("\x2e\x2f\x31\x33\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... openat resumed>) = 4 [pid 5868] <... prctl resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(4, "", [pid 5868] setpgid(0, 0 [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x39\x2f\x2e\x02", [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... setpgid resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] getdents64(4, [pid 5015] umount2("\x2e\x2f\x31\x33\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5018] umount2("\x2e\x2f\x31\x33\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5868] <... openat resumed>) = 3 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] getdents64(4, [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] write(3, "1000", 4 [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5868] <... write resumed>) = 4 [pid 5018] <... openat resumed>) = 4 [pid 5017] close(4 [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x38\x2f\x2e\x02", [pid 5868] close(3 [pid 5018] newfstatat(4, "", [pid 5017] <... close resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... close resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] rmdir("\x2e\x2f\x31\x33\x36\x2f\x2e\x02" [pid 5015] umount2("\x2e\x2f\x31\x33\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5868] symlink("/dev/binderfs", "./binderfs" [pid 5018] getdents64(4, [pid 5017] <... rmdir resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... symlink resumed>) = 0 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5017] getdents64(3, [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5866] <... ioctl resumed>) = 0 [pid 5018] getdents64(4, [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] <... openat resumed>) = 4 [pid 5868] memfd_create("syzkaller", 0 [pid 5866] close(3 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5017] close(3 [pid 5015] newfstatat(4, "", [pid 5868] <... memfd_create resumed>) = 3 [pid 5866] <... close resumed>) = 0 [pid 5018] close(4 [pid 5017] <... close resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5866] mkdir("\x2e\x02", 0777 [pid 5018] <... close resumed>) = 0 [pid 5017] rmdir("./136" [pid 5015] getdents64(4, [pid 5868] <... mmap resumed>) = 0x7f3634699000 [pid 5866] <... mkdir resumed>) = 0 [pid 5018] rmdir("\x2e\x2f\x31\x33\x39\x2f\x2e\x02" [pid 5017] <... rmdir resumed>) = 0 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5866] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5018] <... rmdir resumed>) = 0 [ 164.619943][ T5866] loop2: detected capacity change from 0 to 2048 [pid 5017] mkdir("./137", 0777 [pid 5015] getdents64(4, [pid 5868] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5018] getdents64(3, [pid 5017] <... mkdir resumed>) = 0 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5015] close(4 [pid 5018] close(3 [pid 5017] <... openat resumed>) = 3 [pid 5015] <... close resumed>) = 0 [pid 5867] <... write resumed>) = 1048576 [pid 5018] <... close resumed>) = 0 [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5015] rmdir("\x2e\x2f\x31\x33\x38\x2f\x2e\x02" [pid 5867] munmap(0x7f3634699000, 1048576 [pid 5018] rmdir("./139" [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5015] <... rmdir resumed>) = 0 [pid 5867] <... munmap resumed>) = 0 [pid 5018] <... rmdir resumed>) = 0 [pid 5017] close(3 [pid 5015] getdents64(3, [pid 5018] mkdir("./140", 0777 [pid 5017] <... close resumed>) = 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] <... mkdir resumed>) = 0 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5015] close(3 [pid 5867] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5015] <... close resumed>) = 0 [pid 5018] <... openat resumed>) = 3 [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5869 [pid 5015] rmdir("./138" [pid 5867] <... openat resumed>) = 4 [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5015] <... rmdir resumed>) = 0 [pid 5867] ioctl(4, LOOP_SET_FD, 3 [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5015] mkdir("./139", 0777 [pid 5018] close(3 [pid 5015] <... mkdir resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 5869 attached [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5015] <... openat resumed>) = 3 [pid 5869] set_robust_list(0x555557506760, 24 [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5869] <... set_robust_list resumed>) = 0 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5870 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5869] chdir("./137" [pid 5015] close(3 [pid 5869] <... chdir resumed>) = 0 [pid 5015] <... close resumed>) = 0 [pid 5869] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5869] <... prctl resumed>) = 0 [pid 5869] setpgid(0, 0 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5871 [pid 5869] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 5871 attached ./strace-static-x86_64: Process 5870 attached [pid 5869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5868] <... write resumed>) = 1048576 [pid 5867] <... ioctl resumed>) = 0 [pid 5871] set_robust_list(0x555557506760, 24 [pid 5870] set_robust_list(0x555557506760, 24 [pid 5869] <... openat resumed>) = 3 [pid 5868] munmap(0x7f3634699000, 1048576 [pid 5867] close(3 [pid 5871] <... set_robust_list resumed>) = 0 [pid 5870] <... set_robust_list resumed>) = 0 [pid 5869] write(3, "1000", 4 [pid 5871] chdir("./139" [pid 5870] chdir("./140" [pid 5869] <... write resumed>) = 4 [pid 5868] <... munmap resumed>) = 0 [pid 5867] <... close resumed>) = 0 [pid 5871] <... chdir resumed>) = 0 [pid 5870] <... chdir resumed>) = 0 [pid 5869] close(3 [pid 5870] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5869] <... close resumed>) = 0 [pid 5870] <... prctl resumed>) = 0 [pid 5869] symlink("/dev/binderfs", "./binderfs" [pid 5870] setpgid(0, 0 [pid 5869] <... symlink resumed>) = 0 [pid 5871] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5870] <... setpgid resumed>) = 0 [pid 5869] memfd_create("syzkaller", 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5867] mkdir("\x2e\x02", 0777 [pid 5871] <... prctl resumed>) = 0 [pid 5870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5869] <... memfd_create resumed>) = 3 [pid 5868] <... openat resumed>) = 4 [pid 5871] setpgid(0, 0 [pid 5870] <... openat resumed>) = 3 [pid 5869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5868] ioctl(4, LOOP_SET_FD, 3 [pid 5867] <... mkdir resumed>) = 0 [ 164.660225][ T5866] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 164.685977][ T5867] loop5: detected capacity change from 0 to 2048 [ 164.700990][ T5866] UDF-fs: Scanning with blocksize 512 failed [pid 5871] <... setpgid resumed>) = 0 [pid 5870] write(3, "1000", 4 [pid 5869] <... mmap resumed>) = 0x7f3634699000 [pid 5871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5870] <... write resumed>) = 4 [pid 5869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5868] <... ioctl resumed>) = 0 [pid 5867] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5871] <... openat resumed>) = 3 [pid 5870] close(3 [pid 5869] <... write resumed>) = 1048576 [pid 5871] write(3, "1000", 4 [pid 5870] <... close resumed>) = 0 [pid 5868] close(3 [pid 5870] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5870] memfd_create("syzkaller", 0) = 3 [pid 5870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5871] <... write resumed>) = 4 [pid 5871] close(3 [pid 5870] <... mmap resumed>) = 0x7f3634699000 [pid 5868] <... close resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 5870] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5871] symlink("/dev/binderfs", "./binderfs" [pid 5869] munmap(0x7f3634699000, 1048576 [pid 5868] mkdir("\x2e\x02", 0777 [pid 5867] <... mount resumed>) = 0 [pid 5871] <... symlink resumed>) = 0 [pid 5869] <... munmap resumed>) = 0 [pid 5868] <... mkdir resumed>) = 0 [pid 5867] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5871] memfd_create("syzkaller", 0 [pid 5869] openat(AT_FDCWD, "/dev/loop3", O_RDWR [ 164.725873][ T5868] loop0: detected capacity change from 0 to 2048 [ 164.737244][ T5867] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 164.745958][ T5867] UDF-fs: Scanning with blocksize 512 failed [ 164.755761][ T5867] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5868] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [pid 5867] <... openat resumed>) = 3 [pid 5871] <... memfd_create resumed>) = 3 [pid 5869] <... openat resumed>) = 4 [pid 5867] chdir("\x2e\x02" [pid 5871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5869] ioctl(4, LOOP_SET_FD, 3 [pid 5867] <... chdir resumed>) = 0 [pid 5871] <... mmap resumed>) = 0x7f3634699000 [pid 5867] ioctl(4, LOOP_CLR_FD [pid 5871] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5867] <... ioctl resumed>) = 0 [pid 5871] <... write resumed>) = 1048576 [pid 5867] close(4 [pid 5870] <... write resumed>) = 1048576 [pid 5867] <... close resumed>) = 0 [pid 5867] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5869] <... ioctl resumed>) = 0 [pid 5869] close(3) = 0 [pid 5869] mkdir("\x2e\x02", 0777 [pid 5870] munmap(0x7f3634699000, 1048576 [pid 5867] <... open resumed>) = 4 [pid 5866] <... mount resumed>) = 0 [pid 5867] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5867] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5867] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5867] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5870] <... munmap resumed>) = 0 [pid 5867] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5866] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5870] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5867] <... mmap resumed>) = 0x20000000 [pid 5867] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5866] <... openat resumed>) = 3 [pid 5870] <... openat resumed>) = 4 [pid 5866] chdir("\x2e\x02" [pid 5870] ioctl(4, LOOP_SET_FD, 3 [pid 5869] <... mkdir resumed>) = 0 [pid 5866] <... chdir resumed>) = 0 [pid 5866] ioctl(4, LOOP_CLR_FD [pid 5869] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5866] <... ioctl resumed>) = 0 [pid 5871] munmap(0x7f3634699000, 1048576) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 164.772484][ T5869] loop3: detected capacity change from 0 to 2048 [ 164.773548][ T5868] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 164.787494][ T5866] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 164.801218][ T5868] UDF-fs: Scanning with blocksize 512 failed [ 164.817893][ T5870] loop4: detected capacity change from 0 to 2048 [pid 5871] ioctl(4, LOOP_SET_FD, 3 [pid 5870] <... ioctl resumed>) = 0 [pid 5866] close(4 [pid 5867] memfd_create("syzkaller", 0) = 6 [pid 5867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5870] close(3 [pid 5871] <... ioctl resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 5867] munmap(0x7f362c399000, 138412032 [pid 5866] <... close resumed>) = 0 [pid 5870] mkdir("\x2e\x02", 0777 [pid 5868] <... mount resumed>) = 0 [pid 5867] <... munmap resumed>) = 0 [pid 5866] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5870] <... mkdir resumed>) = 0 [pid 5867] close(6 [pid 5870] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5867] <... close resumed>) = 0 [pid 5867] exit_group(0 [pid 5868] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5867] <... exit_group resumed>) = ? [pid 5868] <... openat resumed>) = 3 [pid 5867] +++ exited with 0 +++ [pid 5866] <... open resumed>) = 4 [pid 5871] close(3) = 0 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5867, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5871] mkdir("\x2e\x02", 0777 [pid 5019] restart_syscall(<... resuming interrupted clone ...> [pid 5871] <... mkdir resumed>) = 0 [pid 5019] <... restart_syscall resumed>) = 0 [pid 5871] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5019] umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5868] chdir("\x2e\x02" [pid 5866] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... chdir resumed>) = 0 [pid 5866] <... mount resumed>) = 0 [pid 5019] openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] ioctl(4, LOOP_CLR_FD [pid 5866] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5019] <... openat resumed>) = 3 [pid 5868] <... ioctl resumed>) = 0 [pid 5866] <... open resumed>) = 5 [ 164.821247][ T5871] loop1: detected capacity change from 0 to 2048 [ 164.828878][ T5868] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 164.846732][ T5869] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 164.857970][ T5870] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [pid 5019] newfstatat(3, "", [pid 5868] close(4 [pid 5866] openat(AT_FDCWD, NULL, O_RDWR [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5019] umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] <... close resumed>) = 0 [pid 5866] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5019] newfstatat(AT_FDCWD, "./141/binderfs", [pid 5868] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5866] ftruncate(-1, 2 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... open resumed>) = 4 [pid 5866] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] unlink("./141/binderfs" [pid 5868] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5866] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] <... unlink resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x34\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5868] <... mount resumed>) = 0 [pid 5866] <... mmap resumed>) = 0x20000000 [pid 5019] <... umount2 resumed>) = 0 [pid 5870] <... mount resumed>) = 0 [pid 5868] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5866] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5870] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5868] <... open resumed>) = 5 [pid 5866] <... open resumed>) = -1 EFAULT (Bad address) [pid 5019] umount2("\x2e\x2f\x31\x34\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5868] openat(AT_FDCWD, NULL, O_RDWR [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... openat resumed>) = 3 [pid 5868] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5866] memfd_create("syzkaller", 0 [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x31\x2f\x2e\x02", [pid 5870] chdir("\x2e\x02" [pid 5868] ftruncate(-1, 2 [pid 5866] <... memfd_create resumed>) = 6 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] <... chdir resumed>) = 0 [pid 5868] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] umount2("\x2e\x2f\x31\x34\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5870] ioctl(4, LOOP_CLR_FD [pid 5868] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5866] <... mmap resumed>) = 0x7f362c399000 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 164.876262][ T5870] UDF-fs: Scanning with blocksize 512 failed [ 164.876716][ T5871] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 164.882407][ T5869] UDF-fs: Scanning with blocksize 512 failed [ 164.904720][ T5870] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x31\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5019] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5019] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5019] close(4) = 0 [pid 5019] rmdir("\x2e\x2f\x31\x34\x31\x2f\x2e\x02" [pid 5868] <... mmap resumed>) = 0x20000000 [pid 5019] <... rmdir resumed>) = 0 [pid 5019] getdents64(3, [pid 5870] <... ioctl resumed>) = 0 [pid 5868] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5870] close(4 [pid 5868] <... open resumed>) = -1 EFAULT (Bad address) [pid 5019] close(3 [pid 5870] <... close resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5868] memfd_create("syzkaller", 0 [pid 5870] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5868] <... memfd_create resumed>) = 6 [pid 5019] rmdir("./141" [pid 5868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5019] mkdir("./142", 0777) = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5870] <... open resumed>) = 4 [pid 5868] <... mmap resumed>) = 0x7f362c399000 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5870] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5019] close(3) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5870] <... mount resumed>) = 0 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5872 [pid 5870] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5870] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5870] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5870] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0./strace-static-x86_64: Process 5872 attached ) = 0x20000000 [pid 5872] set_robust_list(0x555557506760, 24 [pid 5870] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5872] <... set_robust_list resumed>) = 0 [pid 5870] <... open resumed>) = -1 EFAULT (Bad address) [pid 5872] chdir("./142" [pid 5870] memfd_create("syzkaller", 0 [pid 5872] <... chdir resumed>) = 0 [pid 5870] <... memfd_create resumed>) = 6 [pid 5872] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5872] <... prctl resumed>) = 0 [pid 5870] <... mmap resumed>) = 0x7f362c399000 [pid 5872] setpgid(0, 0) = 0 [pid 5872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5872] write(3, "1000", 4) = 4 [ 164.931579][ T5869] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 164.958690][ T5871] UDF-fs: Scanning with blocksize 512 failed [pid 5872] close(3) = 0 [pid 5866] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5872] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5872] memfd_create("syzkaller", 0) = 3 [pid 5869] <... mount resumed>) = 0 [pid 5868] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5869] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5872] <... mmap resumed>) = 0x7f3634699000 [pid 5869] <... openat resumed>) = 3 [pid 5872] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5869] chdir("\x2e\x02") = 0 [pid 5869] ioctl(4, LOOP_CLR_FD) = 0 [pid 5869] close(4) = 0 [pid 5869] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5869] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5869] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5869] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5869] ftruncate(-1, 2 [pid 5870] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5869] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5869] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [ 165.003268][ T5871] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5872] <... write resumed>) = 1048576 [pid 5869] memfd_create("syzkaller", 0 [pid 5871] <... mount resumed>) = 0 [pid 5869] <... memfd_create resumed>) = 6 [pid 5871] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5871] <... openat resumed>) = 3 [pid 5869] <... mmap resumed>) = 0x7f362c399000 [pid 5871] chdir("\x2e\x02") = 0 [pid 5871] ioctl(4, LOOP_CLR_FD) = 0 [pid 5871] close(4) = 0 [pid 5872] munmap(0x7f3634699000, 1048576 [pid 5871] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5872] <... munmap resumed>) = 0 [pid 5871] <... open resumed>) = 4 [pid 5871] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5872] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5871] <... mount resumed>) = 0 [pid 5872] <... openat resumed>) = 4 [pid 5871] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5872] ioctl(4, LOOP_SET_FD, 3 [pid 5871] <... open resumed>) = 5 [pid 5871] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5871] ftruncate(-1, 2 [pid 5868] <... write resumed>) = 2097152 [pid 5866] <... write resumed>) = 2097152 [pid 5871] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5868] munmap(0x7f362c399000, 2097152 [pid 5866] munmap(0x7f362c399000, 2097152 [pid 5871] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5871] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5866] <... munmap resumed>) = 0 [pid 5871] <... open resumed>) = -1 EFAULT (Bad address) [pid 5871] memfd_create("syzkaller", 0 [pid 5868] <... munmap resumed>) = 0 [pid 5866] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5871] <... memfd_create resumed>) = 6 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5866] <... openat resumed>) = 7 [pid 5871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5868] <... openat resumed>) = 7 [pid 5866] ioctl(7, LOOP_SET_FD, 6 [pid 5871] <... mmap resumed>) = 0x7f362c399000 [pid 5868] ioctl(7, LOOP_SET_FD, 6 [pid 5866] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5872] <... ioctl resumed>) = 0 [pid 5870] <... write resumed>) = 2097152 [pid 5869] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5868] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5866] ioctl(7, LOOP_CLR_FD [pid 5872] close(3 [pid 5870] munmap(0x7f362c399000, 2097152 [pid 5868] ioctl(7, LOOP_CLR_FD [pid 5866] <... ioctl resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 5870] <... munmap resumed>) = 0 [pid 5868] <... ioctl resumed>) = 0 [pid 5872] mkdir("\x2e\x02", 0777 [pid 5870] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5872] <... mkdir resumed>) = 0 [pid 5870] <... openat resumed>) = 7 [ 165.089999][ T5872] loop5: detected capacity change from 0 to 2048 [pid 5872] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5870] ioctl(7, LOOP_SET_FD, 6 [pid 5868] ioctl(7, LOOP_SET_FD, 6 [pid 5866] ioctl(7, LOOP_SET_FD, 6 [pid 5870] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5868] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5866] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5870] ioctl(7, LOOP_CLR_FD [pid 5868] close(7 [pid 5866] close(7 [pid 5870] <... ioctl resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 5866] <... close resumed>) = 0 [pid 5868] close(6 [pid 5866] close(6 [pid 5868] <... close resumed>) = 0 [pid 5866] <... close resumed>) = 0 [pid 5870] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5870] close(7) = 0 [pid 5870] close(6 [pid 5868] exit_group(0 [pid 5870] <... close resumed>) = 0 [pid 5868] <... exit_group resumed>) = ? [pid 5868] +++ exited with 0 +++ [pid 5866] exit_group(0) = ? [pid 5866] +++ exited with 0 +++ [pid 5870] exit_group(0) = ? [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5868, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5866, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5014] umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] <... openat resumed>) = 3 [pid 5014] <... openat resumed>) = 3 [pid 5016] newfstatat(3, "", [pid 5014] newfstatat(3, "", [pid 5870] +++ exited with 0 +++ [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] <... write resumed>) = 2097152 [pid 5016] getdents64(3, [pid 5014] getdents64(3, [pid 5871] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5870, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [ 165.167225][ T5872] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 165.203619][ T5872] UDF-fs: Scanning with blocksize 512 failed [pid 5018] umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5869] munmap(0x7f362c399000, 2097152) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5018] openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5018] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5018] umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(AT_FDCWD, "./137/binderfs", [pid 5018] newfstatat(AT_FDCWD, "./140/binderfs", [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] newfstatat(AT_FDCWD, "./138/binderfs", [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] unlink("./140/binderfs") = 0 [pid 5016] unlink("./137/binderfs" [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] umount2("\x2e\x2f\x31\x34\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5872] <... mount resumed>) = 0 [pid 5016] <... unlink resumed>) = 0 [pid 5014] unlink("./138/binderfs" [pid 5869] <... openat resumed>) = 7 [pid 5869] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5869] ioctl(7, LOOP_CLR_FD) = 0 [pid 5872] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5016] umount2("\x2e\x2f\x31\x33\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... unlink resumed>) = 0 [pid 5018] <... umount2 resumed>) = 0 [pid 5872] <... openat resumed>) = 3 [pid 5869] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5869] close(7 [pid 5872] chdir("\x2e\x02" [pid 5869] <... close resumed>) = 0 [pid 5869] close(6 [pid 5872] <... chdir resumed>) = 0 [pid 5014] umount2("\x2e\x2f\x31\x33\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5872] ioctl(4, LOOP_CLR_FD) = 0 [pid 5872] close(4) = 0 [pid 5872] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5018] umount2("\x2e\x2f\x31\x34\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x30\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] umount2("\x2e\x2f\x31\x34\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5018] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5018] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] close(4) = 0 [pid 5018] rmdir("\x2e\x2f\x31\x34\x30\x2f\x2e\x02") = 0 [pid 5018] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] close(3) = 0 [pid 5018] rmdir("./140") = 0 [pid 5018] mkdir("./141", 0777 [pid 5016] <... umount2 resumed>) = 0 [pid 5872] <... open resumed>) = 4 [pid 5872] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5872] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5018] <... mkdir resumed>) = 0 [pid 5872] <... open resumed>) = 5 [pid 5872] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5872] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5872] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5018] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5018] close(3 [pid 5872] <... mmap resumed>) = 0x20000000 [pid 5018] <... close resumed>) = 0 [pid 5872] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5872] memfd_create("syzkaller", 0 [pid 5871] <... write resumed>) = 2097152 [pid 5869] <... close resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x33\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5872] <... memfd_create resumed>) = 6 [pid 5872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5873 ./strace-static-x86_64: Process 5873 attached [pid 5873] set_robust_list(0x555557506760, 24 [pid 5872] <... mmap resumed>) = 0x7f362c399000 [pid 5873] <... set_robust_list resumed>) = 0 [ 165.235024][ T5872] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5873] chdir("./141") = 0 [pid 5873] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5873] setpgid(0, 0) = 0 [pid 5873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5873] write(3, "1000", 4 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5873] <... write resumed>) = 4 [pid 5871] munmap(0x7f362c399000, 2097152 [pid 5873] close(3 [pid 5869] exit_group(0 [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x37\x2f\x2e\x02", [pid 5873] <... close resumed>) = 0 [pid 5869] <... exit_group resumed>) = ? [pid 5873] symlink("/dev/binderfs", "./binderfs" [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] <... symlink resumed>) = 0 [pid 5873] memfd_create("syzkaller", 0 [pid 5869] +++ exited with 0 +++ [pid 5016] umount2("\x2e\x2f\x31\x33\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5873] <... memfd_create resumed>) = 3 [pid 5873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5869, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- [pid 5871] <... munmap resumed>) = 0 [pid 5017] restart_syscall(<... resuming interrupted clone ...> [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... restart_syscall resumed>) = 0 [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x37\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5016] <... openat resumed>) = 4 [pid 5016] newfstatat(4, "", [pid 5017] umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5871] <... openat resumed>) = 7 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5871] ioctl(7, LOOP_SET_FD, 6 [pid 5017] openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] getdents64(4, [pid 5871] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] <... openat resumed>) = 3 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5017] newfstatat(3, "", [pid 5016] close(4 [pid 5871] ioctl(7, LOOP_CLR_FD [pid 5873] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5871] <... ioctl resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... close resumed>) = 0 [pid 5016] rmdir("\x2e\x2f\x31\x33\x37\x2f\x2e\x02" [pid 5017] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] <... rmdir resumed>) = 0 [pid 5017] umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] getdents64(3, [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5017] newfstatat(AT_FDCWD, "./137/binderfs", [pid 5871] ioctl(7, LOOP_SET_FD, 6 [pid 5016] close(3 [pid 5871] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... close resumed>) = 0 [pid 5014] <... umount2 resumed>) = 0 [pid 5871] close(7 [pid 5017] unlink("./137/binderfs" [pid 5016] rmdir("./137" [pid 5873] <... write resumed>) = 1048576 [pid 5871] <... close resumed>) = 0 [pid 5014] umount2("\x2e\x2f\x31\x33\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5873] munmap(0x7f3634699000, 1048576 [pid 5872] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2080384 [pid 5871] close(6 [pid 5017] <... unlink resumed>) = 0 [pid 5016] <... rmdir resumed>) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5873] <... munmap resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 5017] umount2("\x2e\x2f\x31\x33\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] mkdir("./138", 0777 [pid 5014] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x38\x2f\x2e\x02", [pid 5873] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5016] <... mkdir resumed>) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5873] <... openat resumed>) = 4 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5014] umount2("\x2e\x2f\x31\x33\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5873] ioctl(4, LOOP_SET_FD, 3 [pid 5017] <... umount2 resumed>) = 0 [pid 5016] <... openat resumed>) = 3 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5014] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5014] <... openat resumed>) = 4 [pid 5871] exit_group(0 [pid 5016] close(3 [pid 5014] newfstatat(4, "", [pid 5871] <... exit_group resumed>) = ? [pid 5016] <... close resumed>) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5873] <... ioctl resumed>) = 0 [pid 5871] +++ exited with 0 +++ [pid 5017] umount2("\x2e\x2f\x31\x33\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5014] getdents64(4, [pid 5873] close(3 [pid 5872] <... write resumed>) = 2080384 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5871, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5014] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5873] <... close resumed>) = 0 [pid 5872] munmap(0x7f362c399000, 2080384 [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x37\x2f\x2e\x02", [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5874 [pid 5014] getdents64(4, [pid 5873] mkdir("\x2e\x02", 0777 [pid 5014] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] close(4 [pid 5872] <... munmap resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... close resumed>) = 0 [pid 5873] <... mkdir resumed>) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5017] umount2("\x2e\x2f\x31\x33\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] rmdir("\x2e\x2f\x31\x33\x38\x2f\x2e\x02"./strace-static-x86_64: Process 5874 attached [pid 5873] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5872] <... openat resumed>) = 7 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... openat resumed>) = 3 [pid 5014] <... rmdir resumed>) = 0 [pid 5874] set_robust_list(0x555557506760, 24 [pid 5872] ioctl(7, LOOP_SET_FD, 6 [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x37\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] newfstatat(3, "", [pid 5014] getdents64(3, [pid 5874] <... set_robust_list resumed>) = 0 [pid 5872] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] <... openat resumed>) = 4 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5874] chdir("./138" [pid 5872] ioctl(7, LOOP_CLR_FD [pid 5017] newfstatat(4, "", [pid 5015] getdents64(3, [pid 5014] close(3 [pid 5874] <... chdir resumed>) = 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] <... close resumed>) = 0 [pid 5874] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5015] umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] rmdir("./138" [pid 5874] <... prctl resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... rmdir resumed>) = 0 [pid 5874] setpgid(0, 0 [pid 5015] newfstatat(AT_FDCWD, "./139/binderfs", [pid 5014] mkdir("./139", 0777 [pid 5874] <... setpgid resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] <... mkdir resumed>) = 0 [pid 5874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5872] <... ioctl resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] unlink("./139/binderfs" [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5874] <... openat resumed>) = 3 [pid 5015] <... unlink resumed>) = 0 [ 165.386760][ T5873] loop4: detected capacity change from 0 to 2048 [ 165.420922][ T5873] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [pid 5014] <... openat resumed>) = 3 [pid 5874] write(3, "1000", 4 [pid 5015] umount2("\x2e\x2f\x31\x33\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] ioctl(3, LOOP_CLR_FD [pid 5874] <... write resumed>) = 4 [pid 5014] <... ioctl resumed>) = 0 [pid 5874] close(3 [pid 5014] close(3 [pid 5874] <... close resumed>) = 0 [pid 5014] <... close resumed>) = 0 [pid 5874] symlink("/dev/binderfs", "./binderfs" [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5874] <... symlink resumed>) = 0 [pid 5017] getdents64(4, [pid 5874] memfd_create("syzkaller", 0 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 5875 [pid 5874] <... memfd_create resumed>) = 3 [pid 5017] getdents64(4, [pid 5874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5874] <... mmap resumed>) = 0x7f3634699000 [pid 5872] ioctl(7, LOOP_SET_FD, 6 [pid 5017] close(4 [pid 5874] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5872] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] <... close resumed>) = 0 [pid 5015] <... umount2 resumed>) = 0 [pid 5872] close(7 [pid 5017] rmdir("\x2e\x2f\x31\x33\x37\x2f\x2e\x02" [pid 5015] umount2("\x2e\x2f\x31\x33\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5872] <... close resumed>) = 0 [ 165.434672][ T5873] UDF-fs: Scanning with blocksize 512 failed ./strace-static-x86_64: Process 5875 attached [pid 5872] close(6 [pid 5017] <... rmdir resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] <... write resumed>) = 1048576 [pid 5874] munmap(0x7f3634699000, 1048576) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5874] ioctl(4, LOOP_SET_FD, 3 [pid 5017] getdents64(3, [pid 5875] set_robust_list(0x555557506760, 24 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x39\x2f\x2e\x02", [pid 5875] <... set_robust_list resumed>) = 0 [pid 5017] close(3 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] <... close resumed>) = 0 [pid 5875] chdir("./139" [pid 5017] rmdir("./137" [pid 5015] umount2("\x2e\x2f\x31\x33\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5875] <... chdir resumed>) = 0 [pid 5017] <... rmdir resumed>) = 0 [pid 5875] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5017] mkdir("./138", 0777 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5875] <... prctl resumed>) = 0 [pid 5875] setpgid(0, 0 [pid 5017] <... mkdir resumed>) = 0 [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5875] <... setpgid resumed>) = 0 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5015] <... openat resumed>) = 4 [pid 5875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5015] newfstatat(4, "", [pid 5872] <... close resumed>) = 0 [pid 5875] <... openat resumed>) = 3 [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5875] write(3, "1000", 4 [pid 5872] exit_group(0 [pid 5017] close(3 [pid 5015] getdents64(4, [pid 5875] <... write resumed>) = 4 [pid 5873] <... mount resumed>) = 0 [pid 5872] <... exit_group resumed>) = ? [pid 5017] <... close resumed>) = 0 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5875] close(3 [pid 5873] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5872] +++ exited with 0 +++ [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5875] <... close resumed>) = 0 [pid 5873] <... openat resumed>) = 3 [pid 5015] getdents64(4, [pid 5875] symlink("/dev/binderfs", "./binderfs" [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5872, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5873] chdir("\x2e\x02" [pid 5875] <... symlink resumed>) = 0 [pid 5873] <... chdir resumed>) = 0 [pid 5019] restart_syscall(<... resuming interrupted clone ...> [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5876 [pid 5015] close(4 [pid 5875] memfd_create("syzkaller", 0 [pid 5873] ioctl(4, LOOP_CLR_FD [pid 5019] <... restart_syscall resumed>) = 0 [pid 5015] <... close resumed>) = 0 [pid 5875] <... memfd_create resumed>) = 3 [pid 5873] <... ioctl resumed>) = 0 [pid 5015] rmdir("\x2e\x2f\x31\x33\x39\x2f\x2e\x02" [pid 5875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5873] close(4 [pid 5875] <... mmap resumed>) = 0x7f3634699000 [pid 5873] <... close resumed>) = 0 [pid 5019] umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... rmdir resumed>) = 0 [pid 5873] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] getdents64(3, [pid 5019] openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5873] <... open resumed>) = 4 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5019] <... openat resumed>) = 3 [pid 5873] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] newfstatat(3, "", [pid 5015] close(3 [pid 5875] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5873] <... mount resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... close resumed>) = 0 ./strace-static-x86_64: Process 5876 attached [pid 5873] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5019] getdents64(3, [pid 5876] set_robust_list(0x555557506760, 24 [pid 5873] <... open resumed>) = 5 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] rmdir("./139" [pid 5876] <... set_robust_list resumed>) = 0 [pid 5873] openat(AT_FDCWD, NULL, O_RDWR [pid 5019] umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5876] chdir("./138" [pid 5873] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... rmdir resumed>) = 0 [pid 5876] <... chdir resumed>) = 0 [pid 5874] <... ioctl resumed>) = 0 [pid 5873] ftruncate(-1, 2 [pid 5019] newfstatat(AT_FDCWD, "./142/binderfs", [pid 5015] mkdir("./140", 0777 [pid 5876] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5874] close(3 [pid 5873] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5876] <... prctl resumed>) = 0 [pid 5874] <... close resumed>) = 0 [pid 5873] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] unlink("./142/binderfs" [pid 5015] <... mkdir resumed>) = 0 [pid 5876] setpgid(0, 0 [pid 5874] mkdir("\x2e\x02", 0777 [pid 5873] <... mmap resumed>) = 0x20000000 [pid 5019] <... unlink resumed>) = 0 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5876] <... setpgid resumed>) = 0 [pid 5874] <... mkdir resumed>) = 0 [pid 5873] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] umount2("\x2e\x2f\x31\x34\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... openat resumed>) = 3 [ 165.458648][ T5873] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 165.497426][ T5874] loop2: detected capacity change from 0 to 2048 [pid 5876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5874] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5873] <... open resumed>) = -1 EFAULT (Bad address) [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5876] <... openat resumed>) = 3 [pid 5873] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5876] write(3, "1000", 4 [pid 5873] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5876] <... write resumed>) = 4 [pid 5873] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5015] close(3 [pid 5876] close(3 [pid 5873] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5015] <... close resumed>) = 0 [pid 5876] <... close resumed>) = 0 [pid 5876] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5876] memfd_create("syzkaller", 0) = 3 [pid 5876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5876] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5875] <... write resumed>) = 1048576 [pid 5873] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5019] <... umount2 resumed>) = 0 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5875] munmap(0x7f3634699000, 1048576 [pid 5873] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5019] umount2("\x2e\x2f\x31\x34\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5873] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5873] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5877 [pid 5876] <... write resumed>) = 1048576 [pid 5875] <... munmap resumed>) = 0 [pid 5873] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x32\x2f\x2e\x02", ./strace-static-x86_64: Process 5877 attached [pid 5877] set_robust_list(0x555557506760, 24) = 0 [pid 5877] chdir("./140") = 0 [pid 5877] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5877] setpgid(0, 0 [pid 5873] memfd_create("syzkaller", 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5877] <... setpgid resumed>) = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5873] <... memfd_create resumed>) = 6 [ 165.548809][ T5874] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 165.573835][ T5874] UDF-fs: Scanning with blocksize 512 failed [pid 5019] umount2("\x2e\x2f\x31\x34\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5875] <... openat resumed>) = 4 [pid 5873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5877] <... openat resumed>) = 3 [pid 5875] ioctl(4, LOOP_SET_FD, 3 [pid 5873] <... mmap resumed>) = 0x7f362c399000 [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5877] write(3, "1000", 4) = 4 [pid 5877] close(3) = 0 [pid 5877] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5877] memfd_create("syzkaller", 0) = 3 [pid 5877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5877] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5876] munmap(0x7f3634699000, 1048576) = 0 [pid 5019] <... openat resumed>) = 4 [pid 5019] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5019] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5875] <... ioctl resumed>) = 0 [pid 5875] close(3 [pid 5019] close(4) = 0 [pid 5876] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5019] rmdir("\x2e\x2f\x31\x34\x32\x2f\x2e\x02" [pid 5875] <... close resumed>) = 0 [pid 5876] <... openat resumed>) = 4 [pid 5019] <... rmdir resumed>) = 0 [ 165.596973][ T5874] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 165.611125][ T5875] loop0: detected capacity change from 0 to 2048 [ 165.618545][ T5873] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2 [pid 5876] ioctl(4, LOOP_SET_FD, 3 [pid 5875] mkdir("\x2e\x02", 0777 [pid 5019] getdents64(3, [pid 5874] <... mount resumed>) = 0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5875] <... mkdir resumed>) = 0 [pid 5874] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5875] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [pid 5874] <... openat resumed>) = 3 [pid 5873] munmap(0x7f362c399000, 138412032 [pid 5019] close(3) = 0 [pid 5019] rmdir("./142") = 0 [pid 5019] mkdir("./143", 0777 [pid 5874] chdir("\x2e\x02" [pid 5019] <... mkdir resumed>) = 0 [pid 5877] <... write resumed>) = 1048576 [ 165.644129][ T5876] loop3: detected capacity change from 0 to 2048 [pid 5874] <... chdir resumed>) = 0 [pid 5873] <... munmap resumed>) = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5874] ioctl(4, LOOP_CLR_FD [pid 5873] close(6 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5874] <... ioctl resumed>) = 0 [pid 5873] <... close resumed>) = 0 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5874] close(4 [pid 5873] exit_group(0 [pid 5019] close(3 [pid 5876] <... ioctl resumed>) = 0 [pid 5874] <... close resumed>) = 0 [pid 5873] <... exit_group resumed>) = ? [pid 5019] <... close resumed>) = 0 [pid 5876] close(3 [pid 5874] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5873] +++ exited with 0 +++ [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5876] <... close resumed>) = 0 [ 165.681984][ T5875] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 165.710841][ T27] kauditd_printk_skb: 28 callbacks suppressed [pid 5876] mkdir("\x2e\x02", 0777./strace-static-x86_64: Process 5878 attached ) = 0 [pid 5874] <... open resumed>) = 4 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5878 [pid 5876] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5877] munmap(0x7f3634699000, 1048576 [pid 5874] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5878] set_robust_list(0x555557506760, 24 [pid 5877] <... munmap resumed>) = 0 [pid 5874] <... mount resumed>) = 0 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5873, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5878] <... set_robust_list resumed>) = 0 [pid 5874] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5018] restart_syscall(<... resuming interrupted clone ...> [pid 5878] chdir("./143" [pid 5877] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5874] <... open resumed>) = 5 [pid 5018] <... restart_syscall resumed>) = 0 [pid 5878] <... chdir resumed>) = 0 [pid 5877] <... openat resumed>) = 4 [pid 5874] openat(AT_FDCWD, NULL, O_RDWR [pid 5878] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5877] ioctl(4, LOOP_SET_FD, 3 [pid 5874] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5878] <... prctl resumed>) = 0 [pid 5874] ftruncate(-1, 2 [pid 5018] umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5878] setpgid(0, 0 [pid 5874] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5878] <... setpgid resumed>) = 0 [pid 5874] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5018] openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5874] <... mmap resumed>) = 0x20000000 [pid 5018] <... openat resumed>) = 3 [pid 5878] <... openat resumed>) = 3 [pid 5874] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5018] newfstatat(3, "", [pid 5878] write(3, "1000", 4 [pid 5874] <... open resumed>) = -1 EFAULT (Bad address) [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5878] <... write resumed>) = 4 [pid 5874] memfd_create("syzkaller", 0 [pid 5018] getdents64(3, [pid 5878] close(3 [pid 5874] <... memfd_create resumed>) = 6 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5878] <... close resumed>) = 0 [pid 5874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5878] symlink("/dev/binderfs", "./binderfs" [pid 5874] <... mmap resumed>) = 0x7f362c399000 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5878] <... symlink resumed>) = 0 [pid 5018] newfstatat(AT_FDCWD, "./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5878] memfd_create("syzkaller", 0 [pid 5018] unlink("./141/binderfs" [pid 5878] <... memfd_create resumed>) = 3 [pid 5877] <... ioctl resumed>) = 0 [pid 5018] <... unlink resumed>) = 0 [pid 5878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5877] close(3 [pid 5018] umount2("\x2e\x2f\x31\x34\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5878] <... mmap resumed>) = 0x7f3634699000 [pid 5877] <... close resumed>) = 0 [pid 5877] mkdir("\x2e\x02", 0777) = 0 [ 165.711084][ T27] audit: type=1800 audit(1692541369.368:842): pid=5874 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop2" ino=851 res=0 errno=0 [ 165.727164][ T5875] UDF-fs: Scanning with blocksize 512 failed [ 165.752269][ T5876] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 165.762727][ T5877] loop1: detected capacity change from 0 to 2048 [pid 5877] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5878] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5018] <... umount2 resumed>) = 0 [ 165.805652][ T5876] UDF-fs: Scanning with blocksize 512 failed [pid 5018] umount2("\x2e\x2f\x31\x34\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x31\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] umount2("\x2e\x2f\x31\x34\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5878] <... write resumed>) = 1048576 [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x31\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5018] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5018] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] close(4) = 0 [pid 5878] munmap(0x7f3634699000, 1048576 [pid 5018] rmdir("\x2e\x2f\x31\x34\x31\x2f\x2e\x02") = 0 [pid 5018] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5878] <... munmap resumed>) = 0 [pid 5018] close(3 [ 165.855976][ T5877] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 165.863670][ T5877] UDF-fs: Scanning with blocksize 512 failed [pid 5878] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5018] <... close resumed>) = 0 [pid 5878] <... openat resumed>) = 4 [pid 5874] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5018] rmdir("./141" [pid 5878] ioctl(4, LOOP_SET_FD, 3 [pid 5018] <... rmdir resumed>) = 0 [pid 5018] mkdir("./142", 0777) = 0 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5018] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5878] <... ioctl resumed>) = 0 [pid 5018] close(3) = 0 [pid 5878] close(3 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5878] <... close resumed>) = 0 [pid 5878] mkdir("\x2e\x02", 0777 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5879 [pid 5878] <... mkdir resumed>) = 0 [pid 5878] mount("/dev/loop5", "\x2e\x02", "udf", 0, ""./strace-static-x86_64: Process 5879 attached [pid 5879] set_robust_list(0x555557506760, 24) = 0 [pid 5879] chdir("./142") = 0 [pid 5879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5879] setpgid(0, 0) = 0 [pid 5879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5879] write(3, "1000", 4) = 4 [ 165.907288][ T5876] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 165.927889][ T5878] loop5: detected capacity change from 0 to 2048 [pid 5879] close(3) = 0 [pid 5879] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5879] memfd_create("syzkaller", 0) = 3 [pid 5879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5876] <... mount resumed>) = 0 [ 165.950197][ T5878] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [pid 5876] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5876] chdir("\x2e\x02") = 0 [pid 5876] ioctl(4, LOOP_CLR_FD) = 0 [pid 5876] close(4) = 0 [pid 5876] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5879] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5876] <... open resumed>) = 4 [pid 5876] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5876] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5876] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5876] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5876] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5876] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [ 165.981352][ T5875] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 165.998689][ T5877] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 166.007595][ T27] audit: type=1800 audit(1692541369.658:843): pid=5876 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop3" ino=851 res=0 errno=0 [pid 5876] memfd_create("syzkaller", 0) = 6 [pid 5876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5879] <... write resumed>) = 1048576 [pid 5877] <... mount resumed>) = 0 [pid 5876] <... mmap resumed>) = 0x7f362c399000 [pid 5874] <... write resumed>) = 2097152 [pid 5877] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5874] munmap(0x7f362c399000, 2097152 [pid 5877] <... openat resumed>) = 3 [pid 5877] chdir("\x2e\x02" [pid 5874] <... munmap resumed>) = 0 [pid 5877] <... chdir resumed>) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 7 [pid 5877] ioctl(4, LOOP_CLR_FD [pid 5874] ioctl(7, LOOP_SET_FD, 6 [pid 5879] munmap(0x7f3634699000, 1048576 [pid 5877] <... ioctl resumed>) = 0 [pid 5874] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5879] <... munmap resumed>) = 0 [pid 5877] close(4 [pid 5874] ioctl(7, LOOP_CLR_FD [pid 5879] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5877] <... close resumed>) = 0 [pid 5879] <... openat resumed>) = 4 [ 166.028291][ T5878] UDF-fs: Scanning with blocksize 512 failed [ 166.047415][ T5875] UDF-fs: Scanning with blocksize 1024 failed [pid 5877] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5874] <... ioctl resumed>) = 0 [pid 5879] ioctl(4, LOOP_SET_FD, 3 [pid 5877] <... open resumed>) = 4 [pid 5877] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5874] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5874] close(7) = 0 [ 166.089088][ T5878] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 166.099998][ T27] audit: type=1800 audit(1692541369.768:844): pid=5877 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop1" ino=851 res=0 errno=0 [ 166.101688][ T5879] loop4: detected capacity change from 0 to 2048 [pid 5874] close(6 [pid 5879] <... ioctl resumed>) = 0 [pid 5878] <... mount resumed>) = 0 [pid 5877] <... mount resumed>) = 0 [pid 5876] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5874] <... close resumed>) = 0 [pid 5879] close(3 [pid 5878] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5877] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5879] <... close resumed>) = 0 [pid 5878] <... openat resumed>) = 3 [pid 5877] <... open resumed>) = 5 [pid 5879] mkdir("\x2e\x02", 0777 [pid 5878] chdir("\x2e\x02" [pid 5877] openat(AT_FDCWD, NULL, O_RDWR [pid 5879] <... mkdir resumed>) = 0 [pid 5878] <... chdir resumed>) = 0 [pid 5877] <... openat resumed>) = -1 EFAULT (Bad address) [ 166.134311][ T5875] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [pid 5879] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5878] ioctl(4, LOOP_CLR_FD [pid 5877] ftruncate(-1, 2 [pid 5878] <... ioctl resumed>) = 0 [pid 5877] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5878] close(4 [pid 5877] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5878] <... close resumed>) = 0 [pid 5877] <... mmap resumed>) = 0x20000000 [pid 5878] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5877] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5874] exit_group(0 [pid 5878] <... open resumed>) = 4 [pid 5877] <... open resumed>) = -1 EFAULT (Bad address) [pid 5878] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5877] memfd_create("syzkaller", 0 [pid 5878] <... mount resumed>) = 0 [pid 5877] <... memfd_create resumed>) = 6 [pid 5878] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5874] <... exit_group resumed>) = ? [pid 5878] <... open resumed>) = 5 [pid 5877] <... mmap resumed>) = 0x7f362c399000 [ 166.174203][ T5875] UDF-fs: Scanning with blocksize 2048 failed [ 166.182965][ T5879] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 166.194918][ T27] audit: type=1800 audit(1692541369.858:845): pid=5878 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop5" ino=851 res=0 errno=0 [pid 5878] openat(AT_FDCWD, NULL, O_RDWR [pid 5874] +++ exited with 0 +++ [pid 5878] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5878] ftruncate(-1, 2 [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5874, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5879] <... mount resumed>) = 0 [pid 5878] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5016] restart_syscall(<... resuming interrupted clone ...> [pid 5879] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5878] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5877] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5876] <... write resumed>) = 2097152 [pid 5875] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5879] <... openat resumed>) = 3 [pid 5878] <... mmap resumed>) = 0x20000000 [pid 5876] munmap(0x7f362c399000, 2097152 [pid 5875] ioctl(4, LOOP_CLR_FD [pid 5016] <... restart_syscall resumed>) = 0 [pid 5879] chdir("\x2e\x02" [pid 5878] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5875] <... ioctl resumed>) = 0 [pid 5879] <... chdir resumed>) = 0 [pid 5878] <... open resumed>) = -1 EFAULT (Bad address) [pid 5876] <... munmap resumed>) = 0 [pid 5875] close(4 [pid 5879] ioctl(4, LOOP_CLR_FD [pid 5878] memfd_create("syzkaller", 0 [pid 5876] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5875] <... close resumed>) = 0 [pid 5016] umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5878] <... memfd_create resumed>) = 6 [pid 5875] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 166.231076][ T5879] UDF-fs: Scanning with blocksize 512 failed [ 166.241752][ T5879] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 166.245400][ T5875] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 166.263141][ T5875] UDF-fs: Scanning with blocksize 4096 failed [pid 5878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5875] <... open resumed>) = 3 [pid 5016] openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5878] <... mmap resumed>) = 0x7f362c399000 [pid 5875] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5016] <... openat resumed>) = 3 [pid 5875] <... mount resumed>) = 0 [pid 5016] newfstatat(3, "", [pid 5875] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5879] <... ioctl resumed>) = 0 [pid 5875] <... open resumed>) = 4 [pid 5016] getdents64(3, [pid 5875] openat(AT_FDCWD, NULL, O_RDWR [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5879] close(4 [pid 5876] <... openat resumed>) = 7 [pid 5875] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5016] umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5879] <... close resumed>) = 0 [pid 5876] ioctl(7, LOOP_SET_FD, 6 [pid 5875] ftruncate(-1, 2 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5879] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5876] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5875] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5016] newfstatat(AT_FDCWD, "./138/binderfs", [pid 5879] <... open resumed>) = 4 [pid 5876] ioctl(7, LOOP_CLR_FD [pid 5875] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 5877] <... write resumed>) = 2097152 [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5875] <... mmap resumed>) = 0x20000000 [pid 5016] unlink("./138/binderfs" [pid 5875] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5016] <... unlink resumed>) = 0 [pid 5875] <... open resumed>) = -1 EFAULT (Bad address) [ 166.290388][ T27] audit: type=1800 audit(1692541369.948:846): pid=5875 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="sda1" ino=1951 res=0 errno=0 [pid 5016] umount2("\x2e\x2f\x31\x33\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5875] memfd_create("syzkaller", 0) = 5 [pid 5875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5879] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5877] munmap(0x7f362c399000, 2097152 [pid 5876] <... ioctl resumed>) = 0 [pid 5875] <... mmap resumed>) = 0x7f362c399000 [pid 5879] <... mount resumed>) = 0 [pid 5878] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5877] <... munmap resumed>) = 0 [pid 5879] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5877] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5016] <... umount2 resumed>) = 0 [pid 5879] <... open resumed>) = 5 [pid 5877] <... openat resumed>) = 7 [pid 5879] openat(AT_FDCWD, NULL, O_RDWR [pid 5877] ioctl(7, LOOP_SET_FD, 6 [pid 5876] ioctl(7, LOOP_SET_FD, 6 [pid 5879] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5877] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5876] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5879] ftruncate(-1, 2 [pid 5877] ioctl(7, LOOP_CLR_FD [pid 5876] close(7 [pid 5879] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5877] <... ioctl resumed>) = 0 [pid 5876] <... close resumed>) = 0 [pid 5879] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [ 166.322715][ T27] audit: type=1800 audit(1692541369.978:847): pid=5879 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop4" ino=851 res=0 errno=0 [pid 5876] close(6 [pid 5879] <... mmap resumed>) = 0x20000000 [pid 5016] umount2("\x2e\x2f\x31\x33\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5879] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5877] ioctl(7, LOOP_SET_FD, 6 [pid 5879] <... open resumed>) = -1 EFAULT (Bad address) [pid 5877] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5879] memfd_create("syzkaller", 0 [pid 5877] close(7 [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x38\x2f\x2e\x02", [pid 5879] <... memfd_create resumed>) = 6 [pid 5877] <... close resumed>) = 0 [pid 5879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5877] close(6 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5879] <... mmap resumed>) = 0x7f362c399000 [pid 5877] <... close resumed>) = 0 [pid 5876] <... close resumed>) = 0 [pid 5878] <... write resumed>) = 2097152 [pid 5875] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5016] umount2("\x2e\x2f\x31\x33\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5877] exit_group(0) = ? [pid 5876] exit_group(0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5876] <... exit_group resumed>) = ? [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5876] +++ exited with 0 +++ [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5876, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5016] <... openat resumed>) = 4 [pid 5017] umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] newfstatat(4, "", [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5877] +++ exited with 0 +++ [pid 5017] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] getdents64(3, [pid 5016] getdents64(4, [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5877, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] newfstatat(AT_FDCWD, "./138/binderfs", [pid 5015] <... openat resumed>) = 3 [pid 5878] munmap(0x7f362c399000, 2097152 [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] newfstatat(3, "", [pid 5878] <... munmap resumed>) = 0 [pid 5017] unlink("./138/binderfs" [pid 5016] getdents64(4, [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] <... unlink resumed>) = 0 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] getdents64(3, [pid 5017] umount2("\x2e\x2f\x31\x33\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] close(4 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] <... umount2 resumed>) = 0 [pid 5016] <... close resumed>) = 0 [pid 5015] umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] umount2("\x2e\x2f\x31\x33\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] rmdir("\x2e\x2f\x31\x33\x38\x2f\x2e\x02" [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(AT_FDCWD, "./140/binderfs", [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x38\x2f\x2e\x02", [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... rmdir resumed>) = 0 [pid 5015] unlink("./140/binderfs" [pid 5878] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5017] umount2("\x2e\x2f\x31\x33\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] getdents64(3, [pid 5015] <... unlink resumed>) = 0 [pid 5878] <... openat resumed>) = 7 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] umount2("\x2e\x2f\x31\x34\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5879] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5878] ioctl(7, LOOP_SET_FD, 6 [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5878] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] <... openat resumed>) = 4 [pid 5015] <... umount2 resumed>) = 0 [pid 5878] ioctl(7, LOOP_CLR_FD [pid 5017] newfstatat(4, "", [pid 5878] <... ioctl resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] umount2("\x2e\x2f\x31\x34\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x30\x2f\x2e\x02", [pid 5017] close(4) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5878] ioctl(7, LOOP_SET_FD, 6 [pid 5017] rmdir("\x2e\x2f\x31\x33\x38\x2f\x2e\x02" [pid 5878] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] <... rmdir resumed>) = 0 [pid 5016] close(3 [pid 5015] umount2("\x2e\x2f\x31\x34\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5878] close(7 [pid 5017] getdents64(3, [pid 5016] <... close resumed>) = 0 [pid 5878] <... close resumed>) = 0 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5878] close(6 [pid 5017] close(3 [pid 5016] rmdir("./138" [pid 5875] <... write resumed>) = 2097152 [pid 5017] <... close resumed>) = 0 [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] rmdir("./138" [pid 5015] <... openat resumed>) = 4 [pid 5875] munmap(0x7f362c399000, 2097152 [pid 5017] <... rmdir resumed>) = 0 [pid 5016] <... rmdir resumed>) = 0 [pid 5015] newfstatat(4, "", [pid 5017] mkdir("./139", 0777 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] <... mkdir resumed>) = 0 [pid 5015] getdents64(4, [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5017] <... openat resumed>) = 3 [pid 5015] getdents64(4, [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5017] <... ioctl resumed>) = 0 [pid 5015] close(4 [pid 5017] close(3 [pid 5015] <... close resumed>) = 0 [pid 5017] <... close resumed>) = 0 [pid 5015] rmdir("\x2e\x2f\x31\x34\x30\x2f\x2e\x02" [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5015] <... rmdir resumed>) = 0 [pid 5875] <... munmap resumed>) = 0 [pid 5016] mkdir("./139", 0777 [pid 5015] getdents64(3, [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5880 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] close(3) = 0 [pid 5015] rmdir("./140") = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5016] <... mkdir resumed>) = 0 [pid 5015] mkdir("./141", 0777 [pid 5878] <... close resumed>) = 0 [pid 5875] <... openat resumed>) = 6 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5015] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5880 attached [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5880] set_robust_list(0x555557506760, 24 [pid 5015] <... openat resumed>) = 3 [pid 5880] <... set_robust_list resumed>) = 0 [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5880] chdir("./139" [pid 5875] ioctl(6, LOOP_SET_FD, 5 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5880] <... chdir resumed>) = 0 [pid 5016] <... openat resumed>) = 3 [pid 5015] close(3 [pid 5880] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5015] <... close resumed>) = 0 [pid 5880] <... prctl resumed>) = 0 [pid 5878] exit_group(0 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5880] setpgid(0, 0 [pid 5878] <... exit_group resumed>) = ? [pid 5875] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5880] <... setpgid resumed>) = 0 [pid 5878] +++ exited with 0 +++ [pid 5875] ioctl(6, LOOP_CLR_FD [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5881 [pid 5880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5880] <... openat resumed>) = 3 [pid 5875] <... ioctl resumed>) = 0 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5878, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5880] write(3, "1000", 4 [pid 5019] umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5880] <... write resumed>) = 4 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5880] close(3 [pid 5019] openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5880] <... close resumed>) = 0 [pid 5019] <... openat resumed>) = 3 [pid 5880] symlink("/dev/binderfs", "./binderfs" [pid 5019] newfstatat(3, "", [pid 5880] <... symlink resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] close(3 [pid 5880] memfd_create("syzkaller", 0 [pid 5019] getdents64(3, [pid 5016] <... close resumed>) = 0 [pid 5880] <... memfd_create resumed>) = 3 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5880] <... mmap resumed>) = 0x7f3634699000 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5880] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5875] ioctl(6, LOOP_SET_FD, 5 [pid 5019] newfstatat(AT_FDCWD, "./143/binderfs", [pid 5875] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5882 [pid 5875] close(6 [pid 5019] unlink("./143/binderfs"./strace-static-x86_64: Process 5881 attached [pid 5875] <... close resumed>) = 0 [pid 5019] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 5882 attached [pid 5019] umount2("\x2e\x2f\x31\x34\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5882] set_robust_list(0x555557506760, 24 [pid 5881] set_robust_list(0x555557506760, 24 [pid 5875] close(5 [pid 5882] <... set_robust_list resumed>) = 0 [pid 5882] chdir("./139") = 0 [pid 5882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5882] setpgid(0, 0) = 0 [pid 5882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5880] <... write resumed>) = 1048576 [pid 5882] write(3, "1000", 4) = 4 [pid 5882] close(3 [pid 5881] <... set_robust_list resumed>) = 0 [pid 5882] <... close resumed>) = 0 [pid 5882] symlink("/dev/binderfs", "./binderfs" [pid 5881] chdir("./141" [pid 5882] <... symlink resumed>) = 0 [pid 5881] <... chdir resumed>) = 0 [pid 5882] memfd_create("syzkaller", 0 [pid 5881] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5882] <... memfd_create resumed>) = 3 [pid 5881] <... prctl resumed>) = 0 [pid 5882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5881] setpgid(0, 0 [pid 5882] <... mmap resumed>) = 0x7f3634699000 [pid 5881] <... setpgid resumed>) = 0 [pid 5881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5879] <... write resumed>) = 2097152 [pid 5019] <... umount2 resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x34\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x33\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] umount2("\x2e\x2f\x31\x34\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x33\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5019] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5019] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5019] close(4) = 0 [pid 5019] rmdir("\x2e\x2f\x31\x34\x33\x2f\x2e\x02" [pid 5881] <... openat resumed>) = 3 [pid 5019] <... rmdir resumed>) = 0 [pid 5881] write(3, "1000", 4 [pid 5019] getdents64(3, [pid 5881] <... write resumed>) = 4 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5881] close(3 [pid 5019] close(3 [pid 5881] <... close resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5881] symlink("/dev/binderfs", "./binderfs" [pid 5019] rmdir("./143" [pid 5881] <... symlink resumed>) = 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5882] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5881] memfd_create("syzkaller", 0 [pid 5019] mkdir("./144", 0777 [pid 5881] <... memfd_create resumed>) = 3 [pid 5879] munmap(0x7f362c399000, 2097152 [pid 5875] <... close resumed>) = 0 [pid 5019] <... mkdir resumed>) = 0 [pid 5880] munmap(0x7f3634699000, 1048576 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5880] <... munmap resumed>) = 0 [pid 5019] <... openat resumed>) = 3 [pid 5019] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5019] close(3) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5880] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5879] <... munmap resumed>) = 0 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5883 [pid 5881] <... mmap resumed>) = 0x7f3634699000 [pid 5880] <... openat resumed>) = 4 [pid 5875] exit_group(0 [pid 5880] ioctl(4, LOOP_SET_FD, 3 [pid 5881] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5879] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5875] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 5883 attached [pid 5883] set_robust_list(0x555557506760, 24) = 0 [pid 5883] chdir("./144") = 0 [pid 5883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5875] +++ exited with 0 +++ [pid 5883] setpgid(0, 0 [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5875, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5883] <... setpgid resumed>) = 0 [pid 5014] restart_syscall(<... resuming interrupted clone ...> [pid 5883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5879] <... openat resumed>) = 7 [pid 5014] <... restart_syscall resumed>) = 0 [pid 5883] <... openat resumed>) = 3 [pid 5882] <... write resumed>) = 1048576 [pid 5883] write(3, "1000", 4) = 4 [pid 5879] ioctl(7, LOOP_SET_FD, 6 [pid 5883] close(3) = 0 [pid 5014] umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5883] symlink("/dev/binderfs", "./binderfs" [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5883] <... symlink resumed>) = 0 [pid 5879] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5014] openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5883] memfd_create("syzkaller", 0 [pid 5879] ioctl(7, LOOP_CLR_FD [pid 5883] <... memfd_create resumed>) = 3 [pid 5879] <... ioctl resumed>) = 0 [pid 5014] <... openat resumed>) = 3 [pid 5883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5882] munmap(0x7f3634699000, 1048576 [pid 5014] newfstatat(3, "", [pid 5883] <... mmap resumed>) = 0x7f3634699000 [pid 5880] <... ioctl resumed>) = 0 [pid 5883] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5880] close(3 [pid 5879] ioctl(7, LOOP_SET_FD, 6 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5882] <... munmap resumed>) = 0 [pid 5880] <... close resumed>) = 0 [pid 5882] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5880] mkdir("\x2e\x02", 0777 [pid 5879] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5014] getdents64(3, [pid 5882] <... openat resumed>) = 4 [pid 5880] <... mkdir resumed>) = 0 [pid 5879] close(7 [pid 5882] ioctl(4, LOOP_SET_FD, 3 [pid 5880] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5879] <... close resumed>) = 0 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 5 entries */, 32768) = 128 [pid 5881] <... write resumed>) = 1048576 [pid 5879] close(6 [pid 5014] umount2("./139/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5881] munmap(0x7f3634699000, 1048576 [pid 5014] <... umount2 resumed>) = 0 [pid 5014] umount2("./139/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5881] <... munmap resumed>) = 0 [pid 5014] newfstatat(AT_FDCWD, "./139/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5881] openat(AT_FDCWD, "/dev/loop1", O_RDWR [ 166.581219][ T5880] loop3: detected capacity change from 0 to 2048 [ 166.612909][ T5882] loop2: detected capacity change from 0 to 2048 [ 166.623335][ T5880] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [pid 5014] unlink("./139/bus" [pid 5881] <... openat resumed>) = 4 [pid 5014] <... unlink resumed>) = 0 [pid 5881] ioctl(4, LOOP_SET_FD, 3 [pid 5883] <... write resumed>) = 1048576 [pid 5014] umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5882] <... ioctl resumed>) = 0 [pid 5882] close(3 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5882] <... close resumed>) = 0 [pid 5014] newfstatat(AT_FDCWD, "./139/binderfs", [pid 5882] mkdir("\x2e\x02", 0777 [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] unlink("./139/binderfs" [pid 5882] <... mkdir resumed>) = 0 [pid 5014] <... unlink resumed>) = 0 [pid 5014] umount2("\x2e\x2f\x31\x33\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5882] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x39\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] umount2("\x2e\x2f\x31\x33\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5014] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5014] newfstatat(4, "", [pid 5879] <... close resumed>) = 0 [pid 5881] <... ioctl resumed>) = 0 [pid 5879] exit_group(0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5883] munmap(0x7f3634699000, 1048576 [pid 5014] getdents64(4, [pid 5879] <... exit_group resumed>) = ? [pid 5881] close(3 [pid 5014] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5883] <... munmap resumed>) = 0 [pid 5883] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5883] ioctl(4, LOOP_SET_FD, 3 [pid 5881] <... close resumed>) = 0 [pid 5014] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5014] close(4 [pid 5881] mkdir("\x2e\x02", 0777 [pid 5014] <... close resumed>) = 0 [pid 5014] rmdir("\x2e\x2f\x31\x33\x39\x2f\x2e\x02" [pid 5881] <... mkdir resumed>) = 0 [pid 5014] <... rmdir resumed>) = 0 [pid 5881] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5014] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] close(3) = 0 [ 166.637436][ T5881] loop1: detected capacity change from 0 to 2048 [ 166.653829][ T5882] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 166.661884][ T5880] UDF-fs: Scanning with blocksize 512 failed [ 166.673161][ T5883] loop5: detected capacity change from 0 to 2048 [pid 5014] rmdir("./139") = 0 [pid 5883] <... ioctl resumed>) = 0 [pid 5883] close(3) = 0 [pid 5883] mkdir("\x2e\x02", 0777) = 0 [pid 5883] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5014] mkdir("./140", 0777) = 0 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5014] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5014] close(3) = 0 [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5879] +++ exited with 0 +++ [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 5884 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5879, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5018] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5018] umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5018] openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5018] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 ./strace-static-x86_64: Process 5884 attached [ 166.686833][ T5882] UDF-fs: Scanning with blocksize 512 failed [ 166.690143][ T5881] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 166.703699][ T5880] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 166.719567][ T5883] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [pid 5018] umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5884] set_robust_list(0x555557506760, 24) = 0 [pid 5884] chdir("./140") = 0 [pid 5884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5884] setpgid(0, 0) = 0 [pid 5884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5884] write(3, "1000", 4) = 4 [pid 5884] close(3 [pid 5880] <... mount resumed>) = 0 [pid 5884] <... close resumed>) = 0 [pid 5880] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5884] symlink("/dev/binderfs", "./binderfs" [pid 5880] <... openat resumed>) = 3 [pid 5884] <... symlink resumed>) = 0 [pid 5880] chdir("\x2e\x02" [pid 5884] memfd_create("syzkaller", 0 [pid 5880] <... chdir resumed>) = 0 [pid 5884] <... memfd_create resumed>) = 3 [pid 5880] ioctl(4, LOOP_CLR_FD [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5880] <... ioctl resumed>) = 0 [pid 5884] <... mmap resumed>) = 0x7f3634699000 [pid 5880] close(4 [pid 5884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5880] <... close resumed>) = 0 [pid 5018] newfstatat(AT_FDCWD, "./142/binderfs", [ 166.737948][ T5882] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 166.744800][ T5881] UDF-fs: Scanning with blocksize 512 failed [ 166.754207][ T5883] UDF-fs: Scanning with blocksize 512 failed [pid 5880] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5880] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5880] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5880] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5880] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5880] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5880] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5880] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5880] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5880] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5880] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5880] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5880] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5880] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5880] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5880] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5880] memfd_create("syzkaller", 0) = 6 [pid 5880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5880] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5880] exit_group(0) = ? [pid 5880] +++ exited with 0 +++ [pid 5018] unlink("./142/binderfs" [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5880, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5017] umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5018] <... unlink resumed>) = 0 [pid 5017] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] umount2("\x2e\x2f\x31\x34\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5882] <... mount resumed>) = 0 [pid 5017] getdents64(3, [pid 5882] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5882] <... openat resumed>) = 3 [pid 5017] umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5882] chdir("\x2e\x02" [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5882] <... chdir resumed>) = 0 [pid 5017] newfstatat(AT_FDCWD, "./139/binderfs", [pid 5882] ioctl(4, LOOP_CLR_FD [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5882] <... ioctl resumed>) = 0 [pid 5017] unlink("./139/binderfs" [pid 5882] close(4 [pid 5017] <... unlink resumed>) = 0 [pid 5882] <... close resumed>) = 0 [pid 5017] umount2("\x2e\x2f\x31\x33\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5882] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5018] <... umount2 resumed>) = 0 [pid 5017] <... umount2 resumed>) = 0 [pid 5882] <... open resumed>) = 4 [pid 5017] umount2("\x2e\x2f\x31\x33\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5882] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5882] <... mount resumed>) = 0 [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x39\x2f\x2e\x02", [pid 5882] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5018] umount2("\x2e\x2f\x31\x34\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5882] <... open resumed>) = 5 [pid 5017] umount2("\x2e\x2f\x31\x33\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5882] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5882] ftruncate(-1, 2 [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5882] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5017] <... openat resumed>) = 4 [pid 5882] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(4, "", [pid 5882] <... mmap resumed>) = 0x20000000 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5882] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5017] getdents64(4, [pid 5882] <... open resumed>) = -1 EFAULT (Bad address) [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5882] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5017] getdents64(4, [pid 5882] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x32\x2f\x2e\x02", [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5882] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5017] close(4 [pid 5882] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] <... close resumed>) = 0 [pid 5882] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5018] umount2("\x2e\x2f\x31\x34\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] rmdir("\x2e\x2f\x31\x33\x39\x2f\x2e\x02" [pid 5882] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... rmdir resumed>) = 0 [pid 5882] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] getdents64(3, [pid 5882] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5018] <... openat resumed>) = 4 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5882] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5018] newfstatat(4, "", [pid 5017] close(3 [ 166.769364][ T27] audit: type=1800 audit(1692541370.428:848): pid=5880 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop3" ino=851 res=0 errno=0 [ 166.772188][ T5881] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 166.811461][ T5883] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5882] memfd_create("syzkaller", 0 [pid 5017] <... close resumed>) = 0 [pid 5884] <... write resumed>) = 1048576 [pid 5882] <... memfd_create resumed>) = 6 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] rmdir("./139" [pid 5884] munmap(0x7f3634699000, 1048576 [pid 5882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] getdents64(4, [pid 5017] <... rmdir resumed>) = 0 [pid 5882] <... mmap resumed>) = 0x7f362c399000 [pid 5017] mkdir("./140", 0777 [pid 5882] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5017] <... mkdir resumed>) = 0 [pid 5884] <... munmap resumed>) = 0 [pid 5882] exit_group(0 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5884] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5882] <... exit_group resumed>) = ? [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5017] <... openat resumed>) = 3 [pid 5884] <... openat resumed>) = 4 [pid 5882] +++ exited with 0 +++ [pid 5018] getdents64(4, [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5884] ioctl(4, LOOP_SET_FD, 3 [pid 5883] <... mount resumed>) = 0 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5883] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5018] close(4 [pid 5017] close(3 [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5882, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 5883] <... openat resumed>) = 3 [pid 5017] <... close resumed>) = 0 [pid 5016] restart_syscall(<... resuming interrupted clone ...> [pid 5883] chdir("\x2e\x02" [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5016] <... restart_syscall resumed>) = 0 [pid 5883] <... chdir resumed>) = 0 [pid 5883] ioctl(4, LOOP_CLR_FD [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5885 [pid 5883] <... ioctl resumed>) = 0 [pid 5016] umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5883] close(4 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5883] <... close resumed>) = 0 [pid 5016] openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5883] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5016] <... openat resumed>) = 3 [pid 5883] <... open resumed>) = 4 [pid 5016] newfstatat(3, "", [pid 5883] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5883] <... mount resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5016] getdents64(3, [pid 5883] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5018] rmdir("\x2e\x2f\x31\x34\x32\x2f\x2e\x02" [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 ./strace-static-x86_64: Process 5885 attached [pid 5883] <... open resumed>) = 5 [pid 5016] umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5885] set_robust_list(0x555557506760, 24 [pid 5883] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] <... rmdir resumed>) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5885] <... set_robust_list resumed>) = 0 [pid 5883] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5018] getdents64(3, [pid 5016] newfstatat(AT_FDCWD, "./139/binderfs", [pid 5885] chdir("./140" [pid 5883] ftruncate(-1, 2 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5885] <... chdir resumed>) = 0 [pid 5883] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5018] close(3 [pid 5016] unlink("./139/binderfs" [pid 5885] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5883] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5018] <... close resumed>) = 0 [pid 5016] <... unlink resumed>) = 0 [ 166.841628][ T27] audit: type=1800 audit(1692541370.488:849): pid=5882 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop2" ino=851 res=0 errno=0 [ 166.871493][ T5884] loop0: detected capacity change from 0 to 2048 [pid 5885] <... prctl resumed>) = 0 [pid 5883] <... mmap resumed>) = 0x20000000 [pid 5018] rmdir("./142" [pid 5016] umount2("\x2e\x2f\x31\x33\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5885] setpgid(0, 0 [pid 5883] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5018] <... rmdir resumed>) = 0 [pid 5885] <... setpgid resumed>) = 0 [pid 5883] <... open resumed>) = -1 EFAULT (Bad address) [pid 5018] mkdir("./143", 0777 [pid 5885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5884] <... ioctl resumed>) = 0 [pid 5018] <... mkdir resumed>) = 0 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5885] <... openat resumed>) = 3 [pid 5018] <... openat resumed>) = 3 [pid 5885] write(3, "1000", 4 [pid 5018] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5884] close(3 [pid 5885] <... write resumed>) = 4 [pid 5881] <... mount resumed>) = 0 [pid 5018] close(3 [pid 5016] <... umount2 resumed>) = 0 [pid 5885] close(3) = 0 [pid 5885] symlink("/dev/binderfs", "./binderfs" [pid 5884] <... close resumed>) = 0 [pid 5885] <... symlink resumed>) = 0 [pid 5884] mkdir("\x2e\x02", 0777 [pid 5881] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5018] <... close resumed>) = 0 [pid 5885] memfd_create("syzkaller", 0 [pid 5884] <... mkdir resumed>) = 0 [pid 5881] <... openat resumed>) = 3 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5881] chdir("\x2e\x02" [pid 5884] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [pid 5885] <... memfd_create resumed>) = 3 [pid 5016] umount2("\x2e\x2f\x31\x33\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5885] <... mmap resumed>) = 0x7f3634699000 [pid 5881] <... chdir resumed>) = 0 [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x39\x2f\x2e\x02", [pid 5881] ioctl(4, LOOP_CLR_FD [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5886 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5881] <... ioctl resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x33\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5881] close(4 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5881] <... close resumed>) = 0 [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5881] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5016] <... openat resumed>) = 4 [pid 5016] newfstatat(4, "", [pid 5881] <... open resumed>) = 4 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5881] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5016] getdents64(4, [pid 5881] <... mount resumed>) = 0 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5881] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5016] close(4 [pid 5881] <... open resumed>) = 5 [ 166.887373][ T5883] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2 [ 166.906768][ T27] audit: type=1800 audit(1692541370.528:850): pid=5883 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop5" ino=851 res=0 errno=0 [pid 5016] <... close resumed>) = 0 ./strace-static-x86_64: Process 5886 attached [pid 5881] openat(AT_FDCWD, NULL, O_RDWR [pid 5016] rmdir("\x2e\x2f\x31\x33\x39\x2f\x2e\x02" [pid 5885] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5016] <... rmdir resumed>) = 0 [pid 5886] set_robust_list(0x555557506760, 24 [pid 5881] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5016] getdents64(3, [pid 5886] <... set_robust_list resumed>) = 0 [pid 5881] ftruncate(-1, 2 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5886] chdir("./143" [pid 5881] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5016] close(3 [pid 5886] <... chdir resumed>) = 0 [pid 5881] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5016] <... close resumed>) = 0 [pid 5886] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5881] <... mmap resumed>) = 0x20000000 [pid 5016] rmdir("./139" [pid 5886] <... prctl resumed>) = 0 [pid 5881] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5016] <... rmdir resumed>) = 0 [pid 5016] mkdir("./140", 0777) = 0 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5885] <... write resumed>) = 1048576 [pid 5883] memfd_create("syzkaller", 0 [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5886] setpgid(0, 0 [pid 5883] <... memfd_create resumed>) = 6 [pid 5881] <... open resumed>) = -1 EFAULT (Bad address) [pid 5016] close(3 [pid 5886] <... setpgid resumed>) = 0 [pid 5883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5881] memfd_create("syzkaller", 0 [pid 5016] <... close resumed>) = 0 [pid 5886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5883] <... mmap resumed>) = 0x7f362c399000 [pid 5881] <... memfd_create resumed>) = 6 [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5886] <... openat resumed>) = 3 [pid 5881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5887 [pid 5886] write(3, "1000", 4 [pid 5881] <... mmap resumed>) = 0x7f362c399000 [pid 5886] <... write resumed>) = 4 ./strace-static-x86_64: Process 5887 attached [pid 5887] set_robust_list(0x555557506760, 24 [pid 5886] close(3 [pid 5887] <... set_robust_list resumed>) = 0 [pid 5886] <... close resumed>) = 0 [pid 5887] chdir("./140" [pid 5886] symlink("/dev/binderfs", "./binderfs" [pid 5887] <... chdir resumed>) = 0 [pid 5887] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5886] <... symlink resumed>) = 0 [pid 5885] munmap(0x7f3634699000, 1048576 [pid 5887] <... prctl resumed>) = 0 [ 166.989971][ T5884] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [pid 5886] memfd_create("syzkaller", 0 [pid 5887] setpgid(0, 0 [pid 5885] <... munmap resumed>) = 0 [pid 5886] <... memfd_create resumed>) = 3 [pid 5887] <... setpgid resumed>) = 0 [pid 5886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5885] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5886] <... mmap resumed>) = 0x7f3634699000 [pid 5885] <... openat resumed>) = 4 [pid 5887] <... openat resumed>) = 3 [pid 5885] ioctl(4, LOOP_SET_FD, 3 [pid 5887] write(3, "1000", 4) = 4 [pid 5887] close(3) = 0 [pid 5887] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5887] memfd_create("syzkaller", 0) = 3 [pid 5887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5886] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5887] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5886] <... write resumed>) = 1048576 [ 167.030369][ T5885] loop3: detected capacity change from 0 to 2048 [ 167.058780][ T27] audit: type=1800 audit(1692541370.608:851): pid=5881 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop1" ino=851 res=0 errno=0 [pid 5887] <... write resumed>) = 1048576 [pid 5886] munmap(0x7f3634699000, 1048576 [pid 5885] <... ioctl resumed>) = 0 [pid 5885] close(3) = 0 [pid 5885] mkdir("\x2e\x02", 0777) = 0 [pid 5885] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5886] <... munmap resumed>) = 0 [pid 5886] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5886] ioctl(4, LOOP_SET_FD, 3 [pid 5883] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5887] munmap(0x7f3634699000, 1048576 [pid 5886] <... ioctl resumed>) = 0 [pid 5887] <... munmap resumed>) = 0 [pid 5886] close(3 [pid 5887] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5886] <... close resumed>) = 0 [pid 5887] <... openat resumed>) = 4 [ 167.094555][ T5884] UDF-fs: Scanning with blocksize 512 failed [ 167.119608][ T5886] loop4: detected capacity change from 0 to 2048 [ 167.128229][ T5885] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [pid 5887] ioctl(4, LOOP_SET_FD, 3 [pid 5886] mkdir("\x2e\x02", 0777) = 0 [pid 5881] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5886] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5887] <... ioctl resumed>) = 0 [pid 5887] close(3) = 0 [pid 5887] mkdir("\x2e\x02", 0777) = 0 [ 167.146353][ T5887] loop2: detected capacity change from 0 to 2048 [ 167.176969][ T5885] UDF-fs: Scanning with blocksize 512 failed [ 167.188652][ T5886] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [pid 5887] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5881] <... write resumed>) = 2097152 [ 167.212792][ T5885] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 167.217478][ T5886] UDF-fs: Scanning with blocksize 512 failed [ 167.237750][ T5887] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 167.250279][ T5884] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [pid 5883] <... write resumed>) = 2097152 [pid 5883] munmap(0x7f362c399000, 2097152 [pid 5881] munmap(0x7f362c399000, 2097152 [pid 5883] <... munmap resumed>) = 0 [pid 5883] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 7 [pid 5883] ioctl(7, LOOP_SET_FD, 6 [pid 5886] <... mount resumed>) = 0 [pid 5883] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5885] <... mount resumed>) = 0 [pid 5883] ioctl(7, LOOP_CLR_FD [pid 5885] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5883] <... ioctl resumed>) = 0 [pid 5885] <... openat resumed>) = 3 [pid 5885] chdir("\x2e\x02") = 0 [pid 5881] <... munmap resumed>) = 0 [pid 5885] ioctl(4, LOOP_CLR_FD) = 0 [pid 5883] ioctl(7, LOOP_SET_FD, 6 [pid 5881] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5885] close(4 [pid 5883] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5881] <... openat resumed>) = 7 [pid 5886] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5885] <... close resumed>) = 0 [pid 5883] close(7 [pid 5881] ioctl(7, LOOP_SET_FD, 6 [pid 5885] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5883] <... close resumed>) = 0 [pid 5881] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5883] close(6 [pid 5881] ioctl(7, LOOP_CLR_FD [pid 5886] <... openat resumed>) = 3 [pid 5885] <... open resumed>) = 4 [pid 5881] <... ioctl resumed>) = 0 [pid 5885] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5886] chdir("\x2e\x02" [pid 5885] <... mount resumed>) = 0 [pid 5885] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5885] openat(AT_FDCWD, NULL, O_RDWR [pid 5886] <... chdir resumed>) = 0 [pid 5885] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5881] ioctl(7, LOOP_SET_FD, 6 [pid 5885] ftruncate(-1, 2 [pid 5881] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5886] ioctl(4, LOOP_CLR_FD [pid 5885] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5881] close(7 [pid 5886] <... ioctl resumed>) = 0 [pid 5885] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5881] <... close resumed>) = 0 [pid 5886] close(4 [pid 5885] <... mmap resumed>) = 0x20000000 [ 167.257272][ T5886] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 167.272027][ T5887] UDF-fs: Scanning with blocksize 512 failed [ 167.273808][ T5884] UDF-fs: Scanning with blocksize 1024 failed [ 167.285778][ T5884] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 167.305015][ T5884] UDF-fs: Scanning with blocksize 2048 failed [pid 5881] close(6 [pid 5886] <... close resumed>) = 0 [pid 5885] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5883] <... close resumed>) = 0 [pid 5883] exit_group(0 [pid 5886] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5883] <... exit_group resumed>) = ? [pid 5881] <... close resumed>) = 0 [pid 5885] memfd_create("syzkaller", 0) = 6 [pid 5885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5886] <... open resumed>) = 4 [pid 5885] <... mmap resumed>) = 0x7f362c399000 [pid 5884] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5883] +++ exited with 0 +++ [pid 5886] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5883, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 5884] ioctl(4, LOOP_CLR_FD [pid 5886] <... mount resumed>) = 0 [pid 5884] <... ioctl resumed>) = 0 [pid 5886] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5884] close(4 [pid 5881] exit_group(0 [pid 5019] umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5881] <... exit_group resumed>) = ? [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5886] <... open resumed>) = 5 [pid 5884] <... close resumed>) = 0 [pid 5019] openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5886] openat(AT_FDCWD, NULL, O_RDWR [pid 5884] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5881] +++ exited with 0 +++ [pid 5019] <... openat resumed>) = 3 [pid 5886] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5019] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5881, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=9 /* 0.09 s */} --- [pid 5019] getdents64(3, [pid 5015] umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5886] ftruncate(-1, 2 [pid 5884] <... open resumed>) = 3 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5886] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5884] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... openat resumed>) = 3 [pid 5886] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] newfstatat(AT_FDCWD, "./144/binderfs", [pid 5884] <... mount resumed>) = 0 [pid 5015] newfstatat(3, "", [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] unlink("./144/binderfs" [pid 5015] getdents64(3, [pid 5886] <... mmap resumed>) = 0x20000000 [pid 5884] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5019] <... unlink resumed>) = 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5886] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5884] <... open resumed>) = 4 [pid 5019] umount2("\x2e\x2f\x31\x34\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5886] <... open resumed>) = -1 EFAULT (Bad address) [pid 5884] openat(AT_FDCWD, NULL, O_RDWR [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(AT_FDCWD, "./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] unlink("./141/binderfs") = 0 [pid 5015] umount2("\x2e\x2f\x31\x34\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5886] memfd_create("syzkaller", 0 [pid 5884] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5019] <... umount2 resumed>) = 0 [pid 5015] <... umount2 resumed>) = 0 [pid 5886] <... memfd_create resumed>) = 6 [pid 5884] ftruncate(-1, 2 [pid 5019] umount2("\x2e\x2f\x31\x34\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5887] <... mount resumed>) = 0 [pid 5886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5884] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] umount2("\x2e\x2f\x31\x34\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5887] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5886] <... mmap resumed>) = 0x7f362c399000 [pid 5884] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x34\x2f\x2e\x02", [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5887] <... openat resumed>) = 3 [pid 5887] chdir("\x2e\x02" [pid 5885] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x31\x2f\x2e\x02", [pid 5887] <... chdir resumed>) = 0 [ 167.322343][ T5884] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 167.330889][ T5884] UDF-fs: Scanning with blocksize 4096 failed [ 167.341267][ T5887] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5887] ioctl(4, LOOP_CLR_FD [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5887] <... ioctl resumed>) = 0 [pid 5887] close(4 [pid 5015] umount2("\x2e\x2f\x31\x34\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5887] <... close resumed>) = 0 [pid 5884] <... mmap resumed>) = 0x20000000 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5887] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5884] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] umount2("\x2e\x2f\x31\x34\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x31\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5887] <... open resumed>) = 4 [pid 5015] <... openat resumed>) = 4 [pid 5887] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5015] newfstatat(4, "", [pid 5887] <... mount resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5887] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5015] getdents64(4, [pid 5887] <... open resumed>) = 5 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5887] openat(AT_FDCWD, NULL, O_RDWR [pid 5015] getdents64(4, [pid 5887] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5884] <... open resumed>) = -1 EFAULT (Bad address) [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5887] ftruncate(-1, 2 [pid 5015] close(4 [pid 5887] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5884] memfd_create("syzkaller", 0 [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] <... close resumed>) = 0 [pid 5887] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5884] <... memfd_create resumed>) = 5 [pid 5019] <... openat resumed>) = 4 [pid 5015] rmdir("\x2e\x2f\x31\x34\x31\x2f\x2e\x02" [pid 5887] <... mmap resumed>) = 0x20000000 [pid 5884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] newfstatat(4, "", [pid 5015] <... rmdir resumed>) = 0 [pid 5887] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5884] <... mmap resumed>) = 0x7f362c399000 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] getdents64(3, [pid 5887] <... open resumed>) = -1 EFAULT (Bad address) [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5887] memfd_create("syzkaller", 0 [pid 5019] getdents64(4, [pid 5015] close(3 [pid 5887] <... memfd_create resumed>) = 6 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] <... close resumed>) = 0 [pid 5887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] getdents64(4, [pid 5015] rmdir("./141" [pid 5887] <... mmap resumed>) = 0x7f362c399000 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] <... rmdir resumed>) = 0 [pid 5886] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5019] close(4 [pid 5015] mkdir("./142", 0777 [pid 5019] <... close resumed>) = 0 [pid 5015] <... mkdir resumed>) = 0 [pid 5019] rmdir("\x2e\x2f\x31\x34\x34\x2f\x2e\x02" [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5019] <... rmdir resumed>) = 0 [pid 5015] <... openat resumed>) = 3 [pid 5019] getdents64(3, [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5019] close(3 [pid 5015] close(3 [pid 5019] <... close resumed>) = 0 [pid 5015] <... close resumed>) = 0 [pid 5019] rmdir("./144" [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5019] <... rmdir resumed>) = 0 [pid 5019] mkdir("./145", 0777 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5888 [pid 5019] <... mkdir resumed>) = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5019] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5019] close(3) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5888 attached [pid 5888] set_robust_list(0x555557506760, 24 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5889 [pid 5888] <... set_robust_list resumed>) = 0 [pid 5888] chdir("./142") = 0 [pid 5888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 5889 attached [pid 5888] setpgid(0, 0 [pid 5884] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5889] set_robust_list(0x555557506760, 24 [pid 5888] <... setpgid resumed>) = 0 [pid 5885] <... write resumed>) = 2097152 [pid 5889] <... set_robust_list resumed>) = 0 [pid 5888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5889] chdir("./145" [pid 5888] write(3, "1000", 4 [pid 5889] <... chdir resumed>) = 0 [pid 5888] <... write resumed>) = 4 [pid 5889] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5888] close(3 [pid 5889] <... prctl resumed>) = 0 [pid 5888] <... close resumed>) = 0 [pid 5889] setpgid(0, 0 [pid 5888] symlink("/dev/binderfs", "./binderfs" [pid 5887] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5889] <... setpgid resumed>) = 0 [pid 5888] <... symlink resumed>) = 0 [pid 5889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5888] memfd_create("syzkaller", 0 [pid 5889] <... openat resumed>) = 3 [pid 5888] <... memfd_create resumed>) = 3 [pid 5889] write(3, "1000", 4 [pid 5888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5889] <... write resumed>) = 4 [pid 5888] <... mmap resumed>) = 0x7f3634699000 [pid 5889] close(3 [pid 5885] munmap(0x7f362c399000, 2097152 [pid 5889] <... close resumed>) = 0 [pid 5889] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5889] memfd_create("syzkaller", 0 [pid 5888] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5889] <... memfd_create resumed>) = 3 [pid 5889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5885] <... munmap resumed>) = 0 [pid 5885] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 7 [pid 5885] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5885] ioctl(7, LOOP_CLR_FD [pid 5889] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5888] <... write resumed>) = 1048576 [pid 5885] <... ioctl resumed>) = 0 [pid 5885] ioctl(7, LOOP_SET_FD, 6 [pid 5886] <... write resumed>) = 2097152 [pid 5885] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5886] munmap(0x7f362c399000, 2097152 [pid 5885] close(7 [pid 5886] <... munmap resumed>) = 0 [pid 5885] <... close resumed>) = 0 [pid 5885] close(6 [pid 5886] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5885] <... close resumed>) = 0 [pid 5888] munmap(0x7f3634699000, 1048576 [pid 5887] <... write resumed>) = 2097152 [pid 5886] <... openat resumed>) = 7 [pid 5884] <... write resumed>) = 2097152 [pid 5888] <... munmap resumed>) = 0 [pid 5886] ioctl(7, LOOP_SET_FD, 6 [pid 5884] munmap(0x7f362c399000, 2097152 [pid 5887] munmap(0x7f362c399000, 2097152 [pid 5888] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5886] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5886] ioctl(7, LOOP_CLR_FD [pid 5884] <... munmap resumed>) = 0 [pid 5888] <... openat resumed>) = 4 [pid 5886] <... ioctl resumed>) = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5888] ioctl(4, LOOP_SET_FD, 3 [pid 5884] <... openat resumed>) = 6 [pid 5889] <... write resumed>) = 1048576 [pid 5884] ioctl(6, LOOP_SET_FD, 5 [pid 5888] <... ioctl resumed>) = 0 [pid 5887] <... munmap resumed>) = 0 [pid 5884] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5885] exit_group(0 [pid 5886] ioctl(7, LOOP_SET_FD, 6 [pid 5885] <... exit_group resumed>) = ? [pid 5884] ioctl(6, LOOP_CLR_FD [pid 5889] munmap(0x7f3634699000, 1048576 [pid 5888] close(3 [pid 5887] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5886] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5884] <... ioctl resumed>) = 0 [pid 5889] <... munmap resumed>) = 0 [pid 5888] <... close resumed>) = 0 [pid 5887] <... openat resumed>) = 7 [pid 5886] close(7 [pid 5888] mkdir("\x2e\x02", 0777 [pid 5887] ioctl(7, LOOP_SET_FD, 6 [pid 5886] <... close resumed>) = 0 [pid 5889] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5885] +++ exited with 0 +++ [pid 5888] <... mkdir resumed>) = 0 [pid 5889] <... openat resumed>) = 4 [pid 5888] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5887] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5886] close(6 [ 167.603844][ T5888] loop1: detected capacity change from 0 to 2048 [pid 5884] ioctl(6, LOOP_SET_FD, 5 [pid 5889] ioctl(4, LOOP_SET_FD, 3 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5885, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 5887] ioctl(7, LOOP_CLR_FD [pid 5884] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] restart_syscall(<... resuming interrupted clone ...> [pid 5887] <... ioctl resumed>) = 0 [pid 5884] close(6 [pid 5017] <... restart_syscall resumed>) = 0 [pid 5884] <... close resumed>) = 0 [pid 5017] umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5884] close(5 [pid 5017] <... openat resumed>) = 3 [pid 5017] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(AT_FDCWD, "./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] unlink("./140/binderfs") = 0 [pid 5017] umount2("\x2e\x2f\x31\x34\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5886] <... close resumed>) = 0 [pid 5884] <... close resumed>) = 0 [pid 5017] <... umount2 resumed>) = 0 [pid 5017] umount2("\x2e\x2f\x31\x34\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x30\x2f\x2e\x02", [pid 5889] <... ioctl resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5889] close(3 [pid 5017] umount2("\x2e\x2f\x31\x34\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5889] <... close resumed>) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5889] mkdir("\x2e\x02", 0777 [pid 5887] ioctl(7, LOOP_SET_FD, 6 [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5889] <... mkdir resumed>) = 0 [pid 5887] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5886] exit_group(0 [pid 5884] exit_group(0 [pid 5017] <... openat resumed>) = 4 [pid 5889] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5887] close(7 [pid 5886] <... exit_group resumed>) = ? [pid 5884] <... exit_group resumed>) = ? [pid 5017] newfstatat(4, "", [pid 5887] <... close resumed>) = 0 [pid 5886] +++ exited with 0 +++ [ 167.649069][ T5889] loop5: detected capacity change from 0 to 2048 [ 167.657587][ T5888] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 167.680795][ T5888] UDF-fs: Scanning with blocksize 512 failed [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5887] close(6 [pid 5884] +++ exited with 0 +++ [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5886, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5017] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5017] getdents64(4, [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5884, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=12 /* 0.12 s */} --- [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5014] restart_syscall(<... resuming interrupted clone ...> [pid 5017] close(4 [pid 5014] <... restart_syscall resumed>) = 0 [pid 5017] <... close resumed>) = 0 [pid 5018] umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] rmdir("\x2e\x2f\x31\x34\x30\x2f\x2e\x02" [pid 5887] <... close resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... rmdir resumed>) = 0 [pid 5014] umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5887] exit_group(0 [pid 5018] openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] getdents64(3, [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5887] <... exit_group resumed>) = ? [pid 5018] <... openat resumed>) = 3 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] newfstatat(3, "", [pid 5017] close(3 [pid 5014] <... openat resumed>) = 3 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] <... close resumed>) = 0 [pid 5014] newfstatat(3, "", [pid 5018] getdents64(3, [pid 5017] rmdir("./140" [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] <... rmdir resumed>) = 0 [pid 5014] getdents64(3, [pid 5018] umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] mkdir("./141", 0777 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 5 entries */, 32768) = 128 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... mkdir resumed>) = 0 [pid 5014] umount2("./140/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] newfstatat(AT_FDCWD, "./143/binderfs", [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5014] <... umount2 resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] <... openat resumed>) = 3 [pid 5014] umount2("./140/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] unlink("./143/binderfs" [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... unlink resumed>) = 0 [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5014] newfstatat(AT_FDCWD, "./140/bus", [pid 5018] umount2("\x2e\x2f\x31\x34\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] close(3 [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] <... close resumed>) = 0 [pid 5014] unlink("./140/bus" [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5014] <... unlink resumed>) = 0 [pid 5014] umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5890 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] newfstatat(AT_FDCWD, "./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] unlink("./140/binderfs") = 0 [pid 5014] umount2("\x2e\x2f\x31\x34\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5888] <... mount resumed>) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5888] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5014] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x30\x2f\x2e\x02", [pid 5888] <... openat resumed>) = 3 [pid 5018] <... umount2 resumed>) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5888] chdir("\x2e\x02" [pid 5018] umount2("\x2e\x2f\x31\x34\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] umount2("\x2e\x2f\x31\x34\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5888] <... chdir resumed>) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5888] ioctl(4, LOOP_CLR_FD [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5890 attached [pid 5888] <... ioctl resumed>) = 0 [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x33\x2f\x2e\x02", [pid 5014] <... openat resumed>) = 4 [pid 5890] set_robust_list(0x555557506760, 24 [pid 5888] close(4 [pid 5887] +++ exited with 0 +++ [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] newfstatat(4, "", [pid 5890] <... set_robust_list resumed>) = 0 [pid 5888] <... close resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x34\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5890] chdir("./141" [pid 5888] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5887, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5014] getdents64(4, [pid 5890] <... chdir resumed>) = 0 [pid 5888] <... open resumed>) = 4 [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x33\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5890] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5888] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5018] <... openat resumed>) = 4 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] getdents64(4, [pid 5890] <... prctl resumed>) = 0 [pid 5888] <... mount resumed>) = 0 [pid 5018] newfstatat(4, "", [pid 5016] openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5890] setpgid(0, 0 [pid 5888] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... openat resumed>) = 3 [pid 5014] close(4 [pid 5890] <... setpgid resumed>) = 0 [pid 5888] <... open resumed>) = 5 [pid 5018] getdents64(4, [pid 5016] newfstatat(3, "", [pid 5014] <... close resumed>) = 0 [pid 5890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5888] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] rmdir("\x2e\x2f\x31\x34\x30\x2f\x2e\x02" [pid 5890] <... openat resumed>) = 3 [pid 5888] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5018] getdents64(4, [pid 5016] getdents64(3, [pid 5014] <... rmdir resumed>) = 0 [pid 5890] write(3, "1000", 4 [pid 5888] ftruncate(-1, 2 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [ 167.698754][ T5888] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 167.716021][ T5889] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 167.723718][ T5889] UDF-fs: Scanning with blocksize 512 failed [pid 5014] getdents64(3, [pid 5890] <... write resumed>) = 4 [pid 5888] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5018] close(4 [pid 5016] umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5890] close(3 [pid 5888] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5018] <... close resumed>) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] close(3 [pid 5890] <... close resumed>) = 0 [pid 5888] <... mmap resumed>) = 0x20000000 [pid 5018] rmdir("\x2e\x2f\x31\x34\x33\x2f\x2e\x02" [pid 5016] newfstatat(AT_FDCWD, "./140/binderfs", [pid 5014] <... close resumed>) = 0 [pid 5890] symlink("/dev/binderfs", "./binderfs" [pid 5888] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5018] <... rmdir resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] rmdir("./140" [pid 5890] <... symlink resumed>) = 0 [pid 5888] <... open resumed>) = -1 EFAULT (Bad address) [pid 5018] getdents64(3, [pid 5016] unlink("./140/binderfs" [pid 5014] <... rmdir resumed>) = 0 [pid 5890] memfd_create("syzkaller", 0 [pid 5888] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] <... unlink resumed>) = 0 [pid 5014] mkdir("./141", 0777 [pid 5890] <... memfd_create resumed>) = 3 [pid 5888] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5018] close(3 [pid 5016] umount2("\x2e\x2f\x31\x34\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... mkdir resumed>) = 0 [pid 5890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5888] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5018] <... close resumed>) = 0 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5888] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5014] <... openat resumed>) = 3 [pid 5888] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5014] ioctl(3, LOOP_CLR_FD [pid 5888] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5014] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5888] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5014] close(3 [pid 5888] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5014] <... close resumed>) = 0 [pid 5890] <... mmap resumed>) = 0x7f3634699000 [pid 5888] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5018] rmdir("./143" [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5888] memfd_create("syzkaller", 0) = 6 [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 5891 [pid 5888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5888] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5888] exit_group(0) = ? [pid 5890] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5888] +++ exited with 0 +++ [pid 5018] <... rmdir resumed>) = 0 [pid 5018] mkdir("./144", 0777 [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5888, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5018] <... mkdir resumed>) = 0 [pid 5015] umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5016] <... umount2 resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... openat resumed>) = 3 [pid 5016] umount2("\x2e\x2f\x31\x34\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... openat resumed>) = 3 [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x30\x2f\x2e\x02", [pid 5015] newfstatat(3, "", [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] umount2("\x2e\x2f\x31\x34\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] getdents64(3, [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... openat resumed>) = 4 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] close(3 [pid 5016] newfstatat(4, "", [pid 5015] newfstatat(AT_FDCWD, "./142/binderfs", [pid 5889] <... mount resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5889] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5016] getdents64(4, [pid 5015] unlink("./142/binderfs"./strace-static-x86_64: Process 5891 attached [pid 5889] <... openat resumed>) = 3 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] <... unlink resumed>) = 0 [pid 5891] set_robust_list(0x555557506760, 24 [pid 5889] chdir("\x2e\x02" [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5892 [ 167.781862][ T5889] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5016] getdents64(4, [pid 5015] umount2("\x2e\x2f\x31\x34\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5891] <... set_robust_list resumed>) = 0 [pid 5890] <... write resumed>) = 1048576 [pid 5889] <... chdir resumed>) = 0 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] <... umount2 resumed>) = 0 [pid 5889] ioctl(4, LOOP_CLR_FD [pid 5016] close(4 [pid 5015] umount2("\x2e\x2f\x31\x34\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5892 attached [pid 5889] <... ioctl resumed>) = 0 [pid 5016] <... close resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5892] set_robust_list(0x555557506760, 24 [pid 5889] close(4 [pid 5016] rmdir("\x2e\x2f\x31\x34\x30\x2f\x2e\x02" [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x32\x2f\x2e\x02", [pid 5892] <... set_robust_list resumed>) = 0 [pid 5891] chdir("./141" [pid 5889] <... close resumed>) = 0 [pid 5016] <... rmdir resumed>) = 0 [pid 5892] chdir("./144" [pid 5891] <... chdir resumed>) = 0 [pid 5889] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5016] getdents64(3, [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5892] <... chdir resumed>) = 0 [pid 5891] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5889] <... open resumed>) = 4 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] umount2("\x2e\x2f\x31\x34\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5892] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5891] <... prctl resumed>) = 0 [pid 5889] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5016] close(3 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5892] <... prctl resumed>) = 0 [pid 5891] setpgid(0, 0 [pid 5890] munmap(0x7f3634699000, 1048576 [pid 5889] <... mount resumed>) = 0 [pid 5016] <... close resumed>) = 0 [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5892] setpgid(0, 0 [pid 5891] <... setpgid resumed>) = 0 [pid 5889] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5016] rmdir("./140" [pid 5015] <... openat resumed>) = 4 [pid 5892] <... setpgid resumed>) = 0 [pid 5891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5890] <... munmap resumed>) = 0 [pid 5889] <... open resumed>) = 5 [pid 5016] <... rmdir resumed>) = 0 [pid 5015] newfstatat(4, "", [pid 5892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5891] <... openat resumed>) = 3 [pid 5890] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5889] openat(AT_FDCWD, NULL, O_RDWR [pid 5016] mkdir("./141", 0777 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5892] <... openat resumed>) = 3 [pid 5891] write(3, "1000", 4 [pid 5890] <... openat resumed>) = 4 [pid 5889] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5016] <... mkdir resumed>) = 0 [pid 5015] getdents64(4, [pid 5892] write(3, "1000", 4 [pid 5891] <... write resumed>) = 4 [pid 5889] ftruncate(-1, 2 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5892] <... write resumed>) = 4 [pid 5891] close(3 [pid 5890] ioctl(4, LOOP_SET_FD, 3 [pid 5889] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5016] <... openat resumed>) = 3 [pid 5015] getdents64(4, [pid 5892] close(3 [pid 5891] <... close resumed>) = 0 [pid 5889] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5892] <... close resumed>) = 0 [pid 5889] <... mmap resumed>) = 0x20000000 [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5015] close(4 [pid 5892] symlink("/dev/binderfs", "./binderfs" [pid 5889] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5016] close(3 [pid 5015] <... close resumed>) = 0 [pid 5892] <... symlink resumed>) = 0 [pid 5889] <... open resumed>) = -1 EFAULT (Bad address) [pid 5016] <... close resumed>) = 0 [pid 5015] rmdir("\x2e\x2f\x31\x34\x32\x2f\x2e\x02" [pid 5892] memfd_create("syzkaller", 0 [pid 5891] symlink("/dev/binderfs", "./binderfs" [pid 5889] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5015] <... rmdir resumed>) = 0 [pid 5892] <... memfd_create resumed>) = 3 [pid 5891] <... symlink resumed>) = 0 [pid 5889] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5015] getdents64(3, [pid 5892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5889] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5893 [pid 5891] memfd_create("syzkaller", 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5892] <... mmap resumed>) = 0x7f3634699000 [pid 5891] <... memfd_create resumed>) = 3 [pid 5889] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5015] close(3 [pid 5892] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5889] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5015] <... close resumed>) = 0 [pid 5892] <... write resumed>) = 1048576 [pid 5891] <... mmap resumed>) = 0x7f3634699000 [pid 5889] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5015] rmdir("./142" [pid 5889] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5015] <... rmdir resumed>) = 0 [pid 5889] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5015] mkdir("./143", 0777 [pid 5889] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5015] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5893 attached [pid 5889] memfd_create("syzkaller", 0 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5893] set_robust_list(0x555557506760, 24 [pid 5891] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5889] <... memfd_create resumed>) = 6 [pid 5015] <... openat resumed>) = 3 [pid 5893] <... set_robust_list resumed>) = 0 [pid 5889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5893] chdir("./141" [pid 5889] <... mmap resumed>) = 0x7f362c399000 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5893] <... chdir resumed>) = 0 [pid 5890] <... ioctl resumed>) = 0 [pid 5889] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5015] close(3 [pid 5893] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5890] close(3 [pid 5889] exit_group(0 [pid 5015] <... close resumed>) = 0 [pid 5893] <... prctl resumed>) = 0 [pid 5890] <... close resumed>) = 0 [pid 5889] <... exit_group resumed>) = ? [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5893] setpgid(0, 0 [pid 5890] mkdir("\x2e\x02", 0777 [pid 5889] +++ exited with 0 +++ [pid 5893] <... setpgid resumed>) = 0 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5889, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5894 [ 167.879610][ T5890] loop3: detected capacity change from 0 to 2048 [pid 5893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5890] <... mkdir resumed>) = 0 [pid 5893] <... openat resumed>) = 3 [pid 5890] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5893] write(3, "1000", 4 [pid 5019] umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5894 attached [pid 5893] <... write resumed>) = 4 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5894] set_robust_list(0x555557506760, 24 [pid 5893] close(3 [pid 5892] munmap(0x7f3634699000, 1048576 [pid 5019] openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5894] <... set_robust_list resumed>) = 0 [pid 5893] <... close resumed>) = 0 [pid 5892] <... munmap resumed>) = 0 [pid 5894] chdir("./143" [pid 5893] symlink("/dev/binderfs", "./binderfs" [pid 5894] <... chdir resumed>) = 0 [pid 5893] <... symlink resumed>) = 0 [pid 5892] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5894] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5893] memfd_create("syzkaller", 0 [pid 5892] <... openat resumed>) = 4 [pid 5894] <... prctl resumed>) = 0 [pid 5893] <... memfd_create resumed>) = 3 [pid 5892] ioctl(4, LOOP_SET_FD, 3 [pid 5894] setpgid(0, 0 [pid 5893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] <... openat resumed>) = 3 [pid 5894] <... setpgid resumed>) = 0 [pid 5893] <... mmap resumed>) = 0x7f3634699000 [pid 5894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5893] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5894] <... openat resumed>) = 3 [pid 5894] write(3, "1000", 4) = 4 [pid 5894] close(3) = 0 [pid 5894] symlink("/dev/binderfs", "./binderfs" [pid 5019] newfstatat(3, "", [pid 5894] <... symlink resumed>) = 0 [pid 5891] <... write resumed>) = 1048576 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5894] memfd_create("syzkaller", 0 [pid 5891] munmap(0x7f3634699000, 1048576 [pid 5019] getdents64(3, [pid 5894] <... memfd_create resumed>) = 3 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5891] <... munmap resumed>) = 0 [ 167.945263][ T5890] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 167.951480][ T5892] loop4: detected capacity change from 0 to 2048 [ 167.953494][ T5890] UDF-fs: Scanning with blocksize 512 failed [pid 5019] umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5894] <... mmap resumed>) = 0x7f3634699000 [pid 5891] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5894] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5019] newfstatat(AT_FDCWD, "./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] unlink("./145/binderfs") = 0 [pid 5019] umount2("\x2e\x2f\x31\x34\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5891] <... openat resumed>) = 4 [pid 5893] <... write resumed>) = 1048576 [pid 5891] ioctl(4, LOOP_SET_FD, 3 [pid 5892] <... ioctl resumed>) = 0 [pid 5892] close(3) = 0 [pid 5892] mkdir("\x2e\x02", 0777) = 0 [pid 5892] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5893] munmap(0x7f3634699000, 1048576) = 0 [pid 5893] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5891] <... ioctl resumed>) = 0 [pid 5893] ioctl(4, LOOP_SET_FD, 3 [pid 5891] close(3 [pid 5894] <... write resumed>) = 1048576 [pid 5891] <... close resumed>) = 0 [pid 5890] <... mount resumed>) = 0 [pid 5019] <... umount2 resumed>) = 0 [pid 5894] munmap(0x7f3634699000, 1048576 [pid 5891] mkdir("\x2e\x02", 0777 [pid 5890] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5019] umount2("\x2e\x2f\x31\x34\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5894] <... munmap resumed>) = 0 [pid 5891] <... mkdir resumed>) = 0 [pid 5890] <... openat resumed>) = 3 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5894] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5891] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [pid 5890] chdir("\x2e\x02" [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x35\x2f\x2e\x02", [pid 5894] <... openat resumed>) = 4 [pid 5890] <... chdir resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5894] ioctl(4, LOOP_SET_FD, 3 [ 167.985866][ T5890] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 167.999543][ T5891] loop0: detected capacity change from 0 to 2048 [ 168.020338][ T5893] loop2: detected capacity change from 0 to 2048 [ 168.027109][ T5892] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [pid 5890] ioctl(4, LOOP_CLR_FD [pid 5019] umount2("\x2e\x2f\x31\x34\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5894] <... ioctl resumed>) = 0 [pid 5890] <... ioctl resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5893] <... ioctl resumed>) = 0 [pid 5894] close(3 [pid 5893] close(3 [pid 5890] close(4 [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x35\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5894] <... close resumed>) = 0 [pid 5893] <... close resumed>) = 0 [pid 5890] <... close resumed>) = 0 [pid 5019] <... openat resumed>) = 4 [pid 5894] mkdir("\x2e\x02", 0777 [pid 5893] mkdir("\x2e\x02", 0777 [pid 5890] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] newfstatat(4, "", [pid 5894] <... mkdir resumed>) = 0 [pid 5893] <... mkdir resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5890] <... open resumed>) = 4 [pid 5890] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5894] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5893] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5890] <... mount resumed>) = 0 [pid 5019] getdents64(4, [pid 5890] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5019] getdents64(4, [pid 5890] <... open resumed>) = 5 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [ 168.037897][ T5894] loop1: detected capacity change from 0 to 2048 [ 168.039033][ T5891] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 168.045308][ T5892] UDF-fs: Scanning with blocksize 512 failed [ 168.052413][ T5891] UDF-fs: Scanning with blocksize 512 failed [ 168.073763][ T5894] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [pid 5890] openat(AT_FDCWD, NULL, O_RDWR [pid 5019] close(4) = 0 [pid 5019] rmdir("\x2e\x2f\x31\x34\x35\x2f\x2e\x02") = 0 [pid 5019] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5019] close(3) = 0 [pid 5019] rmdir("./145") = 0 [pid 5019] mkdir("./146", 0777 [pid 5890] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5019] <... mkdir resumed>) = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5019] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5019] close(3 [pid 5890] ftruncate(-1, 2 [pid 5019] <... close resumed>) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5890] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5890] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5895 [pid 5890] <... mmap resumed>) = 0x20000000 [pid 5890] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) ./strace-static-x86_64: Process 5895 attached [pid 5895] set_robust_list(0x555557506760, 24) = 0 [pid 5895] chdir("./146") = 0 [pid 5890] memfd_create("syzkaller", 0 [pid 5895] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5890] <... memfd_create resumed>) = 6 [pid 5895] <... prctl resumed>) = 0 [pid 5895] setpgid(0, 0) = 0 [pid 5895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5895] write(3, "1000", 4) = 4 [pid 5895] close(3) = 0 [pid 5895] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5895] memfd_create("syzkaller", 0) = 3 [pid 5890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5890] <... mmap resumed>) = 0x7f362c399000 [ 168.074058][ T5893] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 168.082009][ T5891] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 168.098832][ T5894] UDF-fs: Scanning with blocksize 512 failed [ 168.119571][ T5894] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5891] <... mount resumed>) = 0 [pid 5891] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5895] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5891] <... openat resumed>) = 3 [pid 5891] chdir("\x2e\x02") = 0 [pid 5891] ioctl(4, LOOP_CLR_FD [pid 5894] <... mount resumed>) = 0 [pid 5892] <... mount resumed>) = 0 [pid 5891] <... ioctl resumed>) = 0 [pid 5895] <... write resumed>) = 1048576 [pid 5894] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5892] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5891] close(4 [pid 5890] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2085805 [pid 5895] munmap(0x7f3634699000, 1048576 [pid 5894] <... openat resumed>) = 3 [pid 5892] <... openat resumed>) = 3 [pid 5891] <... close resumed>) = 0 [pid 5895] <... munmap resumed>) = 0 [pid 5894] chdir("\x2e\x02" [pid 5892] chdir("\x2e\x02" [pid 5891] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5895] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5894] <... chdir resumed>) = 0 [pid 5892] <... chdir resumed>) = 0 [pid 5895] <... openat resumed>) = 4 [ 168.137726][ T5892] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 168.165084][ T5893] UDF-fs: Scanning with blocksize 512 failed [pid 5894] ioctl(4, LOOP_CLR_FD [pid 5892] ioctl(4, LOOP_CLR_FD [pid 5891] <... open resumed>) = 4 [pid 5895] ioctl(4, LOOP_SET_FD, 3 [pid 5894] <... ioctl resumed>) = 0 [pid 5892] <... ioctl resumed>) = 0 [pid 5893] <... mount resumed>) = 0 [pid 5891] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5890] <... write resumed>) = 2085805 [pid 5893] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5891] <... mount resumed>) = 0 [pid 5890] munmap(0x7f362c399000, 2085805 [pid 5894] close(4 [pid 5893] <... openat resumed>) = 3 [pid 5892] close(4 [pid 5891] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5890] <... munmap resumed>) = 0 [pid 5895] <... ioctl resumed>) = 0 [pid 5894] <... close resumed>) = 0 [pid 5893] chdir("\x2e\x02" [pid 5892] <... close resumed>) = 0 [pid 5895] close(3 [pid 5894] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5893] <... chdir resumed>) = 0 [pid 5892] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5891] <... open resumed>) = 5 [pid 5895] <... close resumed>) = 0 [pid 5894] <... open resumed>) = 4 [pid 5893] ioctl(4, LOOP_CLR_FD [pid 5892] <... open resumed>) = 4 [pid 5891] openat(AT_FDCWD, NULL, O_RDWR [pid 5895] mkdir("\x2e\x02", 0777 [pid 5894] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5893] <... ioctl resumed>) = 0 [pid 5892] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5891] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5895] <... mkdir resumed>) = 0 [pid 5894] <... mount resumed>) = 0 [pid 5892] <... mount resumed>) = 0 [pid 5895] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5894] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5893] close(4 [pid 5892] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5891] ftruncate(-1, 2 [pid 5894] <... open resumed>) = 5 [pid 5893] <... close resumed>) = 0 [pid 5892] <... open resumed>) = 5 [pid 5890] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5891] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5894] openat(AT_FDCWD, NULL, O_RDWR [pid 5893] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5892] openat(AT_FDCWD, NULL, O_RDWR [pid 5894] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5892] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5891] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5890] <... openat resumed>) = 7 [pid 5894] ftruncate(-1, 2 [pid 5893] <... open resumed>) = 4 [pid 5892] ftruncate(-1, 2 [pid 5894] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5893] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5892] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5891] <... mmap resumed>) = 0x20000000 [pid 5890] ioctl(7, LOOP_SET_FD, 6 [pid 5894] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5892] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5894] <... mmap resumed>) = 0x20000000 [pid 5893] <... mount resumed>) = 0 [pid 5892] <... mmap resumed>) = 0x20000000 [pid 5891] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5890] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5894] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5893] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5892] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5891] <... open resumed>) = -1 EFAULT (Bad address) [pid 5890] ioctl(7, LOOP_CLR_FD [pid 5894] <... open resumed>) = -1 EFAULT (Bad address) [pid 5893] <... open resumed>) = 5 [pid 5892] <... open resumed>) = -1 EFAULT (Bad address) [pid 5894] memfd_create("syzkaller", 0 [pid 5893] openat(AT_FDCWD, NULL, O_RDWR [pid 5892] memfd_create("syzkaller", 0 [pid 5891] memfd_create("syzkaller", 0 [pid 5890] <... ioctl resumed>) = 0 [pid 5894] <... memfd_create resumed>) = 6 [pid 5893] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5892] <... memfd_create resumed>) = 6 [pid 5891] <... memfd_create resumed>) = 6 [pid 5894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5893] ftruncate(-1, 2 [pid 5892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5894] <... mmap resumed>) = 0x7f362c399000 [ 168.193381][ T5893] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 168.195705][ T5895] loop5: detected capacity change from 0 to 2048 [ 168.229402][ T5895] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [pid 5893] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5892] <... mmap resumed>) = 0x7f362c399000 [pid 5891] <... mmap resumed>) = 0x7f362c399000 [pid 5893] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5890] ioctl(7, LOOP_SET_FD, 6 [pid 5893] <... mmap resumed>) = 0x20000000 [pid 5893] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5890] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5893] <... open resumed>) = -1 EFAULT (Bad address) [pid 5890] close(7 [pid 5893] memfd_create("syzkaller", 0 [pid 5890] <... close resumed>) = 0 [pid 5893] <... memfd_create resumed>) = 6 [pid 5890] close(6 [pid 5893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5892] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5894] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5890] <... close resumed>) = 0 [pid 5890] exit_group(0) = ? [pid 5891] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5890] +++ exited with 0 +++ [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5890, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- [ 168.286039][ T5895] UDF-fs: Scanning with blocksize 512 failed [ 168.319405][ T5895] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5017] umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5017] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(AT_FDCWD, "./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5895] <... mount resumed>) = 0 [pid 5017] unlink("./141/binderfs" [pid 5895] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5017] <... unlink resumed>) = 0 [pid 5895] <... openat resumed>) = 3 [pid 5017] umount2("\x2e\x2f\x31\x34\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5895] chdir("\x2e\x02" [pid 5017] <... umount2 resumed>) = 0 [pid 5895] <... chdir resumed>) = 0 [pid 5017] umount2("\x2e\x2f\x31\x34\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5895] ioctl(4, LOOP_CLR_FD [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5895] <... ioctl resumed>) = 0 [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x31\x2f\x2e\x02", [pid 5895] close(4 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5895] <... close resumed>) = 0 [pid 5017] umount2("\x2e\x2f\x31\x34\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5895] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5895] <... open resumed>) = 4 [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x31\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5895] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5017] <... openat resumed>) = 4 [pid 5895] <... mount resumed>) = 0 [pid 5017] newfstatat(4, "", [pid 5895] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5892] <... write resumed>) = 2097152 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5895] <... open resumed>) = 5 [pid 5017] getdents64(4, [pid 5895] openat(AT_FDCWD, NULL, O_RDWR [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5895] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5017] getdents64(4, [pid 5895] ftruncate(-1, 2 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5895] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5017] close(4 [pid 5895] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5017] <... close resumed>) = 0 [pid 5895] <... mmap resumed>) = 0x20000000 [pid 5017] rmdir("\x2e\x2f\x31\x34\x31\x2f\x2e\x02" [pid 5895] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5017] <... rmdir resumed>) = 0 [pid 5895] <... open resumed>) = -1 EFAULT (Bad address) [pid 5894] <... write resumed>) = 2097152 [pid 5017] getdents64(3, [pid 5895] memfd_create("syzkaller", 0 [pid 5893] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5895] <... memfd_create resumed>) = 6 [pid 5017] close(3 [pid 5895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] <... close resumed>) = 0 [pid 5895] <... mmap resumed>) = 0x7f362c399000 [pid 5017] rmdir("./141") = 0 [pid 5894] munmap(0x7f362c399000, 2097152 [pid 5892] munmap(0x7f362c399000, 2097152 [pid 5017] mkdir("./142", 0777 [pid 5894] <... munmap resumed>) = 0 [pid 5892] <... munmap resumed>) = 0 [pid 5017] <... mkdir resumed>) = 0 [pid 5891] <... write resumed>) = 2097152 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5017] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5017] close(3) = 0 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 5896 [pid 5894] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5892] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5894] <... openat resumed>) = 7 [pid 5892] <... openat resumed>) = 7 [pid 5894] ioctl(7, LOOP_SET_FD, 6 [pid 5892] ioctl(7, LOOP_SET_FD, 6./strace-static-x86_64: Process 5896 attached [pid 5894] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5892] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5896] set_robust_list(0x555557506760, 24 [pid 5894] ioctl(7, LOOP_CLR_FD [pid 5892] ioctl(7, LOOP_CLR_FD [pid 5896] <... set_robust_list resumed>) = 0 [pid 5894] <... ioctl resumed>) = 0 [pid 5892] <... ioctl resumed>) = 0 [pid 5896] chdir("./142" [pid 5891] munmap(0x7f362c399000, 2097152 [pid 5896] <... chdir resumed>) = 0 [pid 5896] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5894] ioctl(7, LOOP_SET_FD, 6 [pid 5896] setpgid(0, 0 [pid 5894] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5892] ioctl(7, LOOP_SET_FD, 6 [pid 5896] <... setpgid resumed>) = 0 [pid 5894] close(7 [pid 5892] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5894] <... close resumed>) = 0 [pid 5892] close(7 [pid 5896] <... openat resumed>) = 3 [pid 5894] close(6 [pid 5892] <... close resumed>) = 0 [pid 5896] write(3, "1000", 4 [pid 5894] <... close resumed>) = 0 [pid 5892] close(6 [pid 5896] <... write resumed>) = 4 [pid 5893] <... write resumed>) = 2097152 [pid 5892] <... close resumed>) = 0 [pid 5891] <... munmap resumed>) = 0 [pid 5896] close(3) = 0 [pid 5896] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5896] memfd_create("syzkaller", 0) = 3 [pid 5891] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5891] <... openat resumed>) = 7 [pid 5896] <... mmap resumed>) = 0x7f3634699000 [pid 5891] ioctl(7, LOOP_SET_FD, 6 [pid 5896] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5891] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5895] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5891] ioctl(7, LOOP_CLR_FD [pid 5893] munmap(0x7f362c399000, 2097152 [pid 5891] <... ioctl resumed>) = 0 [pid 5894] exit_group(0) = ? [pid 5892] exit_group(0 [pid 5894] +++ exited with 0 +++ [pid 5893] <... munmap resumed>) = 0 [pid 5892] <... exit_group resumed>) = ? [pid 5891] ioctl(7, LOOP_SET_FD, 6 [pid 5893] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5891] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5894, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- [pid 5893] <... openat resumed>) = 7 [pid 5891] close(7 [pid 5893] ioctl(7, LOOP_SET_FD, 6 [pid 5892] +++ exited with 0 +++ [pid 5891] <... close resumed>) = 0 [pid 5893] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5891] close(6 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5892, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} --- [pid 5893] ioctl(7, LOOP_CLR_FD [pid 5015] umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5893] <... ioctl resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... openat resumed>) = 3 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(3, "", [pid 5018] openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5893] ioctl(7, LOOP_SET_FD, 6 [pid 5018] <... openat resumed>) = 3 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5893] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5018] newfstatat(3, "", [pid 5015] getdents64(3, [pid 5893] close(7 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5893] <... close resumed>) = 0 [pid 5018] getdents64(3, [pid 5015] umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5893] close(6 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5896] <... write resumed>) = 1048576 [pid 5896] munmap(0x7f3634699000, 1048576) = 0 [pid 5896] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5893] <... close resumed>) = 0 [pid 5018] umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] newfstatat(AT_FDCWD, "./143/binderfs", [pid 5896] ioctl(4, LOOP_SET_FD, 3 [pid 5891] <... close resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5896] <... ioctl resumed>) = 0 [pid 5891] exit_group(0 [pid 5018] newfstatat(AT_FDCWD, "./144/binderfs", [pid 5015] unlink("./143/binderfs" [pid 5893] exit_group(0 [pid 5891] <... exit_group resumed>) = ? [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] unlink("./144/binderfs" [pid 5015] <... unlink resumed>) = 0 [pid 5018] <... unlink resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x34\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] umount2("\x2e\x2f\x31\x34\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5896] close(3 [pid 5893] <... exit_group resumed>) = ? [pid 5891] +++ exited with 0 +++ [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5891, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 5014] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5014] umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5893] +++ exited with 0 +++ [pid 5014] openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5893, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5014] <... openat resumed>) = 3 [pid 5014] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] getdents64(3, [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... openat resumed>) = 3 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(3, "", [pid 5014] newfstatat(AT_FDCWD, "./141/binderfs", [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5896] <... close resumed>) = 0 [pid 5016] getdents64(3, [pid 5014] unlink("./141/binderfs" [pid 5896] mkdir("\x2e\x02", 0777 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] <... unlink resumed>) = 0 [pid 5896] <... mkdir resumed>) = 0 [pid 5016] umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] umount2("\x2e\x2f\x31\x34\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5896] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5895] <... write resumed>) = 2097152 [pid 5016] newfstatat(AT_FDCWD, "./141/binderfs", [pid 5895] munmap(0x7f362c399000, 2097152 [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5895] <... munmap resumed>) = 0 [pid 5016] unlink("./141/binderfs") = 0 [pid 5016] umount2("\x2e\x2f\x31\x34\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [ 168.555748][ T5896] loop3: detected capacity change from 0 to 2048 [pid 5895] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 7 [pid 5895] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5895] ioctl(7, LOOP_CLR_FD) = 0 [pid 5018] <... umount2 resumed>) = 0 [pid 5895] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5895] close(7) = 0 [pid 5895] close(6 [pid 5018] umount2("\x2e\x2f\x31\x34\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... umount2 resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] umount2("\x2e\x2f\x31\x34\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x34\x2f\x2e\x02", [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x33\x2f\x2e\x02", [pid 5018] umount2("\x2e\x2f\x31\x34\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] umount2("\x2e\x2f\x31\x34\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5018] <... openat resumed>) = 4 [pid 5018] newfstatat(4, "", [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x33\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... openat resumed>) = 4 [pid 5018] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] newfstatat(4, "", [pid 5014] <... umount2 resumed>) = 0 [pid 5018] getdents64(4, [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] getdents64(4, [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5014] umount2("\x2e\x2f\x31\x34\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5018] close(4 [pid 5015] getdents64(4, [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... close resumed>) = 0 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] rmdir("\x2e\x2f\x31\x34\x34\x2f\x2e\x02" [pid 5014] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x31\x2f\x2e\x02", [pid 5015] close(4 [pid 5018] <... rmdir resumed>) = 0 [pid 5015] <... close resumed>) = 0 [pid 5018] getdents64(3, [pid 5015] rmdir("\x2e\x2f\x31\x34\x33\x2f\x2e\x02" [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] <... rmdir resumed>) = 0 [pid 5014] umount2("\x2e\x2f\x31\x34\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] close(3 [pid 5015] getdents64(3, [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... close resumed>) = 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] rmdir("./144" [pid 5015] close(3 [pid 5014] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x31\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] <... close resumed>) = 0 [ 168.598699][ T5896] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 168.609011][ T5896] UDF-fs: Scanning with blocksize 512 failed [pid 5018] <... rmdir resumed>) = 0 [pid 5895] <... close resumed>) = 0 [pid 5018] mkdir("./145", 0777 [pid 5016] <... umount2 resumed>) = 0 [pid 5015] rmdir("./143" [pid 5014] <... openat resumed>) = 4 [pid 5895] exit_group(0 [pid 5018] <... mkdir resumed>) = 0 [pid 5895] <... exit_group resumed>) = ? [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5016] umount2("\x2e\x2f\x31\x34\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... rmdir resumed>) = 0 [pid 5014] newfstatat(4, "", [pid 5018] <... openat resumed>) = 3 [pid 5015] mkdir("./144", 0777 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... mkdir resumed>) = 0 [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5014] getdents64(4, [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] close(3 [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x31\x2f\x2e\x02", [pid 5015] <... openat resumed>) = 3 [pid 5014] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5018] <... close resumed>) = 0 [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5014] getdents64(4, [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5014] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5897 [pid 5016] umount2("\x2e\x2f\x31\x34\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] close(3 [pid 5014] close(4 [pid 5015] <... close resumed>) = 0 [pid 5014] <... close resumed>) = 0 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5014] rmdir("\x2e\x2f\x31\x34\x31\x2f\x2e\x02" [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... rmdir resumed>) = 0 [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x31\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5898 [pid 5014] getdents64(3, [pid 5016] <... openat resumed>) = 4 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] newfstatat(4, "", [pid 5014] close(3 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] <... close resumed>) = 0 [pid 5016] getdents64(4, [pid 5014] rmdir("./141" [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5014] <... rmdir resumed>) = 0 [pid 5016] getdents64(4, [pid 5014] mkdir("./142", 0777./strace-static-x86_64: Process 5897 attached [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5014] <... mkdir resumed>) = 0 [pid 5895] +++ exited with 0 +++ [pid 5016] close(4 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5897] set_robust_list(0x555557506760, 24 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5895, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=10 /* 0.10 s */} --- [pid 5016] <... close resumed>) = 0 [pid 5897] <... set_robust_list resumed>) = 0 [pid 5014] <... openat resumed>) = 3 [pid 5016] rmdir("\x2e\x2f\x31\x34\x31\x2f\x2e\x02" [pid 5014] ioctl(3, LOOP_CLR_FD [pid 5897] chdir("./145" [pid 5019] umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5897] <... chdir resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... rmdir resumed>) = 0 [pid 5014] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5897] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5896] <... mount resumed>) = 0 [pid 5019] openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] getdents64(3, [pid 5896] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5014] close(3 [pid 5897] <... prctl resumed>) = 0 [pid 5896] <... openat resumed>) = 3 [pid 5019] <... openat resumed>) = 3 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] <... close resumed>) = 0 [pid 5897] setpgid(0, 0) = 0 [pid 5019] newfstatat(3, "", [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5016] close(3./strace-static-x86_64: Process 5898 attached [pid 5897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5896] chdir("\x2e\x02" [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5898] set_robust_list(0x555557506760, 24 [pid 5896] <... chdir resumed>) = 0 [pid 5016] <... close resumed>) = 0 [pid 5898] <... set_robust_list resumed>) = 0 [pid 5897] <... openat resumed>) = 3 [pid 5896] ioctl(4, LOOP_CLR_FD [pid 5019] getdents64(3, [pid 5016] rmdir("./141" [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 5899 [pid 5898] chdir("./144" [pid 5897] write(3, "1000", 4 [pid 5896] <... ioctl resumed>) = 0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 ./strace-static-x86_64: Process 5899 attached [pid 5898] <... chdir resumed>) = 0 [pid 5897] <... write resumed>) = 4 [pid 5896] close(4 [pid 5019] umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... rmdir resumed>) = 0 [pid 5898] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5897] close(3 [pid 5896] <... close resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] mkdir("./142", 0777 [pid 5899] set_robust_list(0x555557506760, 24 [pid 5898] <... prctl resumed>) = 0 [pid 5897] <... close resumed>) = 0 [pid 5896] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] newfstatat(AT_FDCWD, "./146/binderfs", [pid 5899] <... set_robust_list resumed>) = 0 [pid 5898] setpgid(0, 0 [pid 5897] symlink("/dev/binderfs", "./binderfs" [pid 5896] <... open resumed>) = 4 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... mkdir resumed>) = 0 [pid 5899] chdir("./142" [pid 5898] <... setpgid resumed>) = 0 [pid 5897] <... symlink resumed>) = 0 [pid 5896] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] unlink("./146/binderfs" [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5899] <... chdir resumed>) = 0 [pid 5898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5897] memfd_create("syzkaller", 0 [pid 5896] <... mount resumed>) = 0 [pid 5019] <... unlink resumed>) = 0 [pid 5899] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5898] <... openat resumed>) = 3 [pid 5897] <... memfd_create resumed>) = 3 [ 168.643671][ T5896] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5896] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5019] umount2("\x2e\x2f\x31\x34\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... openat resumed>) = 3 [pid 5899] <... prctl resumed>) = 0 [pid 5898] write(3, "1000", 4 [pid 5897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5896] <... open resumed>) = 5 [pid 5019] <... umount2 resumed>) = 0 [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5899] setpgid(0, 0 [pid 5898] <... write resumed>) = 4 [pid 5897] <... mmap resumed>) = 0x7f3634699000 [pid 5896] openat(AT_FDCWD, NULL, O_RDWR [pid 5019] umount2("\x2e\x2f\x31\x34\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5899] <... setpgid resumed>) = 0 [pid 5898] close(3 [pid 5896] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5898] <... close resumed>) = 0 [pid 5896] ftruncate(-1, 2 [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x36\x2f\x2e\x02", [pid 5898] symlink("/dev/binderfs", "./binderfs" [pid 5896] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5898] <... symlink resumed>) = 0 [pid 5896] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] close(3 [pid 5899] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5898] memfd_create("syzkaller", 0 [pid 5896] <... mmap resumed>) = 0x20000000 [pid 5019] umount2("\x2e\x2f\x31\x34\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... close resumed>) = 0 [pid 5899] <... openat resumed>) = 3 [pid 5898] <... memfd_create resumed>) = 3 [pid 5897] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5896] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5899] write(3, "1000", 4 [pid 5898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5896] <... open resumed>) = -1 EFAULT (Bad address) [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5899] <... write resumed>) = 4 [pid 5898] <... mmap resumed>) = 0x7f3634699000 [pid 5896] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5019] <... openat resumed>) = 4 [pid 5899] close(3 [pid 5898] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5896] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5019] newfstatat(4, "", [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5900 ./strace-static-x86_64: Process 5900 attached [pid 5899] <... close resumed>) = 0 [pid 5897] <... write resumed>) = 1048576 [pid 5896] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5900] set_robust_list(0x555557506760, 24 [pid 5899] symlink("/dev/binderfs", "./binderfs" [pid 5896] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5019] getdents64(4, [pid 5900] <... set_robust_list resumed>) = 0 [pid 5899] <... symlink resumed>) = 0 [pid 5897] munmap(0x7f3634699000, 1048576 [pid 5896] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5896] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5019] getdents64(4, [pid 5896] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5896] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5019] close(4 [pid 5896] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5019] <... close resumed>) = 0 [pid 5896] memfd_create("syzkaller", 0 [pid 5019] rmdir("\x2e\x2f\x31\x34\x36\x2f\x2e\x02" [pid 5896] <... memfd_create resumed>) = 6 [pid 5019] <... rmdir resumed>) = 0 [pid 5896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] getdents64(3, [pid 5900] chdir("./142" [pid 5899] memfd_create("syzkaller", 0 [pid 5896] <... mmap resumed>) = 0x7f362c399000 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5897] <... munmap resumed>) = 0 [pid 5896] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5019] close(3 [pid 5900] <... chdir resumed>) = 0 [pid 5899] <... memfd_create resumed>) = 3 [pid 5897] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5896] exit_group(0 [pid 5019] <... close resumed>) = 0 [pid 5900] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5897] <... openat resumed>) = 4 [pid 5896] <... exit_group resumed>) = ? [pid 5019] rmdir("./146" [pid 5900] <... prctl resumed>) = 0 [pid 5899] <... mmap resumed>) = 0x7f3634699000 [pid 5897] ioctl(4, LOOP_SET_FD, 3 [pid 5896] +++ exited with 0 +++ [pid 5019] <... rmdir resumed>) = 0 [pid 5898] <... write resumed>) = 1048576 [pid 5019] mkdir("./147", 0777 [pid 5900] setpgid(0, 0 [pid 5019] <... mkdir resumed>) = 0 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5896, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5017] restart_syscall(<... resuming interrupted clone ...> [pid 5019] <... openat resumed>) = 3 [pid 5017] <... restart_syscall resumed>) = 0 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5900] <... setpgid resumed>) = 0 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5019] close(3 [pid 5017] umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... close resumed>) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5017] openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5901 [pid 5017] newfstatat(3, "", [pid 5898] munmap(0x7f3634699000, 1048576 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5898] <... munmap resumed>) = 0 [pid 5897] <... ioctl resumed>) = 0 [pid 5017] getdents64(3, [pid 5900] <... openat resumed>) = 3 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5900] write(3, "1000", 4 [pid 5899] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5898] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5017] umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5900] <... write resumed>) = 4 [pid 5898] <... openat resumed>) = 4 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5901 attached [pid 5900] close(3 [pid 5898] ioctl(4, LOOP_SET_FD, 3 [pid 5017] newfstatat(AT_FDCWD, "./142/binderfs", [pid 5901] set_robust_list(0x555557506760, 24 [pid 5900] <... close resumed>) = 0 [pid 5897] close(3 [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5901] <... set_robust_list resumed>) = 0 [pid 5900] symlink("/dev/binderfs", "./binderfs" [pid 5897] <... close resumed>) = 0 [pid 5017] unlink("./142/binderfs" [pid 5901] chdir("./147" [pid 5900] <... symlink resumed>) = 0 [pid 5897] mkdir("\x2e\x02", 0777 [pid 5017] <... unlink resumed>) = 0 [pid 5901] <... chdir resumed>) = 0 [pid 5017] umount2("\x2e\x2f\x31\x34\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5901] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5900] memfd_create("syzkaller", 0 [pid 5899] <... write resumed>) = 1048576 [pid 5897] <... mkdir resumed>) = 0 [pid 5901] <... prctl resumed>) = 0 [pid 5901] setpgid(0, 0) = 0 [pid 5901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5901] write(3, "1000", 4) = 4 [pid 5901] close(3) = 0 [pid 5901] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5901] memfd_create("syzkaller", 0) = 3 [pid 5017] <... umount2 resumed>) = 0 [pid 5901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5900] <... memfd_create resumed>) = 3 [pid 5899] munmap(0x7f3634699000, 1048576 [ 168.774883][ T5897] loop4: detected capacity change from 0 to 2048 [ 168.791235][ T5898] loop1: detected capacity change from 0 to 2048 [pid 5897] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5901] <... mmap resumed>) = 0x7f3634699000 [pid 5900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5901] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5900] <... mmap resumed>) = 0x7f3634699000 [pid 5899] <... munmap resumed>) = 0 [pid 5898] <... ioctl resumed>) = 0 [pid 5898] close(3) = 0 [pid 5898] mkdir("\x2e\x02", 0777) = 0 [pid 5898] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5900] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5899] ioctl(4, LOOP_SET_FD, 3 [pid 5017] umount2("\x2e\x2f\x31\x34\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5899] <... ioctl resumed>) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5899] close(3 [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x32\x2f\x2e\x02", [pid 5899] <... close resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5899] mkdir("\x2e\x02", 0777 [pid 5017] umount2("\x2e\x2f\x31\x34\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5899] <... mkdir resumed>) = 0 [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5899] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [pid 5017] <... openat resumed>) = 4 [pid 5017] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5017] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5017] close(4 [pid 5900] <... write resumed>) = 1048576 [pid 5901] <... write resumed>) = 1048576 [pid 5017] <... close resumed>) = 0 [ 168.827723][ T5897] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 168.843162][ T5899] loop0: detected capacity change from 0 to 2048 [ 168.846434][ T5898] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 168.866615][ T5897] UDF-fs: Scanning with blocksize 512 failed [pid 5017] rmdir("\x2e\x2f\x31\x34\x32\x2f\x2e\x02" [pid 5901] munmap(0x7f3634699000, 1048576) = 0 [pid 5017] <... rmdir resumed>) = 0 [pid 5900] munmap(0x7f3634699000, 1048576 [pid 5017] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5017] close(3) = 0 [pid 5017] rmdir("./142" [pid 5901] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5900] <... munmap resumed>) = 0 [pid 5901] <... openat resumed>) = 4 [pid 5017] <... rmdir resumed>) = 0 [pid 5901] ioctl(4, LOOP_SET_FD, 3 [pid 5900] openat(AT_FDCWD, "/dev/loop2", O_RDWR [ 168.896368][ T5899] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 168.919021][ T5899] UDF-fs: Scanning with blocksize 512 failed [ 168.920169][ T5901] loop5: detected capacity change from 0 to 2048 [ 168.927271][ T5898] UDF-fs: Scanning with blocksize 512 failed [pid 5017] mkdir("./143", 0777 [pid 5900] <... openat resumed>) = 4 [pid 5017] <... mkdir resumed>) = 0 [pid 5897] <... mount resumed>) = 0 [pid 5897] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5897] chdir("\x2e\x02") = 0 [pid 5897] ioctl(4, LOOP_CLR_FD) = 0 [pid 5900] ioctl(4, LOOP_SET_FD, 3 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5897] close(4) = 0 [pid 5897] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5901] <... ioctl resumed>) = 0 [pid 5901] close(3) = 0 [pid 5901] mkdir("\x2e\x02", 0777 [pid 5897] <... open resumed>) = 4 [pid 5897] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5901] <... mkdir resumed>) = 0 [pid 5901] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5897] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5900] <... ioctl resumed>) = 0 [pid 5017] <... openat resumed>) = 3 [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5900] close(3 [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5900] <... close resumed>) = 0 [ 168.941707][ T5897] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 168.941880][ T5899] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 168.964690][ T5900] loop2: detected capacity change from 0 to 2048 [pid 5017] close(3 [pid 5897] openat(AT_FDCWD, NULL, O_RDWR [pid 5017] <... close resumed>) = 0 [pid 5900] mkdir("\x2e\x02", 0777 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5902 attached [pid 5900] <... mkdir resumed>) = 0 [pid 5899] <... mount resumed>) = 0 [pid 5898] <... mount resumed>) = 0 [pid 5897] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5902] set_robust_list(0x555557506760, 24 [pid 5900] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5899] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5898] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5902 [pid 5902] <... set_robust_list resumed>) = 0 [pid 5897] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5902] chdir("./143" [pid 5899] <... openat resumed>) = 3 [pid 5902] <... chdir resumed>) = 0 [pid 5899] chdir("\x2e\x02" [pid 5902] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5899] <... chdir resumed>) = 0 [ 168.997250][ T5898] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 169.034949][ T5900] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [pid 5897] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5902] <... prctl resumed>) = 0 [pid 5899] ioctl(4, LOOP_CLR_FD [pid 5898] <... openat resumed>) = 3 [pid 5897] <... mmap resumed>) = 0x20000000 [pid 5897] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5897] memfd_create("syzkaller", 0) = 6 [pid 5897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5902] setpgid(0, 0) = 0 [pid 5899] <... ioctl resumed>) = 0 [pid 5898] chdir("\x2e\x02" [pid 5899] close(4 [pid 5898] <... chdir resumed>) = 0 [pid 5902] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5899] <... close resumed>) = 0 [pid 5898] ioctl(4, LOOP_CLR_FD [pid 5902] <... openat resumed>) = 3 [pid 5899] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5898] <... ioctl resumed>) = 0 [pid 5902] write(3, "1000", 4 [pid 5898] close(4 [pid 5902] <... write resumed>) = 4 [pid 5899] <... open resumed>) = 4 [pid 5898] <... close resumed>) = 0 [pid 5902] close(3 [pid 5899] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5898] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5902] <... close resumed>) = 0 [ 169.043394][ T5901] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 169.066683][ T5901] UDF-fs: Scanning with blocksize 512 failed [pid 5902] symlink("/dev/binderfs", "./binderfs" [pid 5899] <... mount resumed>) = 0 [pid 5898] <... open resumed>) = 4 [pid 5902] <... symlink resumed>) = 0 [pid 5899] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5898] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5902] memfd_create("syzkaller", 0 [pid 5899] <... open resumed>) = 5 [pid 5898] <... mount resumed>) = 0 [pid 5902] <... memfd_create resumed>) = 3 [pid 5898] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5899] openat(AT_FDCWD, NULL, O_RDWR [pid 5902] <... mmap resumed>) = 0x7f3634699000 [pid 5898] <... open resumed>) = 5 [pid 5899] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5899] ftruncate(-1, 2 [pid 5898] openat(AT_FDCWD, NULL, O_RDWR [pid 5899] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5898] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5899] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5898] ftruncate(-1, 2 [pid 5899] <... mmap resumed>) = 0x20000000 [pid 5899] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5898] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5898] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5899] <... open resumed>) = -1 EFAULT (Bad address) [pid 5898] <... mmap resumed>) = 0x20000000 [pid 5898] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5899] memfd_create("syzkaller", 0 [pid 5902] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5899] <... memfd_create resumed>) = 6 [pid 5898] memfd_create("syzkaller", 0 [pid 5899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5898] <... memfd_create resumed>) = 6 [pid 5902] <... write resumed>) = 1048576 [pid 5899] <... mmap resumed>) = 0x7f362c399000 [pid 5898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5897] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5898] <... mmap resumed>) = 0x7f362c399000 [ 169.090663][ T5900] UDF-fs: Scanning with blocksize 512 failed [ 169.114783][ T5901] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5901] <... mount resumed>) = 0 [pid 5901] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5901] chdir("\x2e\x02") = 0 [pid 5901] ioctl(4, LOOP_CLR_FD [pid 5902] munmap(0x7f3634699000, 1048576 [pid 5901] <... ioctl resumed>) = 0 [pid 5901] close(4) = 0 [pid 5901] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5902] <... munmap resumed>) = 0 [pid 5901] <... open resumed>) = 4 [pid 5902] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5901] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5902] <... openat resumed>) = 4 [pid 5901] <... mount resumed>) = 0 [pid 5902] ioctl(4, LOOP_SET_FD, 3 [pid 5901] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [ 169.145886][ T5900] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5900] <... mount resumed>) = 0 [pid 5901] <... open resumed>) = 5 [pid 5900] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5901] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5900] <... openat resumed>) = 3 [pid 5901] ftruncate(-1, 2 [pid 5900] chdir("\x2e\x02" [pid 5901] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5900] <... chdir resumed>) = 0 [pid 5901] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5900] ioctl(4, LOOP_CLR_FD [pid 5901] <... mmap resumed>) = 0x20000000 [pid 5900] <... ioctl resumed>) = 0 [pid 5901] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5900] close(4 [pid 5901] memfd_create("syzkaller", 0 [pid 5900] <... close resumed>) = 0 [pid 5901] <... memfd_create resumed>) = 6 [pid 5900] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5900] <... open resumed>) = 4 [pid 5901] <... mmap resumed>) = 0x7f362c399000 [pid 5900] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5902] <... ioctl resumed>) = 0 [pid 5900] <... mount resumed>) = 0 [pid 5899] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5898] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5900] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5900] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5902] close(3 [pid 5900] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5902] <... close resumed>) = 0 [pid 5900] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5902] mkdir("\x2e\x02", 0777 [pid 5900] <... mmap resumed>) = 0x20000000 [pid 5900] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5902] <... mkdir resumed>) = 0 [pid 5900] memfd_create("syzkaller", 0 [pid 5902] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5900] <... memfd_create resumed>) = 6 [pid 5900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [ 169.193909][ T5902] loop3: detected capacity change from 0 to 2048 [pid 5897] <... write resumed>) = 2097152 [pid 5897] munmap(0x7f362c399000, 2097152 [pid 5901] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5897] <... munmap resumed>) = 0 [pid 5897] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 7 [pid 5897] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5897] ioctl(7, LOOP_CLR_FD) = 0 [pid 5897] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5897] close(7) = 0 [pid 5897] close(6 [pid 5900] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5898] <... write resumed>) = 2097152 [pid 5899] <... write resumed>) = 2097152 [pid 5898] munmap(0x7f362c399000, 2097152 [pid 5899] munmap(0x7f362c399000, 2097152) = 0 [pid 5898] <... munmap resumed>) = 0 [ 169.260791][ T5902] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 169.294381][ T5902] UDF-fs: Scanning with blocksize 512 failed [pid 5898] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 7 [pid 5897] <... close resumed>) = 0 [pid 5899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 5899] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5898] ioctl(7, LOOP_SET_FD, 6 [pid 5897] exit_group(0 [pid 5899] ioctl(7, LOOP_CLR_FD [pid 5897] <... exit_group resumed>) = ? [pid 5899] <... ioctl resumed>) = 0 [pid 5898] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5897] +++ exited with 0 +++ [pid 5901] <... write resumed>) = 2097152 [pid 5899] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5899] close(7 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5897, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5898] ioctl(7, LOOP_CLR_FD [pid 5899] <... close resumed>) = 0 [pid 5899] close(6 [pid 5898] <... ioctl resumed>) = 0 [pid 5018] umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5018] openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5898] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5018] <... openat resumed>) = 3 [pid 5902] <... mount resumed>) = 0 [pid 5898] close(7 [pid 5018] newfstatat(3, "", [pid 5898] <... close resumed>) = 0 [pid 5898] close(6 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5899] <... close resumed>) = 0 [pid 5018] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5018] umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(AT_FDCWD, "./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] unlink("./145/binderfs" [pid 5902] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5018] <... unlink resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x34\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5902] <... openat resumed>) = 3 [ 169.337549][ T5902] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5899] exit_group(0 [pid 5902] chdir("\x2e\x02" [pid 5901] munmap(0x7f362c399000, 2097152 [pid 5900] <... write resumed>) = 2097152 [pid 5018] <... umount2 resumed>) = 0 [pid 5899] <... exit_group resumed>) = ? [pid 5018] umount2("\x2e\x2f\x31\x34\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x35\x2f\x2e\x02", [pid 5902] <... chdir resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5902] ioctl(4, LOOP_CLR_FD [pid 5018] umount2("\x2e\x2f\x31\x34\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5902] <... ioctl resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5902] close(4 [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x35\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5902] <... close resumed>) = 0 [pid 5900] munmap(0x7f362c399000, 2097152 [pid 5899] +++ exited with 0 +++ [pid 5018] <... openat resumed>) = 4 [pid 5902] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5900] <... munmap resumed>) = 0 [pid 5898] <... close resumed>) = 0 [pid 5018] newfstatat(4, "", [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5899, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5901] <... munmap resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5902] <... open resumed>) = 4 [pid 5018] getdents64(4, [pid 5902] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5901] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5898] exit_group(0 [pid 5901] <... openat resumed>) = 7 [pid 5900] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5902] <... mount resumed>) = 0 [pid 5901] ioctl(7, LOOP_SET_FD, 6 [pid 5900] <... openat resumed>) = 7 [pid 5898] <... exit_group resumed>) = ? [pid 5018] getdents64(4, [pid 5014] umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5902] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5901] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5900] ioctl(7, LOOP_SET_FD, 6 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5902] <... open resumed>) = 5 [pid 5901] ioctl(7, LOOP_CLR_FD [pid 5900] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5018] close(4 [pid 5014] openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5902] openat(AT_FDCWD, NULL, O_RDWR [pid 5901] <... ioctl resumed>) = 0 [pid 5900] ioctl(7, LOOP_CLR_FD [pid 5898] +++ exited with 0 +++ [pid 5018] <... close resumed>) = 0 [pid 5902] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5900] <... ioctl resumed>) = 0 [pid 5018] rmdir("\x2e\x2f\x31\x34\x35\x2f\x2e\x02" [pid 5014] <... openat resumed>) = 3 [pid 5902] ftruncate(-1, 2 [pid 5901] ioctl(7, LOOP_SET_FD, 6 [pid 5018] <... rmdir resumed>) = 0 [pid 5902] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5901] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5018] getdents64(3, [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5898, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5014] newfstatat(3, "", [pid 5902] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5901] close(7 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5902] <... mmap resumed>) = 0x20000000 [pid 5901] <... close resumed>) = 0 [pid 5900] ioctl(7, LOOP_SET_FD, 6 [pid 5018] close(3 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5902] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5901] close(6 [pid 5900] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5018] <... close resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] getdents64(3, [pid 5902] <... open resumed>) = -1 EFAULT (Bad address) [pid 5900] close(7 [pid 5018] rmdir("./145" [pid 5015] openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5900] <... close resumed>) = 0 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5900] close(6 [pid 5902] memfd_create("syzkaller", 0 [pid 5018] <... rmdir resumed>) = 0 [pid 5015] <... openat resumed>) = 3 [pid 5014] umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5902] <... memfd_create resumed>) = 6 [pid 5018] mkdir("./146", 0777 [pid 5015] newfstatat(3, "", [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5018] <... mkdir resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] newfstatat(AT_FDCWD, "./142/binderfs", [pid 5901] <... close resumed>) = 0 [pid 5901] exit_group(0) = ? [pid 5015] getdents64(3, [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] unlink("./142/binderfs" [pid 5018] <... openat resumed>) = 3 [pid 5015] umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... unlink resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] umount2("\x2e\x2f\x31\x34\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5015] newfstatat(AT_FDCWD, "./144/binderfs", [pid 5900] <... close resumed>) = 0 [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5900] exit_group(0) = ? [pid 5900] +++ exited with 0 +++ [pid 5015] unlink("./144/binderfs" [pid 5018] close(3 [pid 5901] +++ exited with 0 +++ [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5900, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5901, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5018] <... close resumed>) = 0 [pid 5015] <... unlink resumed>) = 0 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5015] umount2("\x2e\x2f\x31\x34\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5019] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5019] umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] newfstatat(AT_FDCWD, "./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] unlink("./147/binderfs") = 0 [pid 5019] umount2("\x2e\x2f\x31\x34\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5903 [pid 5015] <... umount2 resumed>) = 0 [pid 5014] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 5903 attached [pid 5015] umount2("\x2e\x2f\x31\x34\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] umount2("\x2e\x2f\x31\x34\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x34\x2f\x2e\x02", [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x32\x2f\x2e\x02", [pid 5016] <... openat resumed>) = 3 [pid 5015] umount2("\x2e\x2f\x31\x34\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] newfstatat(3, "", [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] umount2("\x2e\x2f\x31\x34\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] getdents64(3, [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5903] set_robust_list(0x555557506760, 24 [pid 5019] umount2("\x2e\x2f\x31\x34\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] <... openat resumed>) = 4 [pid 5014] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5903] <... set_robust_list resumed>) = 0 [pid 5016] umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] newfstatat(4, "", [pid 5903] chdir("./146" [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... openat resumed>) = 4 [pid 5903] <... chdir resumed>) = 0 [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x37\x2f\x2e\x02", [pid 5016] newfstatat(AT_FDCWD, "./142/binderfs", [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] newfstatat(4, "", [pid 5903] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] getdents64(4, [pid 5903] <... prctl resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x34\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5903] setpgid(0, 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] unlink("./142/binderfs" [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5014] getdents64(4, [pid 5903] <... setpgid resumed>) = 0 [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x37\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] <... unlink resumed>) = 0 [pid 5015] getdents64(4, [pid 5014] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5019] <... openat resumed>) = 4 [pid 5016] umount2("\x2e\x2f\x31\x34\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5903] <... openat resumed>) = 3 [pid 5019] newfstatat(4, "", [pid 5014] getdents64(4, [pid 5903] write(3, "1000", 4 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] close(4 [pid 5014] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5903] <... write resumed>) = 4 [pid 5902] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2081675 [pid 5019] getdents64(4, [pid 5903] close(3 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] <... close resumed>) = 0 [pid 5014] close(4 [pid 5903] <... close resumed>) = 0 [pid 5019] getdents64(4, [pid 5015] rmdir("\x2e\x2f\x31\x34\x34\x2f\x2e\x02" [pid 5903] symlink("/dev/binderfs", "./binderfs" [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5014] <... close resumed>) = 0 [pid 5903] <... symlink resumed>) = 0 [pid 5019] close(4 [pid 5015] <... rmdir resumed>) = 0 [pid 5903] memfd_create("syzkaller", 0 [pid 5019] <... close resumed>) = 0 [pid 5014] rmdir("\x2e\x2f\x31\x34\x32\x2f\x2e\x02" [pid 5903] <... memfd_create resumed>) = 3 [pid 5019] rmdir("\x2e\x2f\x31\x34\x37\x2f\x2e\x02" [pid 5015] getdents64(3, [pid 5903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5014] <... rmdir resumed>) = 0 [pid 5903] <... mmap resumed>) = 0x7f3634699000 [pid 5019] getdents64(3, [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] getdents64(3, [pid 5903] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] <... umount2 resumed>) = 0 [pid 5015] close(3 [pid 5019] close(3 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5019] <... close resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x34\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... close resumed>) = 0 [pid 5014] close(3 [pid 5019] rmdir("./147" [pid 5015] rmdir("./144" [pid 5019] <... rmdir resumed>) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... close resumed>) = 0 [pid 5019] mkdir("./148", 0777) = 0 [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x32\x2f\x2e\x02", [pid 5015] <... rmdir resumed>) = 0 [pid 5014] rmdir("./142" [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] <... openat resumed>) = 3 [pid 5015] mkdir("./145", 0777 [pid 5016] umount2("\x2e\x2f\x31\x34\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... rmdir resumed>) = 0 [pid 5019] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5019] close(3 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... mkdir resumed>) = 0 [pid 5014] mkdir("./143", 0777 [pid 5019] <... close resumed>) = 0 [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5016] <... openat resumed>) = 4 [pid 5015] <... openat resumed>) = 3 [pid 5014] <... mkdir resumed>) = 0 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5904 [pid 5016] newfstatat(4, "", [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5014] <... openat resumed>) = 3 [pid 5016] getdents64(4, [pid 5015] close(3 [pid 5014] ioctl(3, LOOP_CLR_FD [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] <... close resumed>) = 0 [pid 5014] <... ioctl resumed>) = 0 [pid 5016] getdents64(4, [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5014] close(3 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 5904 attached [pid 5904] set_robust_list(0x555557506760, 24 [pid 5014] <... close resumed>) = 0 [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5016] close(4 [pid 5904] <... set_robust_list resumed>) = 0 [pid 5903] <... write resumed>) = 1048576 [pid 5016] <... close resumed>) = 0 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5905 [pid 5904] chdir("./148" [pid 5016] rmdir("\x2e\x2f\x31\x34\x32\x2f\x2e\x02" [pid 5904] <... chdir resumed>) = 0 [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 5906 [pid 5904] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5016] <... rmdir resumed>) = 0 [pid 5904] <... prctl resumed>) = 0 [pid 5016] getdents64(3, [pid 5904] setpgid(0, 0 [pid 5903] munmap(0x7f3634699000, 1048576 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5904] <... setpgid resumed>) = 0 [pid 5903] <... munmap resumed>) = 0 [pid 5016] close(3 [pid 5904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5016] <... close resumed>) = 0 ./strace-static-x86_64: Process 5906 attached ./strace-static-x86_64: Process 5905 attached [pid 5904] <... openat resumed>) = 3 [pid 5903] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5016] rmdir("./142" [pid 5906] set_robust_list(0x555557506760, 24 [pid 5905] set_robust_list(0x555557506760, 24 [pid 5904] write(3, "1000", 4 [pid 5903] <... openat resumed>) = 4 [pid 5904] <... write resumed>) = 4 [pid 5016] <... rmdir resumed>) = 0 [pid 5906] <... set_robust_list resumed>) = 0 [pid 5905] <... set_robust_list resumed>) = 0 [pid 5904] close(3 [pid 5903] ioctl(4, LOOP_SET_FD, 3 [pid 5906] chdir("./143" [pid 5905] chdir("./145" [pid 5904] <... close resumed>) = 0 [pid 5016] mkdir("./143", 0777 [pid 5906] <... chdir resumed>) = 0 [pid 5905] <... chdir resumed>) = 0 [pid 5904] symlink("/dev/binderfs", "./binderfs" [pid 5902] <... write resumed>) = 2081675 [pid 5906] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5905] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5904] <... symlink resumed>) = 0 [pid 5902] munmap(0x7f362c399000, 2081675 [pid 5016] <... mkdir resumed>) = 0 [pid 5906] <... prctl resumed>) = 0 [pid 5905] <... prctl resumed>) = 0 [pid 5904] memfd_create("syzkaller", 0 [pid 5906] setpgid(0, 0 [pid 5905] setpgid(0, 0 [pid 5904] <... memfd_create resumed>) = 3 [pid 5902] <... munmap resumed>) = 0 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5906] <... setpgid resumed>) = 0 [pid 5905] <... setpgid resumed>) = 0 [pid 5904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5902] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5904] <... mmap resumed>) = 0x7f3634699000 [pid 5902] <... openat resumed>) = 7 [pid 5016] <... openat resumed>) = 3 [pid 5906] <... openat resumed>) = 3 [pid 5905] <... openat resumed>) = 3 [pid 5904] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5902] ioctl(7, LOOP_SET_FD, 6 [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5906] write(3, "1000", 4 [pid 5905] write(3, "1000", 4 [pid 5902] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5906] <... write resumed>) = 4 [pid 5905] <... write resumed>) = 4 [pid 5904] <... write resumed>) = 1048576 [pid 5902] ioctl(7, LOOP_CLR_FD [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5906] close(3 [pid 5905] close(3 [pid 5902] <... ioctl resumed>) = 0 [pid 5016] close(3 [pid 5906] <... close resumed>) = 0 [pid 5905] <... close resumed>) = 0 [pid 5906] symlink("/dev/binderfs", "./binderfs" [pid 5905] symlink("/dev/binderfs", "./binderfs" [pid 5903] <... ioctl resumed>) = 0 [pid 5016] <... close resumed>) = 0 [pid 5903] close(3 [ 169.562219][ T5903] loop4: detected capacity change from 0 to 2048 [pid 5906] <... symlink resumed>) = 0 [pid 5905] <... symlink resumed>) = 0 [pid 5903] <... close resumed>) = 0 [pid 5902] ioctl(7, LOOP_SET_FD, 6 [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5906] memfd_create("syzkaller", 0 [pid 5903] mkdir("\x2e\x02", 0777 [pid 5906] <... memfd_create resumed>) = 3 [pid 5905] memfd_create("syzkaller", 0 [pid 5903] <... mkdir resumed>) = 0 [pid 5902] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 5907 attached [pid 5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5905] <... memfd_create resumed>) = 3 [pid 5903] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5902] close(7 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5907 [pid 5907] set_robust_list(0x555557506760, 24 [pid 5906] <... mmap resumed>) = 0x7f3634699000 [pid 5905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5902] <... close resumed>) = 0 [pid 5907] <... set_robust_list resumed>) = 0 [pid 5907] chdir("./143" [pid 5906] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5905] <... mmap resumed>) = 0x7f3634699000 [pid 5902] close(6 [pid 5907] <... chdir resumed>) = 0 [pid 5904] munmap(0x7f3634699000, 1048576) = 0 [pid 5904] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5904] ioctl(4, LOOP_SET_FD, 3 [pid 5907] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5905] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5907] <... prctl resumed>) = 0 [pid 5907] setpgid(0, 0) = 0 [pid 5907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5907] write(3, "1000", 4) = 4 [pid 5907] close(3) = 0 [pid 5907] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5907] memfd_create("syzkaller", 0) = 3 [pid 5907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5907] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5904] <... ioctl resumed>) = 0 [pid 5904] close(3) = 0 [pid 5902] <... close resumed>) = 0 [pid 5904] mkdir("\x2e\x02", 0777) = 0 [pid 5904] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5902] exit_group(0 [pid 5906] <... write resumed>) = 1048576 [pid 5902] <... exit_group resumed>) = ? [pid 5906] munmap(0x7f3634699000, 1048576) = 0 [ 169.637574][ T5903] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 169.652107][ T5904] loop5: detected capacity change from 0 to 2048 [ 169.673383][ T5903] UDF-fs: Scanning with blocksize 512 failed [pid 5907] <... write resumed>) = 1048576 [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5905] <... write resumed>) = 1048576 [pid 5907] munmap(0x7f3634699000, 1048576 [pid 5906] <... openat resumed>) = 4 [pid 5905] munmap(0x7f3634699000, 1048576 [pid 5907] <... munmap resumed>) = 0 [pid 5906] ioctl(4, LOOP_SET_FD, 3 [pid 5902] +++ exited with 0 +++ [pid 5907] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5905] <... munmap resumed>) = 0 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5902, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- [pid 5907] <... openat resumed>) = 4 [pid 5905] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5017] restart_syscall(<... resuming interrupted clone ...> [pid 5907] ioctl(4, LOOP_SET_FD, 3 [pid 5906] <... ioctl resumed>) = 0 [pid 5905] <... openat resumed>) = 4 [pid 5017] <... restart_syscall resumed>) = 0 [ 169.705465][ T5904] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 169.713150][ T5904] UDF-fs: Scanning with blocksize 512 failed [ 169.734099][ T5906] loop0: detected capacity change from 0 to 2048 [ 169.746179][ T5903] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5017] umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5017] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(AT_FDCWD, "./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] unlink("./143/binderfs") = 0 [pid 5906] close(3 [pid 5905] ioctl(4, LOOP_SET_FD, 3 [pid 5017] umount2("\x2e\x2f\x31\x34\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5903] <... mount resumed>) = 0 [pid 5906] <... close resumed>) = 0 [pid 5906] mkdir("\x2e\x02", 0777) = 0 [pid 5017] <... umount2 resumed>) = 0 [pid 5906] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [pid 5017] umount2("\x2e\x2f\x31\x34\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x33\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5905] <... ioctl resumed>) = 0 [pid 5905] close(3 [pid 5017] umount2("\x2e\x2f\x31\x34\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5907] <... ioctl resumed>) = 0 [pid 5905] <... close resumed>) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5907] close(3 [pid 5905] mkdir("\x2e\x02", 0777 [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x33\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5903] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5017] <... openat resumed>) = 4 [pid 5907] <... close resumed>) = 0 [pid 5903] <... openat resumed>) = 3 [pid 5017] newfstatat(4, "", [pid 5907] mkdir("\x2e\x02", 0777 [pid 5905] <... mkdir resumed>) = 0 [pid 5903] chdir("\x2e\x02" [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5903] <... chdir resumed>) = 0 [pid 5017] getdents64(4, [pid 5903] ioctl(4, LOOP_CLR_FD [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5903] <... ioctl resumed>) = 0 [pid 5017] getdents64(4, [pid 5903] close(4 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5903] <... close resumed>) = 0 [pid 5017] close(4 [pid 5903] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5017] <... close resumed>) = 0 [pid 5903] <... open resumed>) = 4 [pid 5017] rmdir("\x2e\x2f\x31\x34\x33\x2f\x2e\x02" [pid 5907] <... mkdir resumed>) = 0 [pid 5905] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5903] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5017] <... rmdir resumed>) = 0 [pid 5907] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5903] <... mount resumed>) = 0 [pid 5017] getdents64(3, [pid 5903] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [ 169.762770][ T5907] loop2: detected capacity change from 0 to 2048 [ 169.771027][ T5905] loop1: detected capacity change from 0 to 2048 [ 169.792037][ T5906] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [pid 5903] <... open resumed>) = 5 [pid 5017] close(3 [pid 5903] openat(AT_FDCWD, NULL, O_RDWR [pid 5017] <... close resumed>) = 0 [pid 5903] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5017] rmdir("./143" [pid 5903] ftruncate(-1, 2 [pid 5017] <... rmdir resumed>) = 0 [pid 5903] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5017] mkdir("./144", 0777 [pid 5903] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5017] <... mkdir resumed>) = 0 [pid 5903] <... mmap resumed>) = 0x20000000 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5903] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5017] <... openat resumed>) = 3 [pid 5903] <... open resumed>) = -1 EFAULT (Bad address) [ 169.818765][ T5905] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 169.821916][ T5904] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 169.836530][ T5906] UDF-fs: Scanning with blocksize 512 failed [ 169.836669][ T5907] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 169.857071][ T5905] UDF-fs: Scanning with blocksize 512 failed [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5903] memfd_create("syzkaller", 0 [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5903] <... memfd_create resumed>) = 6 [pid 5017] close(3 [pid 5903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] <... close resumed>) = 0 [pid 5903] <... mmap resumed>) = 0x7f362c399000 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 5908 [pid 5903] munmap(0x7f362c399000, 138412032) = 0 ./strace-static-x86_64: Process 5908 attached [pid 5903] close(6) = 0 [pid 5908] set_robust_list(0x555557506760, 24 [pid 5903] exit_group(0 [pid 5908] <... set_robust_list resumed>) = 0 [pid 5903] <... exit_group resumed>) = ? [pid 5908] chdir("./144" [pid 5903] +++ exited with 0 +++ [pid 5908] <... chdir resumed>) = 0 [pid 5908] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5905] <... mount resumed>) = 0 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5903, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5908] setpgid(0, 0 [pid 5905] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5018] restart_syscall(<... resuming interrupted clone ...> [pid 5908] <... setpgid resumed>) = 0 [pid 5905] <... openat resumed>) = 3 [pid 5018] <... restart_syscall resumed>) = 0 [pid 5908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5905] chdir("\x2e\x02" [pid 5908] <... openat resumed>) = 3 [pid 5905] <... chdir resumed>) = 0 [pid 5908] write(3, "1000", 4) = 4 [pid 5905] ioctl(4, LOOP_CLR_FD [pid 5018] umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5908] close(3 [pid 5905] <... ioctl resumed>) = 0 [pid 5908] <... close resumed>) = 0 [pid 5905] close(4 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5908] symlink("/dev/binderfs", "./binderfs" [pid 5905] <... close resumed>) = 0 [pid 5018] openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5908] <... symlink resumed>) = 0 [pid 5018] <... openat resumed>) = 3 [pid 5908] memfd_create("syzkaller", 0 [pid 5905] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5018] newfstatat(3, "", [pid 5908] <... memfd_create resumed>) = 3 [pid 5905] <... open resumed>) = 4 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5906] <... mount resumed>) = 0 [pid 5905] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5018] getdents64(3, [pid 5908] <... mmap resumed>) = 0x7f3634699000 [pid 5905] <... mount resumed>) = 0 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [ 169.881432][ T5905] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 169.915313][ T5906] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 169.919093][ T5907] UDF-fs: Scanning with blocksize 512 failed [pid 5906] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5908] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5906] <... openat resumed>) = 3 [pid 5905] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5904] <... mount resumed>) = 0 [pid 5018] umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5908] <... write resumed>) = 1048576 [pid 5906] chdir("\x2e\x02" [pid 5905] <... open resumed>) = 5 [pid 5904] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5906] <... chdir resumed>) = 0 [pid 5905] openat(AT_FDCWD, NULL, O_RDWR [pid 5904] <... openat resumed>) = 3 [pid 5018] newfstatat(AT_FDCWD, "./146/binderfs", [pid 5906] ioctl(4, LOOP_CLR_FD [pid 5905] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5904] chdir("\x2e\x02" [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5906] <... ioctl resumed>) = 0 [pid 5905] ftruncate(-1, 2 [pid 5904] <... chdir resumed>) = 0 [pid 5018] unlink("./146/binderfs" [pid 5906] close(4 [pid 5905] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5904] ioctl(4, LOOP_CLR_FD [pid 5906] <... close resumed>) = 0 [pid 5905] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5904] <... ioctl resumed>) = 0 [pid 5018] <... unlink resumed>) = 0 [pid 5906] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5905] <... mmap resumed>) = 0x20000000 [pid 5904] close(4 [pid 5018] umount2("\x2e\x2f\x31\x34\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5904] <... close resumed>) = 0 [pid 5904] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5906] <... open resumed>) = 4 [pid 5904] <... open resumed>) = 4 [pid 5908] munmap(0x7f3634699000, 1048576 [pid 5906] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5905] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5904] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5908] <... munmap resumed>) = 0 [pid 5906] <... mount resumed>) = 0 [pid 5905] <... open resumed>) = -1 EFAULT (Bad address) [pid 5904] <... mount resumed>) = 0 [pid 5906] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5904] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5906] <... open resumed>) = 5 [pid 5904] openat(AT_FDCWD, NULL, O_RDWR [pid 5906] openat(AT_FDCWD, NULL, O_RDWR [pid 5905] memfd_create("syzkaller", 0 [pid 5904] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5908] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5906] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5905] <... memfd_create resumed>) = 6 [pid 5904] ftruncate(-1, 2 [pid 5908] <... openat resumed>) = 4 [pid 5906] ftruncate(-1, 2 [pid 5905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5904] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5908] ioctl(4, LOOP_SET_FD, 3 [pid 5906] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5906] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5906] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5906] memfd_create("syzkaller", 0 [pid 5905] <... mmap resumed>) = 0x7f362c399000 [pid 5904] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5906] <... memfd_create resumed>) = 6 [pid 5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5904] <... mmap resumed>) = 0x20000000 [pid 5018] <... umount2 resumed>) = 0 [pid 5904] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5018] umount2("\x2e\x2f\x31\x34\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5904] <... open resumed>) = -1 EFAULT (Bad address) [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5904] memfd_create("syzkaller", 0 [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x36\x2f\x2e\x02", [pid 5904] <... memfd_create resumed>) = 6 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5908] <... ioctl resumed>) = 0 [pid 5904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] umount2("\x2e\x2f\x31\x34\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5908] close(3 [pid 5904] <... mmap resumed>) = 0x7f362c399000 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5908] <... close resumed>) = 0 [pid 5908] mkdir("\x2e\x02", 0777 [pid 5907] <... mount resumed>) = 0 [pid 5905] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5908] <... mkdir resumed>) = 0 [pid 5908] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5018] <... openat resumed>) = 4 [pid 5018] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 169.999948][ T5907] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 170.028125][ T5908] loop3: detected capacity change from 0 to 2048 [pid 5907] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5018] getdents64(4, [pid 5907] <... openat resumed>) = 3 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5907] chdir("\x2e\x02" [pid 5018] getdents64(4, [pid 5907] <... chdir resumed>) = 0 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5907] ioctl(4, LOOP_CLR_FD [pid 5018] close(4 [pid 5907] <... ioctl resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5907] close(4 [pid 5018] rmdir("\x2e\x2f\x31\x34\x36\x2f\x2e\x02" [pid 5907] <... close resumed>) = 0 [pid 5018] <... rmdir resumed>) = 0 [pid 5907] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5906] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5018] getdents64(3, [pid 5907] <... open resumed>) = 4 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5907] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5018] close(3 [pid 5907] <... mount resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5907] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5018] rmdir("./146" [pid 5907] <... open resumed>) = 5 [pid 5904] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5018] <... rmdir resumed>) = 0 [pid 5907] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] mkdir("./147", 0777 [pid 5907] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5018] <... mkdir resumed>) = 0 [pid 5907] ftruncate(-1, 2 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5907] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5018] <... openat resumed>) = 3 [pid 5907] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5905] <... write resumed>) = 2097152 [pid 5907] <... mmap resumed>) = 0x20000000 [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5907] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [ 170.082353][ T5908] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 170.111757][ T5908] UDF-fs: Scanning with blocksize 512 failed [pid 5018] close(3 [pid 5907] <... open resumed>) = -1 EFAULT (Bad address) [pid 5018] <... close resumed>) = 0 [pid 5907] memfd_create("syzkaller", 0 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5907] <... memfd_create resumed>) = 6 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5909 [pid 5908] <... mount resumed>) = 0 [pid 5907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5908] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 5909 attached ) = 3 [pid 5907] <... mmap resumed>) = 0x7f362c399000 [pid 5905] munmap(0x7f362c399000, 2097152 [pid 5909] set_robust_list(0x555557506760, 24 [pid 5908] chdir("\x2e\x02") = 0 [pid 5909] <... set_robust_list resumed>) = 0 [pid 5908] ioctl(4, LOOP_CLR_FD [pid 5909] chdir("./147") = 0 [pid 5908] <... ioctl resumed>) = 0 [pid 5905] <... munmap resumed>) = 0 [pid 5909] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5908] close(4 [pid 5905] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5909] <... prctl resumed>) = 0 [pid 5908] <... close resumed>) = 0 [pid 5905] <... openat resumed>) = 7 [pid 5904] <... write resumed>) = 2097152 [pid 5909] setpgid(0, 0 [pid 5908] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5907] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5906] <... write resumed>) = 2097152 [pid 5905] ioctl(7, LOOP_SET_FD, 6 [pid 5904] munmap(0x7f362c399000, 2097152 [pid 5909] <... setpgid resumed>) = 0 [pid 5908] <... open resumed>) = 4 [pid 5908] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5908] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5908] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5908] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [ 170.164510][ T5908] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5908] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5906] munmap(0x7f362c399000, 2097152 [pid 5905] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5908] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5908] memfd_create("syzkaller", 0 [pid 5909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5908] <... memfd_create resumed>) = 6 [pid 5904] <... munmap resumed>) = 0 [pid 5908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5909] <... openat resumed>) = 3 [pid 5906] <... munmap resumed>) = 0 [pid 5905] ioctl(7, LOOP_CLR_FD [pid 5904] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5905] <... ioctl resumed>) = 0 [pid 5909] write(3, "1000", 4 [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5909] <... write resumed>) = 4 [pid 5907] <... write resumed>) = 2097152 [pid 5906] <... openat resumed>) = 7 [pid 5904] <... openat resumed>) = 7 [pid 5909] close(3 [pid 5907] munmap(0x7f362c399000, 2097152 [pid 5906] ioctl(7, LOOP_SET_FD, 6 [pid 5905] ioctl(7, LOOP_SET_FD, 6 [pid 5904] ioctl(7, LOOP_SET_FD, 6 [pid 5909] <... close resumed>) = 0 [pid 5907] <... munmap resumed>) = 0 [pid 5906] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5905] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5904] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5909] symlink("/dev/binderfs", "./binderfs" [pid 5907] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5906] ioctl(7, LOOP_CLR_FD [pid 5905] close(7 [pid 5904] ioctl(7, LOOP_CLR_FD [pid 5909] <... symlink resumed>) = 0 [pid 5906] <... ioctl resumed>) = 0 [pid 5905] <... close resumed>) = 0 [pid 5904] <... ioctl resumed>) = 0 [pid 5905] close(6 [pid 5909] memfd_create("syzkaller", 0 [pid 5905] <... close resumed>) = 0 [pid 5909] <... memfd_create resumed>) = 3 [pid 5909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5906] ioctl(7, LOOP_SET_FD, 6 [pid 5909] <... mmap resumed>) = 0x7f3634699000 [pid 5906] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5907] <... openat resumed>) = 7 [pid 5907] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5907] ioctl(7, LOOP_CLR_FD) = 0 [pid 5909] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5906] close(7 [pid 5904] ioctl(7, LOOP_SET_FD, 6 [pid 5906] <... close resumed>) = 0 [pid 5904] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5907] ioctl(7, LOOP_SET_FD, 6 [pid 5906] close(6 [pid 5904] close(7 [pid 5907] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5907] close(7) = 0 [pid 5907] close(6 [pid 5906] <... close resumed>) = 0 [pid 5904] <... close resumed>) = 0 [pid 5904] close(6 [pid 5908] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5905] exit_group(0) = ? [pid 5906] exit_group(0) = ? [pid 5907] <... close resumed>) = 0 [pid 5907] exit_group(0) = ? [pid 5904] <... close resumed>) = 0 [pid 5905] +++ exited with 0 +++ [pid 5904] exit_group(0 [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5905, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=6 /* 0.06 s */} --- [pid 5904] <... exit_group resumed>) = ? [pid 5907] +++ exited with 0 +++ [pid 5906] +++ exited with 0 +++ [pid 5015] umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5907, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5906, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=5 /* 0.05 s */} --- [pid 5016] restart_syscall(<... resuming interrupted clone ...> [pid 5015] openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5908] <... write resumed>) = 2097152 [pid 5904] +++ exited with 0 +++ [pid 5016] <... restart_syscall resumed>) = 0 [pid 5015] <... openat resumed>) = 3 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5904, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5015] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] getdents64(3, [pid 5909] <... write resumed>) = 1048576 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5909] munmap(0x7f3634699000, 1048576 [pid 5016] openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5909] <... munmap resumed>) = 0 [pid 5016] <... openat resumed>) = 3 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5909] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5019] umount2("./148", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] newfstatat(3, "", [pid 5015] newfstatat(AT_FDCWD, "./145/binderfs", [pid 5014] <... openat resumed>) = 3 [pid 5909] <... openat resumed>) = 4 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] newfstatat(3, "", [pid 5909] ioctl(4, LOOP_SET_FD, 3 [pid 5019] openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] getdents64(3, [pid 5015] unlink("./145/binderfs" [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] <... unlink resumed>) = 0 [pid 5014] getdents64(3, [pid 5016] umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] umount2("\x2e\x2f\x31\x34\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] newfstatat(AT_FDCWD, "./143/binderfs", [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5909] <... ioctl resumed>) = 0 [pid 5908] munmap(0x7f362c399000, 2097152 [pid 5019] <... openat resumed>) = 3 [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... umount2 resumed>) = 0 [pid 5014] newfstatat(AT_FDCWD, "./143/binderfs", [pid 5909] close(3 [pid 5019] newfstatat(3, "", [pid 5016] unlink("./143/binderfs" [pid 5015] umount2("\x2e\x2f\x31\x34\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5909] <... close resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... unlink resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] unlink("./143/binderfs" [pid 5909] mkdir("\x2e\x02", 0777 [pid 5019] getdents64(3, [pid 5016] umount2("\x2e\x2f\x31\x34\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x35\x2f\x2e\x02", [pid 5014] <... unlink resumed>) = 0 [pid 5909] <... mkdir resumed>) = 0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] umount2("\x2e\x2f\x31\x34\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5909] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5019] umount2("./148/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] umount2("\x2e\x2f\x31\x34\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5908] <... munmap resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5908] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5019] newfstatat(AT_FDCWD, "./148/binderfs", [pid 5908] <... openat resumed>) = 7 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5908] ioctl(7, LOOP_SET_FD, 6 [pid 5019] unlink("./148/binderfs" [pid 5908] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] <... unlink resumed>) = 0 [pid 5908] ioctl(7, LOOP_CLR_FD [pid 5019] umount2("\x2e\x2f\x31\x34\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5908] <... ioctl resumed>) = 0 [pid 5908] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [ 170.359073][ T5909] loop4: detected capacity change from 0 to 2048 [pid 5908] close(7) = 0 [pid 5016] <... umount2 resumed>) = 0 [pid 5908] close(6 [pid 5016] umount2("\x2e\x2f\x31\x34\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... umount2 resumed>) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x35\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] <... umount2 resumed>) = 0 [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x33\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... openat resumed>) = 4 [pid 5019] umount2("\x2e\x2f\x31\x34\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] umount2("\x2e\x2f\x31\x34\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] umount2("\x2e\x2f\x31\x34\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(4, "", [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x33\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x38\x2f\x2e\x02", [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... openat resumed>) = 4 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] getdents64(4, [pid 5019] umount2("\x2e\x2f\x31\x34\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] newfstatat(4, "", [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5908] <... close resumed>) = 0 [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] getdents64(4, [pid 5015] getdents64(4, [pid 5014] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x33\x2f\x2e\x02", [pid 5019] <... openat resumed>) = 4 [pid 5019] newfstatat(4, "", [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] getdents64(4, [pid 5015] close(4 [pid 5014] umount2("\x2e\x2f\x31\x34\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] getdents64(4, [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] <... close resumed>) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5908] exit_group(0) = ? [pid 5016] close(4 [pid 5015] rmdir("\x2e\x2f\x31\x34\x35\x2f\x2e\x02" [pid 5019] getdents64(4, [pid 5016] <... close resumed>) = 0 [pid 5014] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x33\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5016] rmdir("\x2e\x2f\x31\x34\x33\x2f\x2e\x02" [pid 5015] <... rmdir resumed>) = 0 [pid 5014] <... openat resumed>) = 4 [pid 5019] close(4 [pid 5909] <... mount resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5016] <... rmdir resumed>) = 0 [pid 5015] getdents64(3, [pid 5014] newfstatat(4, "", [pid 5909] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5019] rmdir("\x2e\x2f\x31\x34\x38\x2f\x2e\x02" [pid 5016] getdents64(3, [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] close(3 [pid 5019] getdents64(3, [pid 5016] close(3 [pid 5014] getdents64(4, [pid 5909] <... openat resumed>) = 3 [pid 5908] +++ exited with 0 +++ [pid 5015] <... close resumed>) = 0 [ 170.411932][ T5909] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 170.434196][ T5909] UDF-fs: Scanning with blocksize 512 failed [ 170.450962][ T5909] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5909] chdir("\x2e\x02" [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] <... close resumed>) = 0 [pid 5015] rmdir("./145" [pid 5014] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5909] <... chdir resumed>) = 0 [pid 5019] close(3 [pid 5016] rmdir("./143" [pid 5015] <... rmdir resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5908, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5016] <... rmdir resumed>) = 0 [pid 5909] ioctl(4, LOOP_CLR_FD [pid 5017] restart_syscall(<... resuming interrupted clone ...> [pid 5019] rmdir("./148" [pid 5014] getdents64(4, [pid 5909] <... ioctl resumed>) = 0 [pid 5017] <... restart_syscall resumed>) = 0 [pid 5015] mkdir("./146", 0777 [pid 5019] <... rmdir resumed>) = 0 [pid 5909] close(4 [pid 5016] mkdir("./144", 0777 [pid 5014] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] <... mkdir resumed>) = 0 [pid 5909] <... close resumed>) = 0 [pid 5017] umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] close(4 [pid 5016] <... mkdir resumed>) = 0 [pid 5909] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5014] <... close resumed>) = 0 [pid 5019] mkdir("./149", 0777 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5014] rmdir("\x2e\x2f\x31\x34\x33\x2f\x2e\x02" [pid 5017] openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5019] <... mkdir resumed>) = 0 [pid 5014] <... rmdir resumed>) = 0 [pid 5017] <... openat resumed>) = 3 [pid 5909] <... open resumed>) = 4 [pid 5909] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5017] newfstatat(3, "", [pid 5016] <... openat resumed>) = 3 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5014] getdents64(3, [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5909] <... mount resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5909] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5019] <... openat resumed>) = 3 [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5015] <... openat resumed>) = 3 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5017] getdents64(3, [pid 5909] <... open resumed>) = 5 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5014] close(3 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] close(3 [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5014] <... close resumed>) = 0 [pid 5909] openat(AT_FDCWD, NULL, O_RDWR [pid 5019] close(3 [pid 5017] umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... close resumed>) = 0 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5909] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5019] <... close resumed>) = 0 [pid 5014] rmdir("./143" [pid 5909] ftruncate(-1, 2 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5015] close(3 [pid 5909] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5014] <... rmdir resumed>) = 0 [pid 5017] newfstatat(AT_FDCWD, "./144/binderfs", [pid 5909] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5910 [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... close resumed>) = 0 [pid 5014] mkdir("./144", 0777 [pid 5909] <... mmap resumed>) = 0x20000000 [pid 5017] unlink("./144/binderfs" [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5017] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 5910 attached [pid 5017] umount2("\x2e\x2f\x31\x34\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5909] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5910] set_robust_list(0x555557506760, 24 [pid 5909] <... open resumed>) = -1 EFAULT (Bad address) [pid 5910] <... set_robust_list resumed>) = 0 [pid 5910] chdir("./149" [pid 5909] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5017] <... umount2 resumed>) = 0 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5911 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5912 [pid 5014] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5911 attached [pid 5910] <... chdir resumed>) = 0 [pid 5909] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5017] umount2("\x2e\x2f\x31\x34\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5911] set_robust_list(0x555557506760, 24 [pid 5910] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5909] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5911] <... set_robust_list resumed>) = 0 [pid 5909] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x34\x2f\x2e\x02", ./strace-static-x86_64: Process 5912 attached [pid 5911] chdir("./144" [pid 5910] <... prctl resumed>) = 0 [pid 5909] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] <... openat resumed>) = 3 [pid 5912] set_robust_list(0x555557506760, 24 [pid 5911] <... chdir resumed>) = 0 [pid 5910] setpgid(0, 0 [pid 5909] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5017] umount2("\x2e\x2f\x31\x34\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] ioctl(3, LOOP_CLR_FD [pid 5912] <... set_robust_list resumed>) = 0 [pid 5911] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5910] <... setpgid resumed>) = 0 [pid 5909] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5912] chdir("./146" [pid 5911] <... prctl resumed>) = 0 [pid 5910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5909] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] close(3 [pid 5912] <... chdir resumed>) = 0 [pid 5911] setpgid(0, 0 [pid 5910] <... openat resumed>) = 3 [pid 5909] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5017] <... openat resumed>) = 4 [pid 5912] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5911] <... setpgid resumed>) = 0 [pid 5910] write(3, "1000", 4 [pid 5014] <... close resumed>) = 0 [pid 5912] <... prctl resumed>) = 0 [pid 5911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5910] <... write resumed>) = 4 [pid 5909] memfd_create("syzkaller", 0 [pid 5017] newfstatat(4, "", [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5912] setpgid(0, 0 [pid 5911] <... openat resumed>) = 3 [pid 5910] close(3 [pid 5909] <... memfd_create resumed>) = 6 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5912] <... setpgid resumed>) = 0 [pid 5910] <... close resumed>) = 0 [pid 5912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5910] symlink("/dev/binderfs", "./binderfs" [pid 5909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5912] <... openat resumed>) = 3 [pid 5911] write(3, "1000", 4 [pid 5910] <... symlink resumed>) = 0 [pid 5017] getdents64(4, ./strace-static-x86_64: Process 5913 attached [pid 5912] write(3, "1000", 4 [pid 5911] <... write resumed>) = 4 [pid 5910] memfd_create("syzkaller", 0 [pid 5909] <... mmap resumed>) = 0x7f362c399000 [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 5913 [pid 5913] set_robust_list(0x555557506760, 24 [pid 5912] <... write resumed>) = 4 [pid 5911] close(3 [pid 5910] <... memfd_create resumed>) = 3 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5913] <... set_robust_list resumed>) = 0 [pid 5912] close(3 [pid 5911] <... close resumed>) = 0 [pid 5910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5909] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5017] getdents64(4, [pid 5913] chdir("./144" [pid 5912] <... close resumed>) = 0 [pid 5911] symlink("/dev/binderfs", "./binderfs" [pid 5910] <... mmap resumed>) = 0x7f3634699000 [pid 5909] exit_group(0 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5913] <... chdir resumed>) = 0 [pid 5912] symlink("/dev/binderfs", "./binderfs" [pid 5911] <... symlink resumed>) = 0 [pid 5910] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5909] <... exit_group resumed>) = ? [pid 5017] close(4 [pid 5913] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5912] <... symlink resumed>) = 0 [pid 5911] memfd_create("syzkaller", 0 [pid 5909] +++ exited with 0 +++ [pid 5017] <... close resumed>) = 0 [pid 5913] <... prctl resumed>) = 0 [pid 5912] memfd_create("syzkaller", 0 [pid 5911] <... memfd_create resumed>) = 3 [pid 5017] rmdir("\x2e\x2f\x31\x34\x34\x2f\x2e\x02" [pid 5913] setpgid(0, 0 [pid 5912] <... memfd_create resumed>) = 3 [pid 5911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5909, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5913] <... setpgid resumed>) = 0 [pid 5912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5911] <... mmap resumed>) = 0x7f3634699000 [pid 5018] umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... rmdir resumed>) = 0 [pid 5913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5912] <... mmap resumed>) = 0x7f3634699000 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5913] <... openat resumed>) = 3 [pid 5912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5018] openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] getdents64(3, [pid 5913] write(3, "1000", 4 [pid 5911] <... write resumed>) = 1048576 [pid 5910] <... write resumed>) = 1048576 [pid 5018] <... openat resumed>) = 3 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5913] <... write resumed>) = 4 [pid 5911] munmap(0x7f3634699000, 1048576 [pid 5910] munmap(0x7f3634699000, 1048576 [pid 5017] close(3 [pid 5913] close(3 [pid 5911] <... munmap resumed>) = 0 [pid 5910] <... munmap resumed>) = 0 [pid 5018] newfstatat(3, "", [pid 5017] <... close resumed>) = 0 [pid 5913] <... close resumed>) = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5910] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] rmdir("./144" [pid 5913] symlink("/dev/binderfs", "./binderfs" [pid 5911] <... openat resumed>) = 4 [pid 5910] <... openat resumed>) = 4 [pid 5018] getdents64(3, [pid 5017] <... rmdir resumed>) = 0 [pid 5913] <... symlink resumed>) = 0 [pid 5912] <... write resumed>) = 1048576 [pid 5911] ioctl(4, LOOP_SET_FD, 3 [pid 5910] ioctl(4, LOOP_SET_FD, 3 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] mkdir("./145", 0777 [pid 5913] memfd_create("syzkaller", 0 [pid 5912] munmap(0x7f3634699000, 1048576 [pid 5017] <... mkdir resumed>) = 0 [pid 5913] <... memfd_create resumed>) = 3 [pid 5912] <... munmap resumed>) = 0 [pid 5911] <... ioctl resumed>) = 0 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5912] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5911] close(3 [pid 5017] <... openat resumed>) = 3 [pid 5913] <... mmap resumed>) = 0x7f3634699000 [pid 5912] <... openat resumed>) = 4 [pid 5911] <... close resumed>) = 0 [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5913] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5912] ioctl(4, LOOP_SET_FD, 3 [pid 5911] mkdir("\x2e\x02", 0777 [pid 5910] <... ioctl resumed>) = 0 [pid 5018] umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5911] <... mkdir resumed>) = 0 [pid 5910] close(3 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5910] <... close resumed>) = 0 [pid 5018] newfstatat(AT_FDCWD, "./147/binderfs", [pid 5910] mkdir("\x2e\x02", 0777 [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5910] <... mkdir resumed>) = 0 [pid 5018] unlink("./147/binderfs" [pid 5910] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5018] <... unlink resumed>) = 0 [pid 5017] close(3 [pid 5913] <... write resumed>) = 1048576 [pid 5912] <... ioctl resumed>) = 0 [pid 5911] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5017] <... close resumed>) = 0 [pid 5912] close(3 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5912] <... close resumed>) = 0 [pid 5913] munmap(0x7f3634699000, 1048576 [pid 5912] mkdir("\x2e\x02", 0777 [pid 5018] umount2("\x2e\x2f\x31\x34\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5914 [pid 5913] <... munmap resumed>) = 0 [pid 5912] <... mkdir resumed>) = 0 [ 170.629665][ T5911] loop2: detected capacity change from 0 to 2048 [ 170.637687][ T5910] loop5: detected capacity change from 0 to 2048 [ 170.649588][ T5912] loop1: detected capacity change from 0 to 2048 [ 170.660010][ T5910] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [pid 5912] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5913] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5018] <... umount2 resumed>) = 0 [pid 5913] <... openat resumed>) = 4 [pid 5018] umount2("\x2e\x2f\x31\x34\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5914 attached [pid 5913] ioctl(4, LOOP_SET_FD, 3 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5914] set_robust_list(0x555557506760, 24 [pid 5913] <... ioctl resumed>) = 0 [pid 5913] close(3) = 0 [pid 5913] mkdir("\x2e\x02", 0777 [pid 5914] <... set_robust_list resumed>) = 0 [pid 5913] <... mkdir resumed>) = 0 [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x37\x2f\x2e\x02", [pid 5913] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [pid 5914] chdir("./145" [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 170.674099][ T5911] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 170.686544][ T5913] loop0: detected capacity change from 0 to 2048 [ 170.700382][ T5910] UDF-fs: Scanning with blocksize 512 failed [ 170.707019][ T5912] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 170.718652][ T5911] UDF-fs: Scanning with blocksize 512 failed [pid 5914] <... chdir resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x34\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5914] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5910] <... mount resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5914] <... prctl resumed>) = 0 [pid 5910] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x37\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5914] setpgid(0, 0 [pid 5910] <... openat resumed>) = 3 [pid 5914] <... setpgid resumed>) = 0 [pid 5910] chdir("\x2e\x02" [pid 5018] <... openat resumed>) = 4 [pid 5914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5018] newfstatat(4, "", [pid 5910] <... chdir resumed>) = 0 [pid 5910] ioctl(4, LOOP_CLR_FD [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5914] <... openat resumed>) = 3 [pid 5018] getdents64(4, [pid 5910] <... ioctl resumed>) = 0 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5914] write(3, "1000", 4 [pid 5910] close(4) = 0 [pid 5910] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5914] <... write resumed>) = 4 [pid 5018] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5914] close(3 [pid 5018] close(4 [pid 5910] <... open resumed>) = 4 [ 170.720093][ T5910] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 170.727739][ T5913] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 170.736191][ T5912] UDF-fs: Scanning with blocksize 512 failed [ 170.756393][ T27] kauditd_printk_skb: 26 callbacks suppressed [pid 5914] <... close resumed>) = 0 [pid 5910] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5018] <... close resumed>) = 0 [pid 5914] symlink("/dev/binderfs", "./binderfs" [pid 5910] <... mount resumed>) = 0 [pid 5018] rmdir("\x2e\x2f\x31\x34\x37\x2f\x2e\x02" [pid 5914] <... symlink resumed>) = 0 [pid 5910] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5018] <... rmdir resumed>) = 0 [pid 5910] <... open resumed>) = 5 [pid 5914] memfd_create("syzkaller", 0 [pid 5018] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5910] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5018] close(3 [pid 5910] ftruncate(-1, 2 [pid 5914] <... memfd_create resumed>) = 3 [pid 5910] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5018] <... close resumed>) = 0 [pid 5914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5910] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5018] rmdir("./147") = 0 [pid 5018] mkdir("./148", 0777) = 0 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5018] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5018] close(3 [pid 5910] <... mmap resumed>) = 0x20000000 [pid 5914] <... mmap resumed>) = 0x7f3634699000 [pid 5018] <... close resumed>) = 0 [pid 5910] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5910] <... open resumed>) = -1 EFAULT (Bad address) [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5915 ./strace-static-x86_64: Process 5915 attached [pid 5915] set_robust_list(0x555557506760, 24) = 0 [pid 5915] chdir("./148") = 0 [pid 5915] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5910] memfd_create("syzkaller", 0) = 6 [pid 5915] <... prctl resumed>) = 0 [pid 5915] setpgid(0, 0) = 0 [pid 5912] <... mount resumed>) = 0 [pid 5910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5914] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5910] <... mmap resumed>) = 0x7f362c399000 [pid 5915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5915] write(3, "1000", 4) = 4 [pid 5912] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5915] close(3) = 0 [pid 5911] <... mount resumed>) = 0 [pid 5915] symlink("/dev/binderfs", "./binderfs" [pid 5911] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5915] <... symlink resumed>) = 0 [pid 5911] <... openat resumed>) = 3 [pid 5915] memfd_create("syzkaller", 0 [pid 5911] chdir("\x2e\x02" [pid 5915] <... memfd_create resumed>) = 3 [pid 5912] <... openat resumed>) = 3 [pid 5911] <... chdir resumed>) = 0 [pid 5915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5912] chdir("\x2e\x02" [pid 5911] ioctl(4, LOOP_CLR_FD [pid 5915] <... mmap resumed>) = 0x7f3634699000 [pid 5912] <... chdir resumed>) = 0 [pid 5911] <... ioctl resumed>) = 0 [pid 5912] ioctl(4, LOOP_CLR_FD [ 170.756407][ T27] audit: type=1800 audit(1692541374.418:878): pid=5910 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop5" ino=851 res=0 errno=0 [ 170.757329][ T5913] UDF-fs: Scanning with blocksize 512 failed [ 170.782432][ T5912] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 170.802997][ T5911] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 170.803709][ T5913] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5911] close(4 [pid 5912] <... ioctl resumed>) = 0 [pid 5911] <... close resumed>) = 0 [pid 5912] close(4 [pid 5911] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5912] <... close resumed>) = 0 [pid 5911] <... open resumed>) = 4 [pid 5911] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5911] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5911] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5915] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5911] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5911] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5911] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5911] memfd_create("syzkaller", 0) = 6 [pid 5911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5912] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5914] <... write resumed>) = 1048576 [pid 5912] <... open resumed>) = 4 [pid 5914] munmap(0x7f3634699000, 1048576 [pid 5912] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5912] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5915] <... write resumed>) = 1048576 [pid 5914] <... munmap resumed>) = 0 [pid 5912] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5914] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5913] <... mount resumed>) = 0 [pid 5914] <... openat resumed>) = 4 [pid 5913] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5912] ftruncate(-1, 2 [pid 5914] ioctl(4, LOOP_SET_FD, 3 [pid 5913] <... openat resumed>) = 3 [pid 5912] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [ 170.866083][ T27] audit: type=1800 audit(1692541374.528:879): pid=5911 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop2" ino=851 res=0 errno=0 [pid 5912] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5915] munmap(0x7f3634699000, 1048576 [pid 5913] chdir("\x2e\x02" [pid 5912] <... mmap resumed>) = 0x20000000 [pid 5913] <... chdir resumed>) = 0 [pid 5912] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5913] ioctl(4, LOOP_CLR_FD [pid 5912] <... open resumed>) = -1 EFAULT (Bad address) [pid 5915] <... munmap resumed>) = 0 [pid 5913] <... ioctl resumed>) = 0 [pid 5912] memfd_create("syzkaller", 0 [pid 5913] close(4 [pid 5912] <... memfd_create resumed>) = 6 [pid 5910] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5915] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5914] <... ioctl resumed>) = 0 [pid 5913] <... close resumed>) = 0 [pid 5912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5915] ioctl(4, LOOP_SET_FD, 3 [pid 5914] close(3 [pid 5913] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5912] <... mmap resumed>) = 0x7f362c399000 [pid 5914] <... close resumed>) = 0 [pid 5911] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2085289 [pid 5914] mkdir("\x2e\x02", 0777 [pid 5913] <... open resumed>) = 4 [pid 5914] <... mkdir resumed>) = 0 [pid 5913] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5914] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5913] <... mount resumed>) = 0 [ 170.908824][ T5914] loop3: detected capacity change from 0 to 2048 [ 170.927265][ T5915] loop4: detected capacity change from 0 to 2048 [pid 5913] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5915] <... ioctl resumed>) = 0 [pid 5915] close(3) = 0 [pid 5915] mkdir("\x2e\x02", 0777) = 0 [pid 5913] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5913] ftruncate(-1, 2 [pid 5915] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5913] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5913] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5913] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5913] memfd_create("syzkaller", 0) = 6 [ 170.953634][ T27] audit: type=1800 audit(1692541374.548:880): pid=5912 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop1" ino=851 res=0 errno=0 [ 170.956366][ T5914] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [pid 5913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5911] <... write resumed>) = 2085289 [pid 5912] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2089349 [pid 5911] munmap(0x7f362c399000, 2085289 [pid 5910] <... write resumed>) = 2097152 [ 171.000092][ T5915] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 171.023955][ T5915] UDF-fs: Scanning with blocksize 512 failed [pid 5913] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5912] <... write resumed>) = 2089349 [pid 5910] munmap(0x7f362c399000, 2097152 [pid 5911] <... munmap resumed>) = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 7 [pid 5911] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5911] ioctl(7, LOOP_CLR_FD) = 0 [pid 5911] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5911] close(7) = 0 [pid 5911] close(6 [pid 5910] <... munmap resumed>) = 0 [pid 5912] munmap(0x7f362c399000, 2089349 [pid 5910] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 7 [pid 5910] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5912] <... munmap resumed>) = 0 [ 171.041873][ T27] audit: type=1800 audit(1692541374.608:881): pid=5913 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop0" ino=851 res=0 errno=0 [ 171.061102][ T5914] UDF-fs: Scanning with blocksize 512 failed [pid 5912] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5910] ioctl(7, LOOP_CLR_FD) = 0 [pid 5912] <... openat resumed>) = 7 [pid 5912] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5912] ioctl(7, LOOP_CLR_FD) = 0 [pid 5910] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5910] close(7) = 0 [pid 5912] ioctl(7, LOOP_SET_FD, 6 [pid 5910] close(6 [pid 5912] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5911] <... close resumed>) = 0 [pid 5912] close(7) = 0 [pid 5911] exit_group(0 [pid 5913] <... write resumed>) = 2097152 [pid 5912] close(6 [pid 5911] <... exit_group resumed>) = ? [pid 5910] <... close resumed>) = 0 [pid 5911] +++ exited with 0 +++ [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5911, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=10 /* 0.10 s */} --- [pid 5016] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5915] <... mount resumed>) = 0 [pid 5915] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5016] umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5915] chdir("\x2e\x02" [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5915] <... chdir resumed>) = 0 [pid 5016] openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5915] ioctl(4, LOOP_CLR_FD [pid 5016] <... openat resumed>) = 3 [pid 5915] <... ioctl resumed>) = 0 [pid 5016] newfstatat(3, "", [pid 5915] close(4 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5915] <... close resumed>) = 0 [pid 5016] getdents64(3, [pid 5915] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [ 171.095522][ T5915] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5915] <... open resumed>) = 4 [pid 5016] umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5915] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5915] <... mount resumed>) = 0 [pid 5016] newfstatat(AT_FDCWD, "./144/binderfs", [pid 5915] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5915] <... open resumed>) = 5 [pid 5016] unlink("./144/binderfs" [pid 5915] openat(AT_FDCWD, NULL, O_RDWR [pid 5016] <... unlink resumed>) = 0 [pid 5915] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5016] umount2("\x2e\x2f\x31\x34\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5915] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5915] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5915] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5915] memfd_create("syzkaller", 0 [pid 5914] <... mount resumed>) = 0 [pid 5913] munmap(0x7f362c399000, 2097152 [pid 5912] <... close resumed>) = 0 [pid 5910] exit_group(0 [pid 5016] <... umount2 resumed>) = 0 [pid 5915] <... memfd_create resumed>) = 6 [pid 5914] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5016] umount2("\x2e\x2f\x31\x34\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5914] <... openat resumed>) = 3 [pid 5915] <... mmap resumed>) = 0x7f362c399000 [pid 5914] chdir("\x2e\x02" [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5914] <... chdir resumed>) = 0 [pid 5913] <... munmap resumed>) = 0 [pid 5912] exit_group(0 [pid 5910] <... exit_group resumed>) = ? [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x34\x2f\x2e\x02", [pid 5914] ioctl(4, LOOP_CLR_FD [pid 5913] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5912] <... exit_group resumed>) = ? [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5914] <... ioctl resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x34\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5914] close(4 [pid 5910] +++ exited with 0 +++ [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5914] <... close resumed>) = 0 [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 171.136154][ T27] audit: type=1800 audit(1692541374.798:882): pid=5915 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop4" ino=851 res=0 errno=0 [ 171.136406][ T5914] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5914] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5910, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5016] <... openat resumed>) = 4 [pid 5914] <... open resumed>) = 4 [pid 5913] <... openat resumed>) = 7 [pid 5912] +++ exited with 0 +++ [pid 5019] restart_syscall(<... resuming interrupted clone ...> [pid 5016] newfstatat(4, "", [pid 5914] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] <... restart_syscall resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5914] <... mount resumed>) = 0 [pid 5016] getdents64(4, [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5912, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=12 /* 0.12 s */} --- [pid 5914] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5914] <... open resumed>) = 5 [pid 5019] umount2("./149", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] getdents64(4, [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5914] openat(AT_FDCWD, NULL, O_RDWR [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5914] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5019] openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] close(4 [pid 5015] <... openat resumed>) = 3 [pid 5914] ftruncate(-1, 2 [pid 5019] <... openat resumed>) = 3 [pid 5016] <... close resumed>) = 0 [pid 5015] newfstatat(3, "", [pid 5914] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] newfstatat(3, "", [pid 5016] rmdir("\x2e\x2f\x31\x34\x34\x2f\x2e\x02" [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5914] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... rmdir resumed>) = 0 [pid 5015] getdents64(3, [pid 5914] <... mmap resumed>) = 0x20000000 [pid 5019] getdents64(3, [pid 5016] getdents64(3, [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5914] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5914] <... open resumed>) = -1 EFAULT (Bad address) [pid 5019] umount2("./149/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] close(3 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5914] memfd_create("syzkaller", 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... close resumed>) = 0 [pid 5015] newfstatat(AT_FDCWD, "./146/binderfs", [pid 5914] <... memfd_create resumed>) = 6 [pid 5019] newfstatat(AT_FDCWD, "./149/binderfs", [pid 5016] rmdir("./144" [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... rmdir resumed>) = 0 [pid 5015] unlink("./146/binderfs" [pid 5915] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5914] <... mmap resumed>) = 0x7f362c399000 [pid 5913] ioctl(7, LOOP_SET_FD, 6 [pid 5019] unlink("./149/binderfs" [pid 5016] mkdir("./145", 0777 [pid 5015] <... unlink resumed>) = 0 [pid 5913] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] <... unlink resumed>) = 0 [pid 5016] <... mkdir resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x34\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5913] ioctl(7, LOOP_CLR_FD [ 171.196318][ T27] audit: type=1800 audit(1692541374.858:883): pid=5914 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop3" ino=851 res=0 errno=0 [pid 5019] umount2("\x2e\x2f\x31\x34\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5913] <... ioctl resumed>) = 0 [pid 5019] <... umount2 resumed>) = 0 [pid 5016] <... openat resumed>) = 3 [pid 5015] <... umount2 resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x34\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5015] umount2("\x2e\x2f\x31\x34\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5915] <... write resumed>) = 2097152 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5915] munmap(0x7f362c399000, 2097152 [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x39\x2f\x2e\x02", [pid 5016] close(3 [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x36\x2f\x2e\x02", [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... close resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x34\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] umount2("\x2e\x2f\x31\x34\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5915] <... munmap resumed>) = 0 [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5916 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] <... openat resumed>) = 4 [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5019] newfstatat(4, "", [pid 5015] <... openat resumed>) = 4 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] newfstatat(4, "", [pid 5019] getdents64(4, [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] getdents64(4, [pid 5019] getdents64(4, [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] getdents64(4, [pid 5019] close(4 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5019] <... close resumed>) = 0 [pid 5015] close(4./strace-static-x86_64: Process 5916 attached [pid 5019] rmdir("\x2e\x2f\x31\x34\x39\x2f\x2e\x02" [pid 5015] <... close resumed>) = 0 [pid 5916] set_robust_list(0x555557506760, 24 [pid 5915] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5019] <... rmdir resumed>) = 0 [pid 5015] rmdir("\x2e\x2f\x31\x34\x36\x2f\x2e\x02" [pid 5916] <... set_robust_list resumed>) = 0 [pid 5915] <... openat resumed>) = 7 [pid 5913] ioctl(7, LOOP_SET_FD, 6 [pid 5019] getdents64(3, [pid 5015] <... rmdir resumed>) = 0 [pid 5916] chdir("./145" [pid 5915] ioctl(7, LOOP_SET_FD, 6 [pid 5914] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5913] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] getdents64(3, [pid 5916] <... chdir resumed>) = 0 [pid 5915] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5913] close(7 [pid 5019] close(3 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5916] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5915] ioctl(7, LOOP_CLR_FD [pid 5913] <... close resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5015] close(3 [pid 5916] <... prctl resumed>) = 0 [pid 5915] <... ioctl resumed>) = 0 [pid 5913] close(6 [pid 5019] rmdir("./149" [pid 5015] <... close resumed>) = 0 [pid 5916] setpgid(0, 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5015] rmdir("./146" [pid 5916] <... setpgid resumed>) = 0 [pid 5019] mkdir("./150", 0777 [pid 5015] <... rmdir resumed>) = 0 [pid 5916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5019] <... mkdir resumed>) = 0 [pid 5015] mkdir("./147", 0777 [pid 5916] <... openat resumed>) = 3 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5015] <... mkdir resumed>) = 0 [pid 5916] write(3, "1000", 4 [pid 5019] <... openat resumed>) = 3 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5916] <... write resumed>) = 4 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5015] <... openat resumed>) = 3 [pid 5916] close(3 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5916] <... close resumed>) = 0 [pid 5019] close(3 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5916] symlink("/dev/binderfs", "./binderfs" [pid 5019] <... close resumed>) = 0 [pid 5015] close(3 [pid 5916] <... symlink resumed>) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5015] <... close resumed>) = 0 [pid 5916] memfd_create("syzkaller", 0 [pid 5915] ioctl(7, LOOP_SET_FD, 6 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5916] <... memfd_create resumed>) = 3 [pid 5915] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5917 [pid 5916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5918 [pid 5916] <... mmap resumed>) = 0x7f3634699000 [pid 5916] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5915] close(7 [pid 5916] <... write resumed>) = 1048576 [pid 5915] <... close resumed>) = 0 [pid 5913] <... close resumed>) = 0 [pid 5915] close(6./strace-static-x86_64: Process 5917 attached [pid 5917] set_robust_list(0x555557506760, 24./strace-static-x86_64: Process 5918 attached ) = 0 [pid 5915] <... close resumed>) = 0 [pid 5913] exit_group(0 [pid 5917] chdir("./150") = 0 [pid 5917] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5918] set_robust_list(0x555557506760, 24 [pid 5915] exit_group(0 [pid 5913] <... exit_group resumed>) = ? [pid 5918] <... set_robust_list resumed>) = 0 [pid 5917] <... prctl resumed>) = 0 [pid 5917] setpgid(0, 0) = 0 [pid 5917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5913] +++ exited with 0 +++ [pid 5918] chdir("./147" [pid 5917] <... openat resumed>) = 3 [pid 5915] <... exit_group resumed>) = ? [pid 5918] <... chdir resumed>) = 0 [pid 5917] write(3, "1000", 4 [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5913, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5918] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5917] <... write resumed>) = 4 [pid 5014] restart_syscall(<... resuming interrupted clone ...> [pid 5918] <... prctl resumed>) = 0 [pid 5917] close(3 [pid 5014] <... restart_syscall resumed>) = 0 [pid 5918] setpgid(0, 0 [pid 5917] <... close resumed>) = 0 [pid 5918] <... setpgid resumed>) = 0 [pid 5917] symlink("/dev/binderfs", "./binderfs" [pid 5915] +++ exited with 0 +++ [pid 5918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5917] <... symlink resumed>) = 0 [pid 5914] <... write resumed>) = 2097152 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5915, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5014] umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5918] <... openat resumed>) = 3 [pid 5917] memfd_create("syzkaller", 0 [pid 5018] restart_syscall(<... resuming interrupted clone ...> [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5918] write(3, "1000", 4 [pid 5917] <... memfd_create resumed>) = 3 [pid 5018] <... restart_syscall resumed>) = 0 [pid 5014] openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5918] <... write resumed>) = 4 [pid 5917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5916] munmap(0x7f3634699000, 1048576 [pid 5014] <... openat resumed>) = 3 [pid 5917] <... mmap resumed>) = 0x7f3634699000 [pid 5916] <... munmap resumed>) = 0 [pid 5014] newfstatat(3, "", [pid 5918] close(3 [pid 5917] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5916] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5018] umount2("./148", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5918] <... close resumed>) = 0 [pid 5916] <... openat resumed>) = 4 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] getdents64(3, [pid 5918] symlink("/dev/binderfs", "./binderfs" [pid 5916] ioctl(4, LOOP_SET_FD, 3 [pid 5018] openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5918] <... symlink resumed>) = 0 [pid 5018] <... openat resumed>) = 3 [pid 5014] umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5918] memfd_create("syzkaller", 0 [pid 5018] newfstatat(3, "", [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5918] <... memfd_create resumed>) = 3 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] newfstatat(AT_FDCWD, "./144/binderfs", [pid 5918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] getdents64(3, [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5918] <... mmap resumed>) = 0x7f3634699000 [pid 5916] <... ioctl resumed>) = 0 [pid 5914] munmap(0x7f362c399000, 2097152 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] unlink("./144/binderfs" [pid 5018] umount2("./148/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... unlink resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(AT_FDCWD, "./148/binderfs", [pid 5014] umount2("\x2e\x2f\x31\x34\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] unlink("./148/binderfs") = 0 [pid 5018] umount2("\x2e\x2f\x31\x34\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5916] close(3) = 0 [pid 5916] mkdir("\x2e\x02", 0777) = 0 [pid 5916] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5018] <... umount2 resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x34\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x38\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5914] <... munmap resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x34\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5918] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5917] <... write resumed>) = 1048576 [pid 5914] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5018] <... openat resumed>) = 4 [pid 5917] munmap(0x7f3634699000, 1048576 [pid 5914] <... openat resumed>) = 7 [pid 5018] newfstatat(4, "", [pid 5914] ioctl(7, LOOP_SET_FD, 6 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5917] <... munmap resumed>) = 0 [pid 5914] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5018] getdents64(4, [pid 5917] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5914] ioctl(7, LOOP_CLR_FD [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5917] <... openat resumed>) = 4 [pid 5914] <... ioctl resumed>) = 0 [pid 5018] getdents64(4, [pid 5917] ioctl(4, LOOP_SET_FD, 3 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] close(4 [pid 5914] ioctl(7, LOOP_SET_FD, 6 [pid 5018] <... close resumed>) = 0 [pid 5914] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5018] rmdir("\x2e\x2f\x31\x34\x38\x2f\x2e\x02" [pid 5914] close(7) = 0 [pid 5914] close(6 [pid 5018] <... rmdir resumed>) = 0 [pid 5018] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] close(3) = 0 [ 171.415712][ T5916] loop2: detected capacity change from 0 to 2048 [ 171.444193][ T5916] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 171.457497][ T5917] loop5: detected capacity change from 0 to 2048 [pid 5018] rmdir("./148") = 0 [pid 5018] mkdir("./149", 0777 [pid 5918] <... write resumed>) = 1048576 [pid 5018] <... mkdir resumed>) = 0 [pid 5014] <... umount2 resumed>) = 0 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5918] munmap(0x7f3634699000, 1048576 [pid 5014] umount2("\x2e\x2f\x31\x34\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5917] <... ioctl resumed>) = 0 [pid 5917] close(3 [pid 5018] <... openat resumed>) = 3 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5917] <... close resumed>) = 0 [pid 5917] mkdir("\x2e\x02", 0777 [pid 5018] <... ioctl resumed>) = 0 [pid 5014] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x34\x2f\x2e\x02", [pid 5018] close(3) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5014] umount2("\x2e\x2f\x31\x34\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5919 [pid 5014] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5014] newfstatat(4, "", [pid 5918] <... munmap resumed>) = 0 [pid 5914] <... close resumed>) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5918] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5917] <... mkdir resumed>) = 0 [pid 5014] getdents64(4, [pid 5917] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5914] exit_group(0./strace-static-x86_64: Process 5919 attached [pid 5918] <... openat resumed>) = 4 [pid 5914] <... exit_group resumed>) = ? [pid 5014] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5919] set_robust_list(0x555557506760, 24 [pid 5918] ioctl(4, LOOP_SET_FD, 3 [pid 5014] getdents64(4, [pid 5919] <... set_robust_list resumed>) = 0 [pid 5919] chdir("./149") = 0 [pid 5919] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5014] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5919] setpgid(0, 0 [pid 5014] close(4 [pid 5919] <... setpgid resumed>) = 0 [pid 5918] <... ioctl resumed>) = 0 [pid 5014] <... close resumed>) = 0 [pid 5919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5918] close(3 [pid 5014] rmdir("\x2e\x2f\x31\x34\x34\x2f\x2e\x02" [pid 5919] <... openat resumed>) = 3 [pid 5918] <... close resumed>) = 0 [pid 5919] write(3, "1000", 4) = 4 [pid 5918] mkdir("\x2e\x02", 0777 [pid 5014] <... rmdir resumed>) = 0 [pid 5919] close(3) = 0 [pid 5919] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5014] getdents64(3, [pid 5919] memfd_create("syzkaller", 0 [pid 5918] <... mkdir resumed>) = 0 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5919] <... memfd_create resumed>) = 3 [pid 5918] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5014] close(3 [pid 5919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5014] <... close resumed>) = 0 [pid 5014] rmdir("./144") = 0 [ 171.477916][ T5916] UDF-fs: Scanning with blocksize 512 failed [ 171.506506][ T5918] loop1: detected capacity change from 0 to 2048 [ 171.508995][ T5917] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [pid 5014] mkdir("./145", 0777 [pid 5919] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5014] <... mkdir resumed>) = 0 [pid 5914] +++ exited with 0 +++ [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5914, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5017] umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5014] ioctl(3, LOOP_CLR_FD [pid 5017] openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5017] <... openat resumed>) = 3 [pid 5014] close(3 [pid 5017] newfstatat(3, "", [pid 5014] <... close resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5017] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 5920 [pid 5017] umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(AT_FDCWD, "./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] unlink("./145/binderfs") = 0 [ 171.538216][ T5918] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 171.539967][ T5916] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 171.556559][ T5918] UDF-fs: Scanning with blocksize 512 failed [ 171.574008][ T5917] UDF-fs: Scanning with blocksize 512 failed [pid 5017] umount2("\x2e\x2f\x31\x34\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5919] <... write resumed>) = 1048576 [pid 5919] munmap(0x7f3634699000, 1048576) = 0 [pid 5919] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5919] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5920 attached [pid 5920] set_robust_list(0x555557506760, 24) = 0 [pid 5920] chdir("./145") = 0 [pid 5920] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5920] setpgid(0, 0) = 0 [pid 5916] <... mount resumed>) = 0 [pid 5920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5916] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5920] <... openat resumed>) = 3 [pid 5916] <... openat resumed>) = 3 [pid 5017] <... umount2 resumed>) = 0 [pid 5916] chdir("\x2e\x02") = 0 [pid 5916] ioctl(4, LOOP_CLR_FD) = 0 [pid 5920] write(3, "1000", 4 [pid 5916] close(4) = 0 [ 171.585253][ T5918] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 171.592287][ T5919] loop4: detected capacity change from 0 to 2048 [ 171.613478][ T5917] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5916] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5920] <... write resumed>) = 4 [pid 5916] <... open resumed>) = 4 [pid 5017] umount2("\x2e\x2f\x31\x34\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5916] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5916] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5916] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5916] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5916] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5916] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5916] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5916] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5916] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5916] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5916] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5916] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5916] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5919] <... ioctl resumed>) = 0 [pid 5916] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5919] close(3 [pid 5916] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5919] <... close resumed>) = 0 [pid 5916] memfd_create("syzkaller", 0 [pid 5919] mkdir("\x2e\x02", 0777 [pid 5916] <... memfd_create resumed>) = 6 [pid 5919] <... mkdir resumed>) = 0 [pid 5916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5919] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5916] <... mmap resumed>) = 0x7f362c399000 [pid 5916] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5916] exit_group(0) = ? [pid 5920] close(3 [pid 5916] +++ exited with 0 +++ [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5920] <... close resumed>) = 0 [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x35\x2f\x2e\x02", [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5916, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5920] symlink("/dev/binderfs", "./binderfs" [pid 5918] <... mount resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5920] <... symlink resumed>) = 0 [pid 5918] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5017] umount2("\x2e\x2f\x31\x34\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5920] memfd_create("syzkaller", 0 [pid 5918] <... openat resumed>) = 3 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5016] openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5920] <... memfd_create resumed>) = 3 [pid 5918] chdir("\x2e\x02" [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x35\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5918] <... chdir resumed>) = 0 [pid 5017] <... openat resumed>) = 4 [pid 5016] newfstatat(3, "", [pid 5920] <... mmap resumed>) = 0x7f3634699000 [pid 5918] ioctl(4, LOOP_CLR_FD [pid 5017] newfstatat(4, "", [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5917] <... mount resumed>) = 0 [pid 5016] getdents64(3, [pid 5917] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5917] <... openat resumed>) = 3 [pid 5016] umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5917] chdir("\x2e\x02" [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5917] <... chdir resumed>) = 0 [pid 5016] newfstatat(AT_FDCWD, "./145/binderfs", [pid 5917] ioctl(4, LOOP_CLR_FD [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5917] <... ioctl resumed>) = 0 [pid 5016] unlink("./145/binderfs" [pid 5917] close(4 [pid 5016] <... unlink resumed>) = 0 [pid 5917] <... close resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x34\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5920] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5918] <... ioctl resumed>) = 0 [pid 5917] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... umount2 resumed>) = 0 [pid 5918] close(4 [pid 5917] <... open resumed>) = 4 [pid 5017] getdents64(4, [pid 5016] umount2("\x2e\x2f\x31\x34\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5918] <... close resumed>) = 0 [pid 5917] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5918] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5917] <... mount resumed>) = 0 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x35\x2f\x2e\x02", [pid 5917] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5017] getdents64(4, [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5918] <... open resumed>) = 4 [pid 5917] <... open resumed>) = 5 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [ 171.626354][ T27] audit: type=1800 audit(1692541375.288:884): pid=5916 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop2" ino=851 res=0 errno=0 [ 171.655219][ T5919] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [pid 5918] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5917] openat(AT_FDCWD, NULL, O_RDWR [pid 5017] close(4 [pid 5016] umount2("\x2e\x2f\x31\x34\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5918] <... mount resumed>) = 0 [pid 5917] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5017] <... close resumed>) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5920] <... write resumed>) = 1048576 [pid 5918] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5917] ftruncate(-1, 2 [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x35\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5920] munmap(0x7f3634699000, 1048576 [pid 5918] <... open resumed>) = 5 [pid 5917] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5017] rmdir("\x2e\x2f\x31\x34\x35\x2f\x2e\x02" [pid 5016] <... openat resumed>) = 4 [pid 5918] openat(AT_FDCWD, NULL, O_RDWR [pid 5917] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5016] newfstatat(4, "", [pid 5918] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5917] <... mmap resumed>) = 0x20000000 [pid 5017] <... rmdir resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5918] ftruncate(-1, 2 [pid 5917] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5016] getdents64(4, [pid 5918] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5917] <... open resumed>) = -1 EFAULT (Bad address) [pid 5017] getdents64(3, [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5918] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5917] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5016] getdents64(4, [pid 5917] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5917] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5016] close(4 [pid 5918] <... mmap resumed>) = 0x20000000 [pid 5917] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] <... close resumed>) = 0 [pid 5918] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5917] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5920] <... munmap resumed>) = 0 [pid 5017] close(3 [pid 5016] rmdir("\x2e\x2f\x31\x34\x35\x2f\x2e\x02" [pid 5920] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5918] <... open resumed>) = -1 EFAULT (Bad address) [pid 5917] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5017] <... close resumed>) = 0 [pid 5016] <... rmdir resumed>) = 0 [pid 5918] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5917] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5017] rmdir("./145" [pid 5016] getdents64(3, [pid 5920] <... openat resumed>) = 4 [pid 5918] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5917] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5920] ioctl(4, LOOP_SET_FD, 3 [pid 5918] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5917] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5017] <... rmdir resumed>) = 0 [pid 5016] close(3 [pid 5918] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5917] memfd_create("syzkaller", 0 [pid 5017] mkdir("./146", 0777 [pid 5016] <... close resumed>) = 0 [pid 5917] <... memfd_create resumed>) = 6 [pid 5016] rmdir("./145" [pid 5917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5016] <... rmdir resumed>) = 0 [pid 5917] <... mmap resumed>) = 0x7f362c399000 [ 171.691652][ T27] audit: type=1800 audit(1692541375.348:885): pid=5917 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop5" ino=851 res=0 errno=0 [ 171.713431][ T5919] UDF-fs: Scanning with blocksize 512 failed [ 171.731258][ T5920] loop0: detected capacity change from 0 to 2048 [pid 5016] mkdir("./146", 0777 [pid 5017] <... mkdir resumed>) = 0 [pid 5016] <... mkdir resumed>) = 0 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5016] <... openat resumed>) = 3 [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5017] <... openat resumed>) = 3 [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5016] close(3 [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5016] <... close resumed>) = 0 [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5017] close(3) = 0 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5921 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5920] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 5921 attached [ 171.734258][ T5917] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2 [ 171.758544][ T5919] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5921] set_robust_list(0x555557506760, 24 [pid 5920] close(3 [pid 5918] memfd_create("syzkaller", 0 [pid 5917] munmap(0x7f362c399000, 138412032./strace-static-x86_64: Process 5922 attached [pid 5922] set_robust_list(0x555557506760, 24) = 0 [pid 5922] chdir("./146" [pid 5921] <... set_robust_list resumed>) = 0 [pid 5920] <... close resumed>) = 0 [pid 5917] <... munmap resumed>) = 0 [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5922 [pid 5920] mkdir("\x2e\x02", 0777 [pid 5921] chdir("./146" [pid 5918] <... memfd_create resumed>) = 6 [pid 5919] <... mount resumed>) = 0 [pid 5920] <... mkdir resumed>) = 0 [pid 5919] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5921] <... chdir resumed>) = 0 [pid 5917] close(6 [pid 5919] <... openat resumed>) = 3 [pid 5919] chdir("\x2e\x02") = 0 [pid 5918] <... mmap resumed>) = 0x7f362c399000 [pid 5921] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5919] ioctl(4, LOOP_CLR_FD [pid 5917] <... close resumed>) = 0 [pid 5919] <... ioctl resumed>) = 0 [pid 5919] close(4) = 0 [pid 5919] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5922] <... chdir resumed>) = 0 [pid 5922] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5922] setpgid(0, 0) = 0 [pid 5922] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5922] write(3, "1000", 4) = 4 [pid 5922] close(3) = 0 [pid 5922] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5922] memfd_create("syzkaller", 0) = 3 [pid 5922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5921] <... prctl resumed>) = 0 [pid 5919] <... open resumed>) = 4 [pid 5917] exit_group(0 [pid 5920] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [pid 5921] setpgid(0, 0 [pid 5919] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5917] <... exit_group resumed>) = ? [pid 5919] <... mount resumed>) = 0 [pid 5919] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5921] <... setpgid resumed>) = 0 [pid 5921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5921] write(3, "1000", 4) = 4 [pid 5921] close(3) = 0 [ 171.774541][ T27] audit: type=1800 audit(1692541375.348:886): pid=5918 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop1" ino=851 res=0 errno=0 [pid 5921] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5921] memfd_create("syzkaller", 0) = 3 [pid 5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5922] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5919] <... open resumed>) = 5 [pid 5917] +++ exited with 0 +++ [pid 5919] openat(AT_FDCWD, NULL, O_RDWR [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5917, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5919] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5919] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5922] <... write resumed>) = 1048576 [pid 5919] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5919] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5019] umount2("./150", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5919] memfd_create("syzkaller", 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5919] <... memfd_create resumed>) = 6 [pid 5019] openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] <... openat resumed>) = 3 [pid 5919] <... mmap resumed>) = 0x7f362c399000 [pid 5019] newfstatat(3, "", [pid 5921] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5019] umount2("./150/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] newfstatat(AT_FDCWD, "./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] unlink("./150/binderfs") = 0 [pid 5019] umount2("\x2e\x2f\x31\x35\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5918] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5019] <... umount2 resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x35\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x30\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5922] munmap(0x7f3634699000, 1048576 [pid 5019] umount2("\x2e\x2f\x31\x35\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5922] <... munmap resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5922] openat(AT_FDCWD, "/dev/loop3", O_RDWR [ 171.849609][ T5920] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [pid 5019] newfstatat(4, "", [pid 5922] <... openat resumed>) = 4 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5922] ioctl(4, LOOP_SET_FD, 3 [pid 5019] getdents64(4, [pid 5921] <... write resumed>) = 1048576 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5019] getdents64(4, [pid 5921] munmap(0x7f3634699000, 1048576 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5019] close(4) = 0 [pid 5019] rmdir("\x2e\x2f\x31\x35\x30\x2f\x2e\x02") = 0 [pid 5921] <... munmap resumed>) = 0 [pid 5019] getdents64(3, [pid 5921] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5019] close(3 [pid 5921] <... openat resumed>) = 4 [pid 5019] <... close resumed>) = 0 [pid 5019] rmdir("./150" [pid 5921] ioctl(4, LOOP_SET_FD, 3 [pid 5019] <... rmdir resumed>) = 0 [pid 5019] mkdir("./151", 0777) = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5922] <... ioctl resumed>) = 0 [pid 5922] close(3) = 0 [pid 5922] mkdir("\x2e\x02", 0777) = 0 [pid 5921] <... ioctl resumed>) = 0 [pid 5922] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5921] close(3) = 0 [pid 5919] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [ 171.901744][ T5922] loop3: detected capacity change from 0 to 2048 [ 171.904046][ T5920] UDF-fs: Scanning with blocksize 512 failed [ 171.908488][ T27] audit: type=1800 audit(1692541375.478:887): pid=5919 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop4" ino=851 res=0 errno=0 [ 171.941945][ T5921] loop2: detected capacity change from 0 to 2048 [pid 5921] mkdir("\x2e\x02", 0777) = 0 [pid 5921] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5019] <... openat resumed>) = 3 [pid 5918] <... write resumed>) = 2097152 [pid 5019] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5019] close(3 [pid 5918] munmap(0x7f362c399000, 2097152 [pid 5019] <... close resumed>) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 5923 [pid 5918] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 5923 attached [pid 5918] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5923] set_robust_list(0x555557506760, 24) = 0 [pid 5923] chdir("./151" [pid 5918] <... openat resumed>) = 7 [pid 5923] <... chdir resumed>) = 0 [pid 5918] ioctl(7, LOOP_SET_FD, 6 [pid 5923] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5918] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5923] <... prctl resumed>) = 0 [pid 5918] ioctl(7, LOOP_CLR_FD [pid 5923] setpgid(0, 0 [pid 5918] <... ioctl resumed>) = 0 [ 171.987227][ T5922] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 171.987481][ T5921] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 172.017272][ T5922] UDF-fs: Scanning with blocksize 512 failed [ 172.018686][ T5920] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [pid 5923] <... setpgid resumed>) = 0 [pid 5919] <... write resumed>) = 2097152 [pid 5919] munmap(0x7f362c399000, 2097152 [pid 5923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5923] write(3, "1000", 4 [pid 5918] ioctl(7, LOOP_SET_FD, 6 [pid 5923] <... write resumed>) = 4 [pid 5918] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5919] <... munmap resumed>) = 0 [pid 5919] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 7 [pid 5919] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5919] ioctl(7, LOOP_CLR_FD [pid 5923] close(3 [pid 5919] <... ioctl resumed>) = 0 [pid 5918] close(7 [pid 5923] <... close resumed>) = 0 [pid 5918] <... close resumed>) = 0 [pid 5919] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5919] close(7) = 0 [pid 5919] close(6 [pid 5923] symlink("/dev/binderfs", "./binderfs" [pid 5918] close(6 [pid 5923] <... symlink resumed>) = 0 [pid 5923] memfd_create("syzkaller", 0) = 3 [pid 5923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5922] <... mount resumed>) = 0 [pid 5922] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5922] chdir("\x2e\x02") = 0 [pid 5922] ioctl(4, LOOP_CLR_FD) = 0 [pid 5922] close(4 [pid 5923] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5922] <... close resumed>) = 0 [pid 5922] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [ 172.056759][ T5921] UDF-fs: Scanning with blocksize 512 failed [ 172.067142][ T5922] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 172.080012][ T5920] UDF-fs: Scanning with blocksize 1024 failed [ 172.090673][ T5920] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [pid 5922] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5922] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5922] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5922] ftruncate(-1, 2 [pid 5919] <... close resumed>) = 0 [pid 5922] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5919] exit_group(0 [pid 5922] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5919] <... exit_group resumed>) = ? [pid 5922] <... mmap resumed>) = 0x20000000 [pid 5918] <... close resumed>) = 0 [pid 5922] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5919] +++ exited with 0 +++ [pid 5922] <... open resumed>) = -1 EFAULT (Bad address) [pid 5922] memfd_create("syzkaller", 0 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5919, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5918] exit_group(0 [pid 5018] umount2("./149", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5918] <... exit_group resumed>) = ? [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5923] <... write resumed>) = 1048576 [pid 5918] +++ exited with 0 +++ [pid 5018] openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5923] munmap(0x7f3634699000, 1048576 [pid 5922] <... memfd_create resumed>) = 6 [pid 5018] <... openat resumed>) = 3 [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5918, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] newfstatat(3, "", [pid 5015] restart_syscall(<... resuming interrupted clone ...> [pid 5923] <... munmap resumed>) = 0 [pid 5922] <... mmap resumed>) = 0x7f362c399000 [pid 5921] <... mount resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... restart_syscall resumed>) = 0 [pid 5923] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5921] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5018] getdents64(3, [pid 5923] <... openat resumed>) = 4 [pid 5921] <... openat resumed>) = 3 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5923] ioctl(4, LOOP_SET_FD, 3 [pid 5921] chdir("\x2e\x02" [ 172.136574][ T5921] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 172.157499][ T5920] UDF-fs: Scanning with blocksize 2048 failed [pid 5018] umount2("./149/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(AT_FDCWD, "./149/binderfs", [pid 5015] openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... openat resumed>) = 3 [pid 5018] unlink("./149/binderfs" [pid 5015] newfstatat(3, "", [pid 5018] <... unlink resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] umount2("\x2e\x2f\x31\x34\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] getdents64(3, [pid 5921] <... chdir resumed>) = 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5923] <... ioctl resumed>) = 0 [pid 5921] ioctl(4, LOOP_CLR_FD [pid 5018] <... umount2 resumed>) = 0 [pid 5015] umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5923] close(3 [pid 5921] <... ioctl resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x34\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5923] <... close resumed>) = 0 [pid 5921] close(4 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(AT_FDCWD, "./147/binderfs", [pid 5923] mkdir("\x2e\x02", 0777 [pid 5921] <... close resumed>) = 0 [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x39\x2f\x2e\x02", [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5923] <... mkdir resumed>) = 0 [pid 5921] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] unlink("./147/binderfs" [pid 5923] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5921] <... open resumed>) = 4 [pid 5018] umount2("\x2e\x2f\x31\x34\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... unlink resumed>) = 0 [pid 5921] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] umount2("\x2e\x2f\x31\x34\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5921] <... mount resumed>) = 0 [ 172.188211][ T5923] loop5: detected capacity change from 0 to 2048 [ 172.204147][ T5920] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5018] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5018] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] close(4) = 0 [pid 5018] rmdir("\x2e\x2f\x31\x34\x39\x2f\x2e\x02") = 0 [pid 5018] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] close(3) = 0 [pid 5018] rmdir("./149" [pid 5921] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5018] <... rmdir resumed>) = 0 [pid 5921] <... open resumed>) = 5 [pid 5018] mkdir("./150", 0777 [pid 5921] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] <... mkdir resumed>) = 0 [pid 5921] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5921] ftruncate(-1, 2 [pid 5018] <... openat resumed>) = 3 [pid 5921] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5921] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5015] <... umount2 resumed>) = 0 [pid 5921] <... mmap resumed>) = 0x20000000 [pid 5018] close(3 [pid 5921] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5018] <... close resumed>) = 0 [pid 5921] <... open resumed>) = -1 EFAULT (Bad address) [pid 5920] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5015] umount2("\x2e\x2f\x31\x34\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5921] memfd_create("syzkaller", 0) = 6 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5924 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x37\x2f\x2e\x02", ./strace-static-x86_64: Process 5924 attached [pid 5924] set_robust_list(0x555557506760, 24) = 0 [pid 5924] chdir("./150") = 0 [pid 5924] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5924] setpgid(0, 0) = 0 [pid 5924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5921] <... mmap resumed>) = 0x7f362c399000 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5924] <... openat resumed>) = 3 [pid 5015] umount2("\x2e\x2f\x31\x34\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5924] write(3, "1000", 4) = 4 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5924] close(3 [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x37\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5924] <... close resumed>) = 0 [pid 5924] symlink("/dev/binderfs", "./binderfs" [pid 5015] <... openat resumed>) = 4 [pid 5924] <... symlink resumed>) = 0 [pid 5924] memfd_create("syzkaller", 0 [pid 5015] newfstatat(4, "", [pid 5924] <... memfd_create resumed>) = 3 [pid 5924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5924] <... mmap resumed>) = 0x7f3634699000 [pid 5920] ioctl(4, LOOP_CLR_FD [pid 5015] getdents64(4, [pid 5924] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5920] <... ioctl resumed>) = 0 [pid 5920] close(4 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5922] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5920] <... close resumed>) = 0 [ 172.229414][ T5923] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 172.256623][ T5920] UDF-fs: Scanning with blocksize 4096 failed [ 172.267364][ T5923] UDF-fs: Scanning with blocksize 512 failed [pid 5920] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 3 [pid 5920] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5920] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 5920] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5920] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5920] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 5920] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5015] getdents64(4, [pid 5920] <... open resumed>) = -1 EFAULT (Bad address) [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5920] memfd_create("syzkaller", 0 [pid 5015] close(4 [pid 5920] <... memfd_create resumed>) = 5 [pid 5920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5015] <... close resumed>) = 0 [pid 5920] <... mmap resumed>) = 0x7f362c399000 [pid 5015] rmdir("\x2e\x2f\x31\x34\x37\x2f\x2e\x02" [pid 5924] <... write resumed>) = 1048576 [pid 5923] <... mount resumed>) = 0 [pid 5015] <... rmdir resumed>) = 0 [pid 5923] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5924] munmap(0x7f3634699000, 1048576 [pid 5015] getdents64(3, [pid 5923] <... openat resumed>) = 3 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5923] chdir("\x2e\x02" [pid 5924] <... munmap resumed>) = 0 [pid 5015] close(3) = 0 [pid 5015] rmdir("./147" [pid 5923] <... chdir resumed>) = 0 [pid 5015] <... rmdir resumed>) = 0 [pid 5923] ioctl(4, LOOP_CLR_FD [pid 5015] mkdir("./148", 0777) = 0 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5923] <... ioctl resumed>) = 0 [pid 5015] <... openat resumed>) = 3 [ 172.293898][ T5923] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5923] close(4 [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5923] <... close resumed>) = 0 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5923] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5015] close(3) = 0 [pid 5923] <... open resumed>) = 4 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5923] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5924] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5924] ioctl(4, LOOP_SET_FD, 3 [pid 5923] <... mount resumed>) = 0 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5925 ./strace-static-x86_64: Process 5925 attached [pid 5923] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5925] set_robust_list(0x555557506760, 24 [pid 5923] <... open resumed>) = 5 [pid 5925] <... set_robust_list resumed>) = 0 [pid 5923] openat(AT_FDCWD, NULL, O_RDWR [pid 5921] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5925] chdir("./148" [pid 5923] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5925] <... chdir resumed>) = 0 [pid 5923] ftruncate(-1, 2 [pid 5925] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5923] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5925] <... prctl resumed>) = 0 [pid 5923] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5925] setpgid(0, 0 [pid 5923] <... mmap resumed>) = 0x20000000 [pid 5922] <... write resumed>) = 2097152 [pid 5925] <... setpgid resumed>) = 0 [pid 5923] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5923] <... open resumed>) = -1 EFAULT (Bad address) [pid 5922] munmap(0x7f362c399000, 2097152 [pid 5923] memfd_create("syzkaller", 0 [pid 5925] <... openat resumed>) = 3 [pid 5923] <... memfd_create resumed>) = 6 [pid 5925] write(3, "1000", 4 [pid 5923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5925] <... write resumed>) = 4 [pid 5923] <... mmap resumed>) = 0x7f362c399000 [pid 5922] <... munmap resumed>) = 0 [pid 5925] close(3 [pid 5924] <... ioctl resumed>) = 0 [pid 5924] close(3) = 0 [pid 5924] mkdir("\x2e\x02", 0777 [pid 5925] <... close resumed>) = 0 [pid 5924] <... mkdir resumed>) = 0 [pid 5925] symlink("/dev/binderfs", "./binderfs" [pid 5924] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5920] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5925] <... symlink resumed>) = 0 [pid 5925] memfd_create("syzkaller", 0 [pid 5922] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5925] <... memfd_create resumed>) = 3 [pid 5922] <... openat resumed>) = 7 [pid 5925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5922] ioctl(7, LOOP_SET_FD, 6 [ 172.360950][ T5924] loop4: detected capacity change from 0 to 2048 [pid 5925] <... mmap resumed>) = 0x7f3634699000 [pid 5922] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5925] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5922] ioctl(7, LOOP_CLR_FD [pid 5921] <... write resumed>) = 2097152 [pid 5922] <... ioctl resumed>) = 0 [pid 5922] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5922] close(7) = 0 [pid 5922] close(6) = 0 [pid 5921] munmap(0x7f362c399000, 2097152 [ 172.435071][ T5924] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [pid 5923] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5921] <... munmap resumed>) = 0 [pid 5925] <... write resumed>) = 1048576 [pid 5922] exit_group(0 [pid 5921] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5925] munmap(0x7f3634699000, 1048576 [pid 5922] <... exit_group resumed>) = ? [pid 5921] <... openat resumed>) = 7 [pid 5925] <... munmap resumed>) = 0 [pid 5922] +++ exited with 0 +++ [pid 5921] ioctl(7, LOOP_SET_FD, 6 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5922, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 5925] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5921] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5920] <... write resumed>) = 2097152 [pid 5925] <... openat resumed>) = 4 [pid 5921] ioctl(7, LOOP_CLR_FD [pid 5920] munmap(0x7f362c399000, 2097152 [pid 5925] ioctl(4, LOOP_SET_FD, 3 [pid 5921] <... ioctl resumed>) = 0 [pid 5017] umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5017] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(AT_FDCWD, "./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] unlink("./146/binderfs" [pid 5921] ioctl(7, LOOP_SET_FD, 6 [pid 5920] <... munmap resumed>) = 0 [pid 5017] <... unlink resumed>) = 0 [pid 5925] <... ioctl resumed>) = 0 [pid 5921] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [ 172.475513][ T5924] UDF-fs: Scanning with blocksize 512 failed [ 172.513394][ T5925] loop1: detected capacity change from 0 to 2048 [pid 5920] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5017] umount2("\x2e\x2f\x31\x34\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5925] close(3 [pid 5923] <... write resumed>) = 2097152 [pid 5921] close(7 [pid 5920] <... openat resumed>) = 6 [pid 5925] <... close resumed>) = 0 [pid 5923] munmap(0x7f362c399000, 2097152 [pid 5921] <... close resumed>) = 0 [pid 5920] ioctl(6, LOOP_SET_FD, 5 [pid 5925] mkdir("\x2e\x02", 0777 [pid 5923] <... munmap resumed>) = 0 [pid 5921] close(6 [pid 5920] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5925] <... mkdir resumed>) = 0 [pid 5924] <... mount resumed>) = 0 [pid 5921] <... close resumed>) = 0 [pid 5920] ioctl(6, LOOP_CLR_FD [pid 5017] <... umount2 resumed>) = 0 [pid 5925] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5920] <... ioctl resumed>) = 0 [pid 5924] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5017] umount2("\x2e\x2f\x31\x34\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5923] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 7 [pid 5923] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5923] ioctl(7, LOOP_CLR_FD [pid 5920] ioctl(6, LOOP_SET_FD, 5 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5923] <... ioctl resumed>) = 0 [pid 5920] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5921] exit_group(0 [pid 5920] close(6 [pid 5924] <... openat resumed>) = 3 [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x36\x2f\x2e\x02", [pid 5924] chdir("\x2e\x02" [pid 5921] <... exit_group resumed>) = ? [pid 5920] <... close resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5924] <... chdir resumed>) = 0 [pid 5921] +++ exited with 0 +++ [pid 5920] close(5 [pid 5924] ioctl(4, LOOP_CLR_FD [pid 5923] ioctl(7, LOOP_SET_FD, 6 [pid 5017] umount2("\x2e\x2f\x31\x34\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5923] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5923] close(7) = 0 [pid 5923] close(6 [pid 5924] <... ioctl resumed>) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5921, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 5924] close(4 [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5924] <... close resumed>) = 0 [pid 5017] <... openat resumed>) = 4 [pid 5924] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5920] <... close resumed>) = 0 [pid 5017] newfstatat(4, "", [pid 5016] umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5924] <... open resumed>) = 4 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 172.526624][ T5924] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 172.552038][ T5925] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [pid 5924] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5920] exit_group(0 [pid 5017] getdents64(4, [pid 5016] openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5924] <... mount resumed>) = 0 [pid 5920] <... exit_group resumed>) = ? [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5016] <... openat resumed>) = 3 [pid 5924] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5920] +++ exited with 0 +++ [pid 5017] getdents64(4, [pid 5016] newfstatat(3, "", [pid 5924] <... open resumed>) = 5 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5920, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 5924] openat(AT_FDCWD, NULL, O_RDWR [pid 5017] close(4 [pid 5016] getdents64(3, [pid 5924] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5017] <... close resumed>) = 0 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5924] ftruncate(-1, 2 [pid 5017] rmdir("\x2e\x2f\x31\x34\x36\x2f\x2e\x02" [pid 5016] umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5924] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5924] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5017] <... rmdir resumed>) = 0 [pid 5016] newfstatat(AT_FDCWD, "./146/binderfs", [pid 5924] <... mmap resumed>) = 0x20000000 [pid 5923] <... close resumed>) = 0 [pid 5017] getdents64(3, [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5924] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5923] exit_group(0 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] unlink("./146/binderfs" [pid 5014] umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5924] <... open resumed>) = -1 EFAULT (Bad address) [pid 5923] <... exit_group resumed>) = ? [pid 5017] close(3 [pid 5016] <... unlink resumed>) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5924] memfd_create("syzkaller", 0 [pid 5923] +++ exited with 0 +++ [pid 5017] <... close resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x34\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5924] <... memfd_create resumed>) = 6 [pid 5017] rmdir("./146" [pid 5016] <... umount2 resumed>) = 0 [pid 5014] <... openat resumed>) = 3 [pid 5924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5923, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 5017] <... rmdir resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x34\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] newfstatat(3, "", [pid 5924] <... mmap resumed>) = 0x7f362c399000 [pid 5019] restart_syscall(<... resuming interrupted clone ...> [pid 5017] mkdir("./147", 0777 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] <... restart_syscall resumed>) = 0 [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x36\x2f\x2e\x02", [pid 5014] getdents64(3, [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 5 entries */, 32768) = 128 [pid 5016] umount2("\x2e\x2f\x31\x34\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] umount2("./145/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] umount2("./151", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5019] openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] <... openat resumed>) = 4 [pid 5019] <... openat resumed>) = 3 [pid 5016] newfstatat(4, "", [pid 5019] newfstatat(3, "", [pid 5017] <... mkdir resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] getdents64(4, [pid 5019] getdents64(3, [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] getdents64(4, [pid 5019] umount2("./151/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] close(4 [pid 5019] newfstatat(AT_FDCWD, "./151/binderfs", [pid 5016] <... close resumed>) = 0 [ 172.594319][ T5925] UDF-fs: Scanning with blocksize 512 failed [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5016] rmdir("\x2e\x2f\x31\x34\x36\x2f\x2e\x02" [pid 5014] <... umount2 resumed>) = 0 [pid 5019] unlink("./151/binderfs" [pid 5016] <... rmdir resumed>) = 0 [pid 5014] umount2("./145/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... unlink resumed>) = 0 [pid 5016] getdents64(3, [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] umount2("\x2e\x2f\x31\x35\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] newfstatat(AT_FDCWD, "./145/bus", [pid 5016] close(3 [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... close resumed>) = 0 [pid 5014] unlink("./145/bus" [pid 5016] rmdir("./146" [pid 5014] <... unlink resumed>) = 0 [pid 5016] <... rmdir resumed>) = 0 [pid 5014] umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] mkdir("./147", 0777 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... openat resumed>) = 3 [pid 5016] <... mkdir resumed>) = 0 [pid 5014] newfstatat(AT_FDCWD, "./145/binderfs", [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5016] <... openat resumed>) = 3 [pid 5014] unlink("./145/binderfs" [pid 5017] close(3 [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5014] <... unlink resumed>) = 0 [pid 5017] <... close resumed>) = 0 [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5014] umount2("\x2e\x2f\x31\x34\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... umount2 resumed>) = 0 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5016] close(3 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] umount2("\x2e\x2f\x31\x35\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... close resumed>) = 0 [pid 5014] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x35\x2f\x2e\x02", [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x31\x2f\x2e\x02", [pid 5014] umount2("\x2e\x2f\x31\x34\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5926 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5927 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] umount2("\x2e\x2f\x31\x35\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x35\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... openat resumed>) = 4 [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x31\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] newfstatat(4, "", ./strace-static-x86_64: Process 5926 attached [pid 5019] <... openat resumed>) = 4 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5926] set_robust_list(0x555557506760, 24 [pid 5019] newfstatat(4, "", [pid 5014] getdents64(4, [pid 5926] <... set_robust_list resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5926] chdir("./147" [pid 5925] <... mount resumed>) = 0 [pid 5019] getdents64(4, [pid 5014] getdents64(4, [pid 5926] <... chdir resumed>) = 0 [pid 5925] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5014] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5926] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5925] <... openat resumed>) = 3 [pid 5019] getdents64(4, [pid 5014] close(4 [pid 5926] <... prctl resumed>) = 0 [pid 5925] chdir("\x2e\x02" [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5014] <... close resumed>) = 0 [pid 5926] setpgid(0, 0 [pid 5925] <... chdir resumed>) = 0 [pid 5019] close(4 [pid 5014] rmdir("\x2e\x2f\x31\x34\x35\x2f\x2e\x02" [pid 5926] <... setpgid resumed>) = 0 [pid 5925] ioctl(4, LOOP_CLR_FD [pid 5019] <... close resumed>) = 0 [pid 5014] <... rmdir resumed>) = 0 [pid 5926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5925] <... ioctl resumed>) = 0 [pid 5019] rmdir("\x2e\x2f\x31\x35\x31\x2f\x2e\x02" [pid 5014] getdents64(3, [pid 5926] <... openat resumed>) = 3 [pid 5925] close(4 [pid 5019] <... rmdir resumed>) = 0 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5926] write(3, "1000", 4 [pid 5925] <... close resumed>) = 0 [pid 5019] getdents64(3, [pid 5014] close(3 [pid 5926] <... write resumed>) = 4 [pid 5925] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] <... close resumed>) = 0 ./strace-static-x86_64: Process 5927 attached [pid 5926] close(3 [pid 5925] <... open resumed>) = 4 [pid 5019] close(3 [pid 5014] rmdir("./145" [pid 5927] set_robust_list(0x555557506760, 24 [pid 5926] <... close resumed>) = 0 [pid 5925] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] <... close resumed>) = 0 [pid 5014] <... rmdir resumed>) = 0 [pid 5927] <... set_robust_list resumed>) = 0 [pid 5926] symlink("/dev/binderfs", "./binderfs" [pid 5925] <... mount resumed>) = 0 [pid 5019] rmdir("./151" [pid 5014] mkdir("./146", 0777 [pid 5927] chdir("./147" [pid 5926] <... symlink resumed>) = 0 [ 172.647023][ T5925] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5925] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5019] <... rmdir resumed>) = 0 [pid 5014] <... mkdir resumed>) = 0 [pid 5927] <... chdir resumed>) = 0 [pid 5926] memfd_create("syzkaller", 0 [pid 5925] <... open resumed>) = 5 [pid 5019] mkdir("./152", 0777 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5927] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5926] <... memfd_create resumed>) = 3 [pid 5925] openat(AT_FDCWD, NULL, O_RDWR [pid 5019] <... mkdir resumed>) = 0 [pid 5014] <... openat resumed>) = 3 [pid 5927] <... prctl resumed>) = 0 [pid 5926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5925] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5014] ioctl(3, LOOP_CLR_FD [pid 5927] setpgid(0, 0 [pid 5926] <... mmap resumed>) = 0x7f3634699000 [pid 5925] ftruncate(-1, 2 [pid 5019] <... openat resumed>) = 3 [pid 5014] <... ioctl resumed>) = 0 [pid 5927] <... setpgid resumed>) = 0 [pid 5926] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5925] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5924] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5014] close(3 [pid 5927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5926] <... write resumed>) = 1048576 [pid 5925] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5014] <... close resumed>) = 0 [pid 5927] <... openat resumed>) = 3 [pid 5925] <... mmap resumed>) = 0x20000000 [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5927] write(3, "1000", 4 [pid 5925] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5927] <... write resumed>) = 4 [pid 5925] <... open resumed>) = -1 EFAULT (Bad address) [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 5928 [pid 5927] close(3 [pid 5925] memfd_create("syzkaller", 0 [pid 5927] <... close resumed>) = 0 [pid 5925] <... memfd_create resumed>) = 6 [pid 5927] symlink("/dev/binderfs", "./binderfs" [pid 5925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5927] <... symlink resumed>) = 0 [pid 5925] <... mmap resumed>) = 0x7f362c399000 ./strace-static-x86_64: Process 5928 attached [pid 5927] memfd_create("syzkaller", 0 [pid 5928] set_robust_list(0x555557506760, 24 [pid 5927] <... memfd_create resumed>) = 3 [pid 5928] <... set_robust_list resumed>) = 0 [pid 5927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5928] chdir("./146" [pid 5927] <... mmap resumed>) = 0x7f3634699000 [pid 5928] <... chdir resumed>) = 0 [pid 5928] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5928] setpgid(0, 0) = 0 [pid 5928] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5928] write(3, "1000", 4) = 4 [pid 5928] close(3) = 0 [pid 5928] symlink("/dev/binderfs", "./binderfs" [pid 5927] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5928] <... symlink resumed>) = 0 [pid 5928] memfd_create("syzkaller", 0 [pid 5926] munmap(0x7f3634699000, 1048576 [pid 5928] <... memfd_create resumed>) = 3 [pid 5928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5926] <... munmap resumed>) = 0 [pid 5928] <... mmap resumed>) = 0x7f3634699000 [pid 5926] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5926] ioctl(4, LOOP_SET_FD, 3 [pid 5927] <... write resumed>) = 1048576 [pid 5927] munmap(0x7f3634699000, 1048576 [pid 5928] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5019] <... ioctl resumed>) = 0 [pid 5019] close(3 [pid 5927] <... munmap resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5927] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5926] <... ioctl resumed>) = 0 [pid 5925] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5924] <... write resumed>) = 2097152 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5928] <... write resumed>) = 1048576 [pid 5927] <... openat resumed>) = 4 [pid 5926] close(3./strace-static-x86_64: Process 5929 attached [pid 5927] ioctl(4, LOOP_SET_FD, 3 [pid 5926] <... close resumed>) = 0 [ 172.777139][ T5926] loop3: detected capacity change from 0 to 2048 [pid 5924] munmap(0x7f362c399000, 2097152 [pid 5929] set_robust_list(0x555557506760, 24 [pid 5926] mkdir("\x2e\x02", 0777) = 0 [pid 5926] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5928] munmap(0x7f3634699000, 1048576) = 0 [pid 5928] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5929] <... set_robust_list resumed>) = 0 [pid 5927] <... ioctl resumed>) = 0 [pid 5925] <... write resumed>) = 2097152 [pid 5924] <... munmap resumed>) = 0 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5929 [pid 5929] chdir("./152" [pid 5927] close(3 [pid 5924] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5929] <... chdir resumed>) = 0 [pid 5927] <... close resumed>) = 0 [pid 5924] <... openat resumed>) = 7 [pid 5929] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5927] mkdir("\x2e\x02", 0777 [pid 5925] munmap(0x7f362c399000, 2097152 [pid 5924] ioctl(7, LOOP_SET_FD, 6 [pid 5929] <... prctl resumed>) = 0 [pid 5928] <... openat resumed>) = 4 [pid 5927] <... mkdir resumed>) = 0 [pid 5925] <... munmap resumed>) = 0 [pid 5924] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5929] setpgid(0, 0 [pid 5927] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5924] ioctl(7, LOOP_CLR_FD [pid 5928] ioctl(4, LOOP_SET_FD, 3 [pid 5929] <... setpgid resumed>) = 0 [pid 5924] <... ioctl resumed>) = 0 [pid 5929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5928] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5929] <... openat resumed>) = 3 [pid 5928] ioctl(4, LOOP_CLR_FD [pid 5929] write(3, "1000", 4) = 4 [pid 5929] close(3 [pid 5928] <... ioctl resumed>) = 0 [pid 5929] <... close resumed>) = 0 [pid 5929] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5925] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5929] memfd_create("syzkaller", 0 [pid 5925] <... openat resumed>) = 7 [pid 5924] ioctl(7, LOOP_SET_FD, 6 [pid 5929] <... memfd_create resumed>) = 3 [pid 5925] ioctl(7, LOOP_SET_FD, 6 [pid 5924] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5928] ioctl(4, LOOP_SET_FD, 3 [pid 5925] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5924] close(7 [pid 5929] <... mmap resumed>) = 0x7f3634699000 [pid 5925] ioctl(7, LOOP_CLR_FD [pid 5924] <... close resumed>) = 0 [pid 5929] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5925] <... ioctl resumed>) = 0 [ 172.834016][ T5927] loop2: detected capacity change from 0 to 2048 [ 172.846007][ T5926] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 172.853698][ T5926] UDF-fs: Scanning with blocksize 512 failed [ 172.872733][ T5927] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [pid 5924] close(6 [pid 5928] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5924] <... close resumed>) = 0 [pid 5928] close(4) = 0 [pid 5928] close(3 [pid 5925] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5925] close(7) = 0 [pid 5925] close(6 [pid 5928] <... close resumed>) = 0 [pid 5925] <... close resumed>) = 0 [pid 5928] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5924] exit_group(0 [pid 5928] <... open resumed>) = 3 [pid 5924] <... exit_group resumed>) = ? [pid 5928] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5924] +++ exited with 0 +++ [pid 5928] <... mount resumed>) = 0 [pid 5928] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5924, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5929] <... write resumed>) = 1048576 [pid 5928] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] restart_syscall(<... resuming interrupted clone ...> [pid 5926] <... mount resumed>) = 0 [pid 5929] munmap(0x7f3634699000, 1048576 [pid 5928] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5926] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5018] <... restart_syscall resumed>) = 0 [pid 5929] <... munmap resumed>) = 0 [pid 5925] exit_group(0 [pid 5929] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5925] <... exit_group resumed>) = ? [pid 5929] <... openat resumed>) = 4 [pid 5925] +++ exited with 0 +++ [pid 5929] ioctl(4, LOOP_SET_FD, 3 [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5925, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [ 172.900094][ T5927] UDF-fs: Scanning with blocksize 512 failed [ 172.924984][ T5926] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 172.939732][ T5927] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5928] ftruncate(-1, 2 [pid 5926] <... openat resumed>) = 3 [pid 5015] restart_syscall(<... resuming interrupted clone ...> [pid 5928] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5926] chdir("\x2e\x02" [pid 5015] <... restart_syscall resumed>) = 0 [pid 5928] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 5926] <... chdir resumed>) = 0 [pid 5018] umount2("./150", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5928] <... mmap resumed>) = 0x20000000 [pid 5926] ioctl(4, LOOP_CLR_FD [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5928] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5926] <... ioctl resumed>) = 0 [pid 5018] openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] umount2("./148", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5928] <... open resumed>) = -1 EFAULT (Bad address) [pid 5926] close(4 [pid 5018] <... openat resumed>) = 3 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5928] memfd_create("syzkaller", 0 [pid 5926] <... close resumed>) = 0 [pid 5018] newfstatat(3, "", [pid 5015] openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5928] <... memfd_create resumed>) = 5 [pid 5926] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... openat resumed>) = 3 [pid 5928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5926] <... open resumed>) = 4 [pid 5018] getdents64(3, [pid 5015] newfstatat(3, "", [pid 5928] <... mmap resumed>) = 0x7f362c399000 [pid 5926] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] umount2("./148/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(AT_FDCWD, "./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] unlink("./148/binderfs") = 0 [pid 5929] <... ioctl resumed>) = 0 [pid 5926] <... mount resumed>) = 0 [pid 5018] umount2("./150/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] umount2("\x2e\x2f\x31\x34\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5929] close(3 [pid 5926] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... umount2 resumed>) = 0 [pid 5929] <... close resumed>) = 0 [pid 5927] <... mount resumed>) = 0 [pid 5926] <... open resumed>) = 5 [pid 5018] newfstatat(AT_FDCWD, "./150/binderfs", [pid 5015] umount2("\x2e\x2f\x31\x34\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5929] mkdir("\x2e\x02", 0777 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5929] <... mkdir resumed>) = 0 [ 172.949021][ T5929] loop5: detected capacity change from 0 to 2048 [pid 5929] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x38\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] umount2("\x2e\x2f\x31\x34\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5927] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5926] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5928] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5927] <... openat resumed>) = 3 [pid 5926] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5018] unlink("./150/binderfs" [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5927] chdir("\x2e\x02" [pid 5926] ftruncate(-1, 2 [pid 5018] <... unlink resumed>) = 0 [pid 5015] <... openat resumed>) = 4 [pid 5927] <... chdir resumed>) = 0 [pid 5926] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5018] umount2("\x2e\x2f\x31\x35\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] newfstatat(4, "", [pid 5927] ioctl(4, LOOP_CLR_FD [pid 5926] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] getdents64(4, [pid 5927] <... ioctl resumed>) = 0 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5927] close(4 [pid 5926] <... mmap resumed>) = 0x20000000 [pid 5015] close(4 [pid 5927] <... close resumed>) = 0 [pid 5926] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5018] <... umount2 resumed>) = 0 [pid 5015] <... close resumed>) = 0 [pid 5927] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5926] <... open resumed>) = -1 EFAULT (Bad address) [pid 5015] rmdir("\x2e\x2f\x31\x34\x38\x2f\x2e\x02" [pid 5926] memfd_create("syzkaller", 0 [pid 5015] <... rmdir resumed>) = 0 [pid 5927] <... open resumed>) = 4 [pid 5926] <... memfd_create resumed>) = 6 [pid 5018] umount2("\x2e\x2f\x31\x35\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] getdents64(3, [pid 5927] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5927] <... mount resumed>) = 0 [pid 5926] <... mmap resumed>) = 0x7f362c399000 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] close(3 [pid 5927] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5015] <... close resumed>) = 0 [pid 5015] rmdir("./148") = 0 [ 172.995968][ T5929] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [pid 5015] mkdir("./149", 0777) = 0 [pid 5927] <... open resumed>) = 5 [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x30\x2f\x2e\x02", [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5927] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... openat resumed>) = 3 [pid 5927] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5018] umount2("\x2e\x2f\x31\x35\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5927] ftruncate(-1, 2 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5927] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] close(3 [pid 5927] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5018] <... openat resumed>) = 4 [pid 5015] <... close resumed>) = 0 [pid 5927] <... mmap resumed>) = 0x20000000 [pid 5018] newfstatat(4, "", [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5927] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5927] <... open resumed>) = -1 EFAULT (Bad address) [pid 5018] getdents64(4, [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5930 [pid 5927] memfd_create("syzkaller", 0 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5927] <... memfd_create resumed>) = 6 [pid 5018] getdents64(4, ./strace-static-x86_64: Process 5930 attached [pid 5927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5930] set_robust_list(0x555557506760, 24 [pid 5927] <... mmap resumed>) = 0x7f362c399000 [pid 5018] close(4 [pid 5930] <... set_robust_list resumed>) = 0 [pid 5930] chdir("./149") = 0 [pid 5930] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5930] setpgid(0, 0) = 0 [pid 5930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5018] <... close resumed>) = 0 [pid 5930] write(3, "1000", 4 [pid 5018] rmdir("\x2e\x2f\x31\x35\x30\x2f\x2e\x02" [pid 5930] <... write resumed>) = 4 [pid 5018] <... rmdir resumed>) = 0 [pid 5930] close(3 [pid 5018] getdents64(3, [pid 5930] <... close resumed>) = 0 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5930] symlink("/dev/binderfs", "./binderfs" [pid 5018] close(3 [pid 5930] <... symlink resumed>) = 0 [pid 5928] <... write resumed>) = 2097152 [pid 5018] <... close resumed>) = 0 [pid 5930] memfd_create("syzkaller", 0 [pid 5018] rmdir("./150" [pid 5930] <... memfd_create resumed>) = 3 [pid 5930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] <... rmdir resumed>) = 0 [pid 5930] <... mmap resumed>) = 0x7f3634699000 [pid 5018] mkdir("./151", 0777) = 0 [pid 5928] munmap(0x7f362c399000, 2097152 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5018] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5018] close(3) = 0 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5930] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5931 [ 173.053395][ T5929] UDF-fs: Scanning with blocksize 512 failed [ 173.093296][ T5929] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) ./strace-static-x86_64: Process 5931 attached [pid 5928] <... munmap resumed>) = 0 [pid 5931] set_robust_list(0x555557506760, 24 [pid 5928] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5926] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5931] <... set_robust_list resumed>) = 0 [pid 5928] <... openat resumed>) = 6 [pid 5931] chdir("./151" [pid 5928] ioctl(6, LOOP_SET_FD, 5 [pid 5931] <... chdir resumed>) = 0 [pid 5928] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5931] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5928] ioctl(6, LOOP_CLR_FD [pid 5931] <... prctl resumed>) = 0 [pid 5929] <... mount resumed>) = 0 [pid 5928] <... ioctl resumed>) = 0 [pid 5931] setpgid(0, 0 [pid 5929] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5931] <... setpgid resumed>) = 0 [pid 5929] <... openat resumed>) = 3 [pid 5927] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5929] chdir("\x2e\x02" [pid 5931] <... openat resumed>) = 3 [pid 5930] <... write resumed>) = 1048576 [pid 5929] <... chdir resumed>) = 0 [pid 5928] ioctl(6, LOOP_SET_FD, 5 [pid 5931] write(3, "1000", 4 [pid 5929] ioctl(4, LOOP_CLR_FD [pid 5928] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5931] <... write resumed>) = 4 [pid 5930] munmap(0x7f3634699000, 1048576 [pid 5929] <... ioctl resumed>) = 0 [pid 5928] close(6 [pid 5931] close(3 [pid 5930] <... munmap resumed>) = 0 [pid 5929] close(4 [pid 5928] <... close resumed>) = 0 [pid 5931] <... close resumed>) = 0 [pid 5929] <... close resumed>) = 0 [pid 5928] close(5 [pid 5931] symlink("/dev/binderfs", "./binderfs" [pid 5930] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5929] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5930] <... openat resumed>) = 4 [pid 5929] <... open resumed>) = 4 [pid 5931] <... symlink resumed>) = 0 [pid 5930] ioctl(4, LOOP_SET_FD, 3 [pid 5929] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5931] memfd_create("syzkaller", 0 [pid 5930] <... ioctl resumed>) = 0 [pid 5929] <... mount resumed>) = 0 [pid 5928] <... close resumed>) = 0 [pid 5931] <... memfd_create resumed>) = 3 [pid 5929] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5929] <... open resumed>) = 5 [pid 5931] <... mmap resumed>) = 0x7f3634699000 [pid 5929] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5929] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5929] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5929] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5931] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5929] memfd_create("syzkaller", 0) = 6 [pid 5929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5931] <... write resumed>) = 1048576 [pid 5928] exit_group(0) = ? [pid 5928] +++ exited with 0 +++ [pid 5930] close(3 [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5928, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=5 /* 0.05 s */} --- [pid 5930] <... close resumed>) = 0 [pid 5926] <... write resumed>) = 2097152 [pid 5931] munmap(0x7f3634699000, 1048576 [pid 5930] mkdir("\x2e\x02", 0777 [pid 5926] munmap(0x7f362c399000, 2097152 [pid 5931] <... munmap resumed>) = 0 [pid 5930] <... mkdir resumed>) = 0 [pid 5927] <... write resumed>) = 2097152 [pid 5930] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5014] umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5931] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5014] openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5931] <... openat resumed>) = 4 [ 173.167734][ T5930] loop1: detected capacity change from 0 to 2048 [pid 5014] <... openat resumed>) = 3 [pid 5931] ioctl(4, LOOP_SET_FD, 3 [pid 5929] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5927] munmap(0x7f362c399000, 2097152 [pid 5926] <... munmap resumed>) = 0 [pid 5014] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] umount2("./146/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5927] <... munmap resumed>) = 0 [pid 5926] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5927] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5926] <... openat resumed>) = 7 [pid 5014] <... umount2 resumed>) = 0 [pid 5014] umount2("./146/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5927] <... openat resumed>) = 7 [pid 5926] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5926] ioctl(7, LOOP_CLR_FD) = 0 [pid 5014] newfstatat(AT_FDCWD, "./146/bus", [pid 5927] ioctl(7, LOOP_SET_FD, 6 [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] unlink("./146/bus" [pid 5927] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5014] <... unlink resumed>) = 0 [pid 5927] ioctl(7, LOOP_CLR_FD [pid 5926] ioctl(7, LOOP_SET_FD, 6 [pid 5014] umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5927] <... ioctl resumed>) = 0 [pid 5926] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5926] close(7 [pid 5014] newfstatat(AT_FDCWD, "./146/binderfs", [pid 5926] <... close resumed>) = 0 [pid 5926] close(6 [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] unlink("./146/binderfs") = 0 [pid 5014] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] close(3) = 0 [pid 5014] rmdir("./146") = 0 [pid 5014] mkdir("./147", 0777) = 0 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5014] ioctl(3, LOOP_CLR_FD) = 0 [pid 5014] close(3) = 0 [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5927] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5927] close(7 [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 5932 [pid 5927] <... close resumed>) = 0 [pid 5927] close(6 [pid 5931] <... ioctl resumed>) = 0 [pid 5931] close(3) = 0 [pid 5931] mkdir("\x2e\x02", 0777) = 0 [ 173.227253][ T5930] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 173.236627][ T5931] loop4: detected capacity change from 0 to 2048 [ 173.238958][ T5930] UDF-fs: Scanning with blocksize 512 failed [pid 5931] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5927] <... close resumed>) = 0 [pid 5926] <... close resumed>) = 0 ./strace-static-x86_64: Process 5932 attached [pid 5926] exit_group(0 [pid 5932] set_robust_list(0x555557506760, 24) = 0 [pid 5932] chdir("./147") = 0 [pid 5932] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5932] setpgid(0, 0) = 0 [pid 5926] <... exit_group resumed>) = ? [pid 5932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5932] write(3, "1000", 4) = 4 [pid 5926] +++ exited with 0 +++ [pid 5932] close(3 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5926, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5932] <... close resumed>) = 0 [pid 5932] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5932] memfd_create("syzkaller", 0) = 3 [pid 5932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5932] <... mmap resumed>) = 0x7f3634699000 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5932] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5927] exit_group(0 [pid 5017] openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5927] <... exit_group resumed>) = ? [pid 5017] <... openat resumed>) = 3 [pid 5017] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5927] +++ exited with 0 +++ [pid 5017] getdents64(3, [pid 5929] <... write resumed>) = 2097152 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5927, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] newfstatat(AT_FDCWD, "./147/binderfs", [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5930] <... mount resumed>) = 0 [pid 5929] munmap(0x7f362c399000, 2097152 [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5930] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5929] <... munmap resumed>) = 0 [pid 5017] unlink("./147/binderfs" [pid 5016] <... openat resumed>) = 3 [pid 5930] <... openat resumed>) = 3 [pid 5929] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5017] <... unlink resumed>) = 0 [pid 5016] newfstatat(3, "", [pid 5930] chdir("\x2e\x02" [pid 5929] <... openat resumed>) = 7 [pid 5017] umount2("\x2e\x2f\x31\x34\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5930] <... chdir resumed>) = 0 [pid 5929] ioctl(7, LOOP_SET_FD, 6 [pid 5016] getdents64(3, [pid 5930] ioctl(4, LOOP_CLR_FD [pid 5929] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [ 173.280615][ T5930] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 173.303604][ T5931] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 173.323437][ T5931] UDF-fs: Scanning with blocksize 512 failed [pid 5930] <... ioctl resumed>) = 0 [pid 5016] umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5930] close(4 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5930] <... close resumed>) = 0 [pid 5016] newfstatat(AT_FDCWD, "./147/binderfs", [pid 5930] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] unlink("./147/binderfs" [pid 5932] <... write resumed>) = 1048576 [pid 5929] ioctl(7, LOOP_CLR_FD [pid 5016] <... unlink resumed>) = 0 [pid 5930] <... open resumed>) = 4 [pid 5017] <... umount2 resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x34\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5930] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5017] umount2("\x2e\x2f\x31\x34\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5930] <... mount resumed>) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5930] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x37\x2f\x2e\x02", [pid 5929] <... ioctl resumed>) = 0 [pid 5930] <... open resumed>) = 5 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5930] openat(AT_FDCWD, NULL, O_RDWR [pid 5017] umount2("\x2e\x2f\x31\x34\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5930] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5930] ftruncate(-1, 2 [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x37\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5930] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5017] <... openat resumed>) = 4 [pid 5930] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5017] newfstatat(4, "", [pid 5932] munmap(0x7f3634699000, 1048576 [pid 5930] <... mmap resumed>) = 0x20000000 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... umount2 resumed>) = 0 [pid 5932] <... munmap resumed>) = 0 [pid 5930] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5017] getdents64(4, [pid 5932] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5930] <... open resumed>) = -1 EFAULT (Bad address) [pid 5929] ioctl(7, LOOP_SET_FD, 6 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5016] umount2("\x2e\x2f\x31\x34\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5932] <... openat resumed>) = 4 [pid 5931] <... mount resumed>) = 0 [pid 5930] memfd_create("syzkaller", 0 [pid 5929] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] getdents64(4, [pid 5932] ioctl(4, LOOP_SET_FD, 3 [pid 5931] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5930] <... memfd_create resumed>) = 6 [pid 5929] close(7 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5932] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5931] <... openat resumed>) = 3 [pid 5930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5929] <... close resumed>) = 0 [pid 5017] close(4 [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x37\x2f\x2e\x02", [pid 5932] ioctl(4, LOOP_CLR_FD [pid 5931] chdir("\x2e\x02" [pid 5930] <... mmap resumed>) = 0x7f362c399000 [pid 5929] close(6 [pid 5017] <... close resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5932] <... ioctl resumed>) = 0 [pid 5931] <... chdir resumed>) = 0 [pid 5017] rmdir("\x2e\x2f\x31\x34\x37\x2f\x2e\x02" [pid 5016] umount2("\x2e\x2f\x31\x34\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... rmdir resumed>) = 0 [pid 5017] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5017] close(3 [pid 5932] ioctl(4, LOOP_SET_FD, 3 [pid 5017] <... close resumed>) = 0 [pid 5932] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] rmdir("./147" [pid 5932] close(4 [pid 5017] <... rmdir resumed>) = 0 [pid 5932] <... close resumed>) = 0 [ 173.345379][ T5931] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5931] ioctl(4, LOOP_CLR_FD [pid 5929] <... close resumed>) = 0 [pid 5017] mkdir("./148", 0777 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5932] close(3 [pid 5931] <... ioctl resumed>) = 0 [pid 5017] <... mkdir resumed>) = 0 [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x37\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5932] <... close resumed>) = 0 [pid 5931] close(4 [pid 5929] exit_group(0 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5016] <... openat resumed>) = 4 [pid 5932] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5931] <... close resumed>) = 0 [pid 5929] <... exit_group resumed>) = ? [pid 5017] <... openat resumed>) = 3 [pid 5016] newfstatat(4, "", [pid 5932] <... open resumed>) = 3 [pid 5931] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5929] +++ exited with 0 +++ [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5932] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5931] <... open resumed>) = 4 [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5016] getdents64(4, [pid 5932] <... mount resumed>) = 0 [pid 5931] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5929, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 5017] close(3 [pid 5932] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5931] <... mount resumed>) = 0 [pid 5019] restart_syscall(<... resuming interrupted clone ...> [pid 5017] <... close resumed>) = 0 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5932] <... open resumed>) = 4 [pid 5931] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5019] <... restart_syscall resumed>) = 0 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5016] getdents64(4, [pid 5932] openat(AT_FDCWD, NULL, O_RDWR [pid 5931] <... open resumed>) = 5 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5932] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5931] openat(AT_FDCWD, NULL, O_RDWR [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5933 [pid 5016] close(4 [pid 5932] ftruncate(-1, 2 [pid 5931] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5019] umount2("./152", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... close resumed>) = 0 ./strace-static-x86_64: Process 5933 attached [pid 5932] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5931] ftruncate(-1, 2 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] rmdir("\x2e\x2f\x31\x34\x37\x2f\x2e\x02" [pid 5933] set_robust_list(0x555557506760, 24 [pid 5932] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 5931] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5933] <... set_robust_list resumed>) = 0 [pid 5932] <... mmap resumed>) = 0x20000000 [pid 5931] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] <... openat resumed>) = 3 [pid 5016] <... rmdir resumed>) = 0 [pid 5933] chdir("./148" [pid 5932] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5931] <... mmap resumed>) = 0x20000000 [pid 5019] newfstatat(3, "", [pid 5016] getdents64(3, [pid 5933] <... chdir resumed>) = 0 [pid 5932] <... open resumed>) = -1 EFAULT (Bad address) [pid 5931] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5930] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5933] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5932] memfd_create("syzkaller", 0 [pid 5931] <... open resumed>) = -1 EFAULT (Bad address) [pid 5019] getdents64(3, [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5933] <... prctl resumed>) = 0 [pid 5932] <... memfd_create resumed>) = 5 [pid 5931] memfd_create("syzkaller", 0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] close(3 [pid 5933] setpgid(0, 0 [pid 5932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5931] <... memfd_create resumed>) = 6 [pid 5019] umount2("./152/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... close resumed>) = 0 [pid 5933] <... setpgid resumed>) = 0 [pid 5932] <... mmap resumed>) = 0x7f362c399000 [pid 5931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5931] <... mmap resumed>) = 0x7f362c399000 [pid 5019] newfstatat(AT_FDCWD, "./152/binderfs", [pid 5016] rmdir("./147" [pid 5933] <... openat resumed>) = 3 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] unlink("./152/binderfs") = 0 [pid 5019] umount2("\x2e\x2f\x31\x35\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... rmdir resumed>) = 0 [pid 5933] write(3, "1000", 4 [pid 5016] mkdir("./148", 0777 [pid 5933] <... write resumed>) = 4 [pid 5933] close(3 [pid 5016] <... mkdir resumed>) = 0 [pid 5933] <... close resumed>) = 0 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5933] symlink("/dev/binderfs", "./binderfs" [pid 5016] <... openat resumed>) = 3 [pid 5933] <... symlink resumed>) = 0 [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5933] memfd_create("syzkaller", 0 [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5933] <... memfd_create resumed>) = 3 [pid 5016] close(3 [pid 5933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5016] <... close resumed>) = 0 [pid 5933] <... mmap resumed>) = 0x7f3634699000 [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5933] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 5934 attached [pid 5019] <... umount2 resumed>) = 0 [pid 5934] set_robust_list(0x555557506760, 24 [pid 5933] <... write resumed>) = 1048576 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5934 [pid 5934] <... set_robust_list resumed>) = 0 [pid 5933] munmap(0x7f3634699000, 1048576 [pid 5934] chdir("./148" [pid 5933] <... munmap resumed>) = 0 [pid 5931] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5930] <... write resumed>) = 2097152 [pid 5019] umount2("\x2e\x2f\x31\x35\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5934] <... chdir resumed>) = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5934] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5933] <... openat resumed>) = 4 [pid 5934] <... prctl resumed>) = 0 [pid 5933] ioctl(4, LOOP_SET_FD, 3 [pid 5934] setpgid(0, 0 [pid 5932] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5934] <... setpgid resumed>) = 0 [pid 5934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5934] <... openat resumed>) = 3 [pid 5934] write(3, "1000", 4 [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x32\x2f\x2e\x02", [pid 5934] <... write resumed>) = 4 [pid 5934] close(3 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5934] <... close resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x35\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5934] symlink("/dev/binderfs", "./binderfs" [pid 5930] munmap(0x7f362c399000, 2097152 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5934] <... symlink resumed>) = 0 [pid 5933] <... ioctl resumed>) = 0 [pid 5930] <... munmap resumed>) = 0 [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5934] memfd_create("syzkaller", 0 [pid 5933] close(3 [pid 5934] <... memfd_create resumed>) = 3 [pid 5933] <... close resumed>) = 0 [pid 5019] <... openat resumed>) = 4 [pid 5934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5933] mkdir("\x2e\x02", 0777 [pid 5019] newfstatat(4, "", [pid 5934] <... mmap resumed>) = 0x7f3634699000 [pid 5933] <... mkdir resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5930] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 7 [pid 5934] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5933] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5930] ioctl(7, LOOP_SET_FD, 6 [pid 5019] getdents64(4, [pid 5931] <... write resumed>) = 2097152 [pid 5930] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5930] ioctl(7, LOOP_CLR_FD) = 0 [pid 5930] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5930] close(7 [pid 5934] <... write resumed>) = 1048576 [pid 5930] <... close resumed>) = 0 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5930] close(6 [pid 5931] munmap(0x7f362c399000, 2097152 [pid 5019] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [ 173.556907][ T5933] loop3: detected capacity change from 0 to 2048 [pid 5019] close(4) = 0 [pid 5019] rmdir("\x2e\x2f\x31\x35\x32\x2f\x2e\x02") = 0 [pid 5019] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5931] <... munmap resumed>) = 0 [pid 5019] close(3 [pid 5932] <... write resumed>) = 2097152 [pid 5932] munmap(0x7f362c399000, 2097152) = 0 [pid 5019] <... close resumed>) = 0 [pid 5019] rmdir("./152") = 0 [pid 5931] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5019] mkdir("./153", 0777 [pid 5931] <... openat resumed>) = 7 [pid 5019] <... mkdir resumed>) = 0 [pid 5931] ioctl(7, LOOP_SET_FD, 6 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5931] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5930] <... close resumed>) = 0 [pid 5019] <... openat resumed>) = 3 [pid 5932] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5931] ioctl(7, LOOP_CLR_FD [pid 5930] exit_group(0 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5932] <... openat resumed>) = 6 [pid 5931] <... ioctl resumed>) = 0 [pid 5930] <... exit_group resumed>) = ? [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5932] ioctl(6, LOOP_SET_FD, 5 [pid 5930] +++ exited with 0 +++ [pid 5932] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5930, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=7 /* 0.07 s */} --- [pid 5934] munmap(0x7f3634699000, 1048576 [pid 5932] ioctl(6, LOOP_CLR_FD) = 0 [pid 5019] close(3 [pid 5934] <... munmap resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5934] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5932] ioctl(6, LOOP_SET_FD, 5 [pid 5015] umount2("./149", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5934] <... openat resumed>) = 4 [pid 5932] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5934] ioctl(4, LOOP_SET_FD, 3 [pid 5932] close(6 [pid 5015] openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5935 attached [pid 5933] <... mount resumed>) = 0 [pid 5932] <... close resumed>) = 0 [pid 5931] ioctl(7, LOOP_SET_FD, 6 [pid 5015] <... openat resumed>) = 3 [pid 5935] set_robust_list(0x555557506760, 24 [pid 5933] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5932] close(5 [pid 5931] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5935 [pid 5015] newfstatat(3, "", [pid 5935] <... set_robust_list resumed>) = 0 [pid 5933] <... openat resumed>) = 3 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5935] chdir("./153" [pid 5933] chdir("\x2e\x02" [pid 5931] close(7 [pid 5015] getdents64(3, [pid 5935] <... chdir resumed>) = 0 [pid 5933] <... chdir resumed>) = 0 [pid 5931] <... close resumed>) = 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5935] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5933] ioctl(4, LOOP_CLR_FD [pid 5932] <... close resumed>) = 0 [pid 5931] close(6 [pid 5015] umount2("./149/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5935] <... prctl resumed>) = 0 [pid 5933] <... ioctl resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(AT_FDCWD, "./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] unlink("./149/binderfs") = 0 [pid 5015] umount2("\x2e\x2f\x31\x34\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5932] exit_group(0) = ? [pid 5931] <... close resumed>) = 0 [pid 5935] setpgid(0, 0 [pid 5933] close(4 [pid 5931] exit_group(0 [pid 5015] <... umount2 resumed>) = 0 [pid 5935] <... setpgid resumed>) = 0 [pid 5933] <... close resumed>) = 0 [pid 5931] <... exit_group resumed>) = ? [pid 5934] <... ioctl resumed>) = 0 [pid 5934] close(3) = 0 [ 173.622864][ T5933] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 173.640289][ T5933] UDF-fs: Scanning with blocksize 512 failed [ 173.650617][ T5933] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 173.658037][ T5934] loop2: detected capacity change from 0 to 2048 [pid 5935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5933] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5934] mkdir("\x2e\x02", 0777 [pid 5935] <... openat resumed>) = 3 [pid 5934] <... mkdir resumed>) = 0 [pid 5933] <... open resumed>) = 4 [pid 5932] +++ exited with 0 +++ [pid 5015] umount2("\x2e\x2f\x31\x34\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5935] write(3, "1000", 4 [pid 5934] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5933] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5935] <... write resumed>) = 4 [pid 5933] <... mount resumed>) = 0 [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x39\x2f\x2e\x02", [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5932, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5935] close(3 [pid 5933] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5931] +++ exited with 0 +++ [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5935] <... close resumed>) = 0 [pid 5933] <... open resumed>) = 5 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5931, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 5015] umount2("\x2e\x2f\x31\x34\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5935] symlink("/dev/binderfs", "./binderfs" [pid 5933] openat(AT_FDCWD, NULL, O_RDWR [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5935] <... symlink resumed>) = 0 [pid 5933] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] <... openat resumed>) = 3 [pid 5935] memfd_create("syzkaller", 0 [pid 5933] ftruncate(-1, 2 [pid 5018] umount2("./151", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... openat resumed>) = 4 [pid 5014] newfstatat(3, "", [pid 5935] <... memfd_create resumed>) = 3 [pid 5933] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(4, "", [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5933] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5018] openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] getdents64(3, [pid 5935] <... mmap resumed>) = 0x7f3634699000 [pid 5933] <... mmap resumed>) = 0x20000000 [pid 5018] <... openat resumed>) = 3 [pid 5015] getdents64(4, [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5014] umount2("./147/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] getdents64(4, [pid 5014] <... umount2 resumed>) = 0 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5014] umount2("./147/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] close(4 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... close resumed>) = 0 [pid 5014] newfstatat(AT_FDCWD, "./147/bus", [pid 5935] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5933] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5018] newfstatat(3, "", [pid 5015] rmdir("\x2e\x2f\x31\x34\x39\x2f\x2e\x02" [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5933] <... open resumed>) = -1 EFAULT (Bad address) [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... rmdir resumed>) = 0 [pid 5014] unlink("./147/bus" [pid 5933] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5018] getdents64(3, [pid 5015] getdents64(3, [pid 5014] <... unlink resumed>) = 0 [pid 5933] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] close(3 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... close resumed>) = 0 [pid 5014] newfstatat(AT_FDCWD, "./147/binderfs", [pid 5015] rmdir("./149" [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... rmdir resumed>) = 0 [pid 5014] unlink("./147/binderfs" [pid 5015] mkdir("./150", 0777 [pid 5014] <... unlink resumed>) = 0 [pid 5933] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [ 173.726790][ T5934] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [pid 5018] umount2("./151/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... mkdir resumed>) = 0 [pid 5014] getdents64(3, [pid 5935] <... write resumed>) = 1048576 [pid 5933] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5935] munmap(0x7f3634699000, 1048576 [pid 5933] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... openat resumed>) = 3 [pid 5014] close(3 [pid 5933] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5018] newfstatat(AT_FDCWD, "./151/binderfs", [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5014] <... close resumed>) = 0 [pid 5935] <... munmap resumed>) = 0 [pid 5933] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5014] rmdir("./147" [pid 5935] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5933] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5018] unlink("./151/binderfs" [pid 5015] close(3 [pid 5014] <... rmdir resumed>) = 0 [pid 5935] <... openat resumed>) = 4 [pid 5933] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5018] <... unlink resumed>) = 0 [pid 5015] <... close resumed>) = 0 [pid 5014] mkdir("./148", 0777 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5014] <... mkdir resumed>) = 0 [pid 5935] ioctl(4, LOOP_SET_FD, 3 [pid 5933] memfd_create("syzkaller", 0 [pid 5018] umount2("\x2e\x2f\x31\x35\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5935] <... ioctl resumed>) = 0 [pid 5933] <... memfd_create resumed>) = 6 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5936 [pid 5014] <... openat resumed>) = 3 [pid 5014] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5014] close(3) = 0 [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 5937 [pid 5018] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 5936 attached [pid 5933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5936] set_robust_list(0x555557506760, 24 [pid 5933] <... mmap resumed>) = 0x7f362c399000 [pid 5936] <... set_robust_list resumed>) = 0 [pid 5933] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5936] chdir("./150" [pid 5933] exit_group(0 [pid 5936] <... chdir resumed>) = 0 [pid 5935] close(3 [pid 5933] <... exit_group resumed>) = ? [pid 5018] umount2("\x2e\x2f\x31\x35\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5936] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5935] <... close resumed>) = 0 ./strace-static-x86_64: Process 5937 attached [pid 5936] <... prctl resumed>) = 0 [pid 5935] mkdir("\x2e\x02", 0777 [pid 5934] <... mount resumed>) = 0 [pid 5933] +++ exited with 0 +++ [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x31\x2f\x2e\x02", [pid 5936] setpgid(0, 0 [pid 5934] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5933, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5937] set_robust_list(0x555557506760, 24 [pid 5935] <... mkdir resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x35\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5937] <... set_robust_list resumed>) = 0 [pid 5936] <... setpgid resumed>) = 0 [pid 5935] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5934] <... openat resumed>) = 3 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5937] chdir("./148" [pid 5936] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5934] chdir("\x2e\x02" [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x31\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5937] <... chdir resumed>) = 0 [pid 5936] <... openat resumed>) = 3 [pid 5934] <... chdir resumed>) = 0 [pid 5018] <... openat resumed>) = 4 [ 173.767904][ T5934] UDF-fs: Scanning with blocksize 512 failed [ 173.796772][ T5935] loop5: detected capacity change from 0 to 2048 [ 173.798358][ T5934] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5017] umount2("./148", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5936] write(3, "1000", 4 [pid 5934] ioctl(4, LOOP_CLR_FD [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5936] <... write resumed>) = 4 [pid 5934] <... ioctl resumed>) = 0 [pid 5017] openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5936] close(3 [pid 5934] close(4 [pid 5017] <... openat resumed>) = 3 [pid 5936] <... close resumed>) = 0 [pid 5934] <... close resumed>) = 0 [pid 5017] newfstatat(3, "", [pid 5936] symlink("/dev/binderfs", "./binderfs" [pid 5934] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5937] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5936] <... symlink resumed>) = 0 [pid 5934] <... open resumed>) = 4 [pid 5018] newfstatat(4, "", [pid 5017] getdents64(3, [pid 5937] <... prctl resumed>) = 0 [pid 5936] memfd_create("syzkaller", 0 [pid 5934] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5937] setpgid(0, 0 [pid 5936] <... memfd_create resumed>) = 3 [pid 5934] <... mount resumed>) = 0 [pid 5018] getdents64(4, [pid 5017] umount2("./148/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5937] <... setpgid resumed>) = 0 [pid 5936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5934] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5936] <... mmap resumed>) = 0x7f3634699000 [pid 5934] <... open resumed>) = 5 [pid 5018] getdents64(4, [pid 5017] newfstatat(AT_FDCWD, "./148/binderfs", [pid 5937] <... openat resumed>) = 3 [pid 5936] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5934] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5937] write(3, "1000", 4 [pid 5934] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5018] close(4 [pid 5017] unlink("./148/binderfs" [pid 5937] <... write resumed>) = 4 [pid 5934] ftruncate(-1, 2 [pid 5018] <... close resumed>) = 0 [pid 5017] <... unlink resumed>) = 0 [pid 5937] close(3 [pid 5934] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5018] rmdir("\x2e\x2f\x31\x35\x31\x2f\x2e\x02" [pid 5017] umount2("\x2e\x2f\x31\x34\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5937] <... close resumed>) = 0 [pid 5934] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5018] <... rmdir resumed>) = 0 [pid 5937] symlink("/dev/binderfs", "./binderfs" [pid 5934] <... mmap resumed>) = 0x20000000 [pid 5934] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5934] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5934] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5937] <... symlink resumed>) = 0 [pid 5934] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5018] getdents64(3, [pid 5937] memfd_create("syzkaller", 0 [pid 5934] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5937] <... memfd_create resumed>) = 3 [pid 5934] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5018] close(3 [pid 5937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5934] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5018] <... close resumed>) = 0 [pid 5017] <... umount2 resumed>) = 0 [pid 5937] <... mmap resumed>) = 0x7f3634699000 [pid 5934] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5018] rmdir("./151" [pid 5934] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5934] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5934] memfd_create("syzkaller", 0) = 6 [pid 5934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5934] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5934] exit_group(0) = ? [pid 5937] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5934] +++ exited with 0 +++ [pid 5018] <... rmdir resumed>) = 0 [pid 5017] umount2("\x2e\x2f\x31\x34\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] mkdir("./152", 0777 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5934, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5936] <... write resumed>) = 1048576 [pid 5018] <... mkdir resumed>) = 0 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5936] munmap(0x7f3634699000, 1048576 [pid 5018] <... openat resumed>) = 3 [pid 5016] umount2("./148", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x38\x2f\x2e\x02", [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5936] <... munmap resumed>) = 0 [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5936] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5018] close(3 [pid 5017] umount2("\x2e\x2f\x31\x34\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... openat resumed>) = 3 [pid 5936] <... openat resumed>) = 4 [pid 5018] <... close resumed>) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 173.842032][ T5935] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 173.862457][ T5935] UDF-fs: Scanning with blocksize 512 failed [pid 5016] newfstatat(3, "", [pid 5936] ioctl(4, LOOP_SET_FD, 3 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5938 [pid 5017] <... openat resumed>) = 4 [pid 5016] getdents64(3, [pid 5017] newfstatat(4, "", [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] umount2("./148/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5016] newfstatat(AT_FDCWD, "./148/binderfs", ./strace-static-x86_64: Process 5938 attached [pid 5017] getdents64(4, [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5938] set_robust_list(0x555557506760, 24 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5016] unlink("./148/binderfs" [pid 5938] <... set_robust_list resumed>) = 0 [pid 5017] close(4 [pid 5016] <... unlink resumed>) = 0 [pid 5938] chdir("./152" [pid 5017] <... close resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x34\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5938] <... chdir resumed>) = 0 [pid 5937] <... write resumed>) = 1048576 [pid 5017] rmdir("\x2e\x2f\x31\x34\x38\x2f\x2e\x02" [pid 5938] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5017] <... rmdir resumed>) = 0 [pid 5938] <... prctl resumed>) = 0 [pid 5017] getdents64(3, [pid 5938] setpgid(0, 0) = 0 [pid 5938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5938] write(3, "1000", 4) = 4 [pid 5938] close(3) = 0 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5938] symlink("/dev/binderfs", "./binderfs" [pid 5017] close(3) = 0 [pid 5938] <... symlink resumed>) = 0 [pid 5937] munmap(0x7f3634699000, 1048576 [pid 5017] rmdir("./148" [pid 5938] memfd_create("syzkaller", 0) = 3 [pid 5017] <... rmdir resumed>) = 0 [pid 5938] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] mkdir("./149", 0777 [pid 5938] <... mmap resumed>) = 0x7f3634699000 [pid 5937] <... munmap resumed>) = 0 [pid 5016] <... umount2 resumed>) = 0 [pid 5938] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5936] <... ioctl resumed>) = 0 [pid 5935] <... mount resumed>) = 0 [pid 5017] <... mkdir resumed>) = 0 [pid 5937] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5936] close(3 [pid 5935] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5016] umount2("\x2e\x2f\x31\x34\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5937] <... openat resumed>) = 4 [pid 5936] <... close resumed>) = 0 [pid 5937] ioctl(4, LOOP_SET_FD, 3 [pid 5935] <... openat resumed>) = 3 [pid 5017] <... openat resumed>) = 3 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 173.918677][ T5935] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 173.919630][ T5936] loop1: detected capacity change from 0 to 2048 [pid 5936] mkdir("\x2e\x02", 0777 [pid 5937] <... ioctl resumed>) = 0 [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x38\x2f\x2e\x02", [pid 5936] <... mkdir resumed>) = 0 [pid 5936] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5935] chdir("\x2e\x02" [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5935] <... chdir resumed>) = 0 [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5016] umount2("\x2e\x2f\x31\x34\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5937] close(3 [pid 5935] ioctl(4, LOOP_CLR_FD [pid 5017] close(3 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5937] <... close resumed>) = 0 [pid 5935] <... ioctl resumed>) = 0 [pid 5017] <... close resumed>) = 0 [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5937] mkdir("\x2e\x02", 0777 [pid 5935] close(4 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5016] <... openat resumed>) = 4 [pid 5935] <... close resumed>) = 0 [pid 5935] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5016] newfstatat(4, "", [pid 5937] <... mkdir resumed>) = 0 [pid 5935] <... open resumed>) = 4 [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5939 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5937] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [pid 5935] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5016] getdents64(4, [pid 5935] <... mount resumed>) = 0 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5935] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5016] getdents64(4, [pid 5935] <... open resumed>) = 5 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5938] <... write resumed>) = 1048576 [pid 5935] openat(AT_FDCWD, NULL, O_RDWR [pid 5016] close(4./strace-static-x86_64: Process 5939 attached [pid 5935] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5016] <... close resumed>) = 0 [pid 5939] set_robust_list(0x555557506760, 24 [pid 5935] ftruncate(-1, 2 [pid 5016] rmdir("\x2e\x2f\x31\x34\x38\x2f\x2e\x02" [pid 5939] <... set_robust_list resumed>) = 0 [pid 5935] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5939] chdir("./149" [pid 5935] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5016] <... rmdir resumed>) = 0 [pid 5939] <... chdir resumed>) = 0 [ 173.976258][ T5937] loop0: detected capacity change from 0 to 2048 [ 173.988074][ T5936] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [pid 5938] munmap(0x7f3634699000, 1048576 [pid 5939] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5938] <... munmap resumed>) = 0 [pid 5935] <... mmap resumed>) = 0x20000000 [pid 5016] getdents64(3, [pid 5939] <... prctl resumed>) = 0 [pid 5939] setpgid(0, 0 [pid 5938] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5939] <... setpgid resumed>) = 0 [pid 5938] <... openat resumed>) = 4 [pid 5939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5938] ioctl(4, LOOP_SET_FD, 3 [pid 5939] <... openat resumed>) = 3 [pid 5935] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5939] write(3, "1000", 4) = 4 [pid 5939] close(3) = 0 [pid 5939] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5935] <... open resumed>) = -1 EFAULT (Bad address) [pid 5939] memfd_create("syzkaller", 0 [pid 5016] close(3 [pid 5939] <... memfd_create resumed>) = 3 [pid 5016] <... close resumed>) = 0 [pid 5939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5016] rmdir("./148" [pid 5939] <... mmap resumed>) = 0x7f3634699000 [pid 5935] memfd_create("syzkaller", 0) = 6 [pid 5016] <... rmdir resumed>) = 0 [pid 5939] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5016] mkdir("./149", 0777 [pid 5935] <... mmap resumed>) = 0x7f362c399000 [pid 5016] <... mkdir resumed>) = 0 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5016] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5016] close(3) = 0 [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 5940 ./strace-static-x86_64: Process 5940 attached [pid 5940] set_robust_list(0x555557506760, 24 [pid 5938] <... ioctl resumed>) = 0 [pid 5940] <... set_robust_list resumed>) = 0 [pid 5938] close(3 [ 174.017567][ T5937] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 174.022856][ T5938] loop4: detected capacity change from 0 to 2048 [ 174.031842][ T5936] UDF-fs: Scanning with blocksize 512 failed [ 174.055156][ T5937] UDF-fs: Scanning with blocksize 512 failed [pid 5940] chdir("./149" [pid 5938] <... close resumed>) = 0 [pid 5940] <... chdir resumed>) = 0 [pid 5939] <... write resumed>) = 1048576 [pid 5938] mkdir("\x2e\x02", 0777 [pid 5940] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5938] <... mkdir resumed>) = 0 [pid 5940] <... prctl resumed>) = 0 [pid 5938] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5940] setpgid(0, 0) = 0 [pid 5940] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 174.088214][ T5936] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 174.115270][ T5938] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 174.125287][ T5937] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 174.127506][ T5938] UDF-fs: Scanning with blocksize 512 failed [pid 5939] munmap(0x7f3634699000, 1048576 [pid 5935] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5940] write(3, "1000", 4 [pid 5939] <... munmap resumed>) = 0 [pid 5940] <... write resumed>) = 4 [pid 5939] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5940] close(3 [pid 5939] <... openat resumed>) = 4 [pid 5940] <... close resumed>) = 0 [pid 5939] ioctl(4, LOOP_SET_FD, 3 [pid 5940] symlink("/dev/binderfs", "./binderfs" [pid 5936] <... mount resumed>) = 0 [pid 5940] <... symlink resumed>) = 0 [pid 5939] <... ioctl resumed>) = 0 [pid 5940] memfd_create("syzkaller", 0 [pid 5939] close(3 [pid 5940] <... memfd_create resumed>) = 3 [pid 5936] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5936] chdir("\x2e\x02") = 0 [pid 5936] ioctl(4, LOOP_CLR_FD) = 0 [pid 5936] close(4) = 0 [pid 5936] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5936] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5936] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5936] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5936] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5936] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5936] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5939] <... close resumed>) = 0 [pid 5940] <... mmap resumed>) = 0x7f3634699000 [ 174.134320][ T5937] UDF-fs: Scanning with blocksize 1024 failed [ 174.149841][ T5939] loop3: detected capacity change from 0 to 2048 [ 174.153292][ T5937] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 174.167592][ T5938] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5939] mkdir("\x2e\x02", 0777 [pid 5940] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5939] <... mkdir resumed>) = 0 [pid 5939] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5936] memfd_create("syzkaller", 0) = 6 [pid 5936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5938] <... mount resumed>) = 0 [pid 5936] <... mmap resumed>) = 0x7f362c399000 [pid 5938] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5938] chdir("\x2e\x02") = 0 [pid 5938] ioctl(4, LOOP_CLR_FD) = 0 [pid 5938] close(4) = 0 [pid 5938] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5938] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5938] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5935] <... write resumed>) = 2097152 [pid 5938] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5938] ftruncate(-1, 2 [pid 5935] munmap(0x7f362c399000, 2097152 [pid 5940] <... write resumed>) = 1048576 [pid 5938] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [ 174.189683][ T5937] UDF-fs: Scanning with blocksize 2048 failed [ 174.205015][ T5939] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 174.212843][ T5939] UDF-fs: Scanning with blocksize 512 failed [pid 5940] munmap(0x7f3634699000, 1048576 [pid 5938] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5935] <... munmap resumed>) = 0 [pid 5938] <... mmap resumed>) = 0x20000000 [pid 5938] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5940] <... munmap resumed>) = 0 [pid 5940] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5935] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5940] <... openat resumed>) = 4 [pid 5940] ioctl(4, LOOP_SET_FD, 3 [pid 5935] <... openat resumed>) = 7 [pid 5940] <... ioctl resumed>) = 0 [pid 5935] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5940] close(3 [pid 5935] ioctl(7, LOOP_CLR_FD [pid 5940] <... close resumed>) = 0 [pid 5935] <... ioctl resumed>) = 0 [pid 5940] mkdir("\x2e\x02", 0777) = 0 [pid 5939] <... mount resumed>) = 0 [pid 5940] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5939] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5938] memfd_create("syzkaller", 0 [pid 5935] ioctl(7, LOOP_SET_FD, 6 [pid 5939] <... openat resumed>) = 3 [pid 5938] <... memfd_create resumed>) = 6 [pid 5935] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5939] chdir("\x2e\x02" [pid 5938] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 174.247517][ T5939] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 174.266570][ T5940] loop2: detected capacity change from 0 to 2048 [pid 5935] close(7 [pid 5939] <... chdir resumed>) = 0 [pid 5938] <... mmap resumed>) = 0x7f362c399000 [pid 5935] <... close resumed>) = 0 [pid 5935] close(6 [pid 5939] ioctl(4, LOOP_CLR_FD [pid 5935] <... close resumed>) = 0 [pid 5939] <... ioctl resumed>) = 0 [pid 5939] close(4) = 0 [pid 5939] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5936] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5935] exit_group(0 [pid 5939] <... open resumed>) = 4 [pid 5939] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5935] <... exit_group resumed>) = ? [pid 5939] <... mount resumed>) = 0 [pid 5935] +++ exited with 0 +++ [pid 5939] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5935, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5939] <... open resumed>) = 5 [pid 5019] umount2("./153", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5939] openat(AT_FDCWD, NULL, O_RDWR [pid 5019] <... openat resumed>) = 3 [pid 5939] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5019] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5939] ftruncate(-1, 2 [pid 5019] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5939] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] umount2("./153/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5939] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] newfstatat(AT_FDCWD, "./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] unlink("./153/binderfs") = 0 [pid 5939] <... mmap resumed>) = 0x20000000 [pid 5019] umount2("\x2e\x2f\x31\x35\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5939] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] <... umount2 resumed>) = 0 [ 174.293794][ T5937] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 174.305870][ T5940] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 174.329077][ T5937] UDF-fs: Scanning with blocksize 4096 failed [pid 5019] umount2("\x2e\x2f\x31\x35\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5939] <... open resumed>) = -1 EFAULT (Bad address) [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5939] memfd_create("syzkaller", 0 [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x33\x2f\x2e\x02", [pid 5939] <... memfd_create resumed>) = 6 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] umount2("\x2e\x2f\x31\x35\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5938] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x33\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5019] newfstatat(4, "", [pid 5939] <... mmap resumed>) = 0x7f362c399000 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5019] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5019] close(4) = 0 [pid 5019] rmdir("\x2e\x2f\x31\x35\x33\x2f\x2e\x02") = 0 [pid 5019] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5019] close(3) = 0 [pid 5019] rmdir("./153") = 0 [pid 5019] mkdir("./154", 0777) = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5019] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5019] close(3) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 5941 [pid 5937] <... mount resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5941 attached [pid 5941] set_robust_list(0x555557506760, 24) = 0 [pid 5937] ioctl(4, LOOP_CLR_FD) = 0 [pid 5941] chdir("./154" [pid 5937] close(4 [pid 5941] <... chdir resumed>) = 0 [pid 5937] <... close resumed>) = 0 [pid 5941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5941] setpgid(0, 0 [pid 5937] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5941] <... setpgid resumed>) = 0 [pid 5941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5937] <... open resumed>) = 3 [ 174.350699][ T5940] UDF-fs: Scanning with blocksize 512 failed [pid 5941] <... openat resumed>) = 3 [pid 5937] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5941] write(3, "1000", 4 [pid 5937] <... mount resumed>) = 0 [pid 5941] <... write resumed>) = 4 [pid 5941] close(3 [pid 5937] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5941] <... close resumed>) = 0 [pid 5937] <... open resumed>) = 4 [pid 5936] <... write resumed>) = 2097152 [pid 5941] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5937] openat(AT_FDCWD, NULL, O_RDWR [pid 5941] memfd_create("syzkaller", 0 [pid 5936] munmap(0x7f362c399000, 2097152 [pid 5941] <... memfd_create resumed>) = 3 [pid 5937] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5937] ftruncate(-1, 2 [pid 5941] <... mmap resumed>) = 0x7f3634699000 [pid 5937] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5936] <... munmap resumed>) = 0 [pid 5937] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 5936] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5937] <... mmap resumed>) = 0x20000000 [pid 5937] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5936] <... openat resumed>) = 7 [pid 5941] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5940] <... mount resumed>) = 0 [pid 5939] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5938] <... write resumed>) = 2097152 [pid 5937] <... open resumed>) = -1 EFAULT (Bad address) [pid 5940] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5938] munmap(0x7f362c399000, 2097152 [pid 5937] memfd_create("syzkaller", 0 [pid 5936] ioctl(7, LOOP_SET_FD, 6 [pid 5940] <... openat resumed>) = 3 [pid 5937] <... memfd_create resumed>) = 5 [pid 5940] chdir("\x2e\x02" [pid 5937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5936] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5940] <... chdir resumed>) = 0 [pid 5940] ioctl(4, LOOP_CLR_FD) = 0 [ 174.404046][ T5940] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5940] close(4) = 0 [pid 5938] <... munmap resumed>) = 0 [pid 5937] <... mmap resumed>) = 0x7f362c399000 [pid 5936] ioctl(7, LOOP_CLR_FD [pid 5940] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5938] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5936] <... ioctl resumed>) = 0 [pid 5940] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5940] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5938] <... openat resumed>) = 7 [pid 5940] <... open resumed>) = 5 [pid 5941] <... write resumed>) = 1048576 [pid 5940] openat(AT_FDCWD, NULL, O_RDWR [pid 5938] ioctl(7, LOOP_SET_FD, 6 [pid 5940] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5941] munmap(0x7f3634699000, 1048576 [pid 5940] ftruncate(-1, 2 [pid 5938] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5936] ioctl(7, LOOP_SET_FD, 6 [pid 5941] <... munmap resumed>) = 0 [pid 5940] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5938] ioctl(7, LOOP_CLR_FD [pid 5936] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5941] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5940] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5941] <... openat resumed>) = 4 [pid 5940] <... mmap resumed>) = 0x20000000 [pid 5938] <... ioctl resumed>) = 0 [pid 5936] close(7 [pid 5941] ioctl(4, LOOP_SET_FD, 3 [pid 5940] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5939] <... write resumed>) = 2097152 [pid 5937] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5936] <... close resumed>) = 0 [pid 5941] <... ioctl resumed>) = 0 [pid 5940] memfd_create("syzkaller", 0 [pid 5939] munmap(0x7f362c399000, 2097152 [pid 5936] close(6 [pid 5941] close(3 [pid 5940] <... memfd_create resumed>) = 6 [pid 5939] <... munmap resumed>) = 0 [pid 5938] ioctl(7, LOOP_SET_FD, 6 [pid 5937] <... write resumed>) = 2097152 [pid 5941] <... close resumed>) = 0 [pid 5940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5937] munmap(0x7f362c399000, 2097152 [pid 5941] mkdir("\x2e\x02", 0777 [pid 5940] <... mmap resumed>) = 0x7f362c399000 [pid 5939] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5938] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5936] <... close resumed>) = 0 [pid 5941] <... mkdir resumed>) = 0 [pid 5939] <... openat resumed>) = 7 [pid 5938] close(7 [pid 5937] <... munmap resumed>) = 0 [pid 5936] exit_group(0 [pid 5939] ioctl(7, LOOP_SET_FD, 6 [pid 5938] <... close resumed>) = 0 [pid 5936] <... exit_group resumed>) = ? [pid 5939] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [ 174.489311][ T5941] loop5: detected capacity change from 0 to 2048 [pid 5938] close(6 [pid 5936] +++ exited with 0 +++ [pid 5941] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5939] ioctl(7, LOOP_CLR_FD [pid 5938] <... close resumed>) = 0 [pid 5937] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5939] <... ioctl resumed>) = 0 [pid 5937] <... openat resumed>) = 6 [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5936, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5937] ioctl(6, LOOP_SET_FD, 5 [pid 5015] restart_syscall(<... resuming interrupted clone ...> [pid 5937] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5015] <... restart_syscall resumed>) = 0 [pid 5937] ioctl(6, LOOP_CLR_FD [pid 5939] ioctl(7, LOOP_SET_FD, 6 [pid 5937] <... ioctl resumed>) = 0 [pid 5939] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5015] umount2("./150", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5939] close(7 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5939] <... close resumed>) = 0 [pid 5938] exit_group(0 [pid 5015] openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5939] close(6 [pid 5938] <... exit_group resumed>) = ? [pid 5937] ioctl(6, LOOP_SET_FD, 5 [pid 5015] <... openat resumed>) = 3 [pid 5939] <... close resumed>) = 0 [pid 5938] +++ exited with 0 +++ [pid 5015] newfstatat(3, "", [pid 5937] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5937] close(6 [pid 5015] getdents64(3, [pid 5937] <... close resumed>) = 0 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5938, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] umount2("./150/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5937] close(5 [pid 5018] umount2("./152", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(AT_FDCWD, "./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] unlink("./150/binderfs") = 0 [pid 5015] umount2("\x2e\x2f\x31\x35\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5939] exit_group(0) = ? [pid 5939] +++ exited with 0 +++ [pid 5937] <... close resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5939, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 5018] openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] restart_syscall(<... resuming interrupted clone ...> [pid 5018] <... openat resumed>) = 3 [pid 5017] <... restart_syscall resumed>) = 0 [pid 5018] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5018] umount2("./152/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] umount2("./149", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(AT_FDCWD, "./152/binderfs", [pid 5017] openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] unlink("./152/binderfs" [pid 5017] <... openat resumed>) = 3 [pid 5018] <... unlink resumed>) = 0 [pid 5017] newfstatat(3, "", [pid 5018] umount2("\x2e\x2f\x31\x35\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] umount2("./149/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] <... umount2 resumed>) = 0 [pid 5937] exit_group(0 [pid 5017] newfstatat(AT_FDCWD, "./149/binderfs", [pid 5015] umount2("\x2e\x2f\x31\x35\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5940] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5937] <... exit_group resumed>) = ? [pid 5018] <... umount2 resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] unlink("./149/binderfs" [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x30\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] <... unlink resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x35\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] umount2("\x2e\x2f\x31\x34\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 174.574132][ T5941] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 174.605249][ T5941] UDF-fs: Scanning with blocksize 512 failed [pid 5937] +++ exited with 0 +++ [pid 5018] umount2("\x2e\x2f\x31\x35\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... umount2 resumed>) = 0 [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... openat resumed>) = 4 [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5937, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x32\x2f\x2e\x02", [pid 5015] newfstatat(4, "", [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] umount2("\x2e\x2f\x31\x35\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] getdents64(4, [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] getdents64(4, [pid 5018] <... openat resumed>) = 4 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] newfstatat(4, "", [pid 5015] close(4 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... close resumed>) = 0 [pid 5018] getdents64(4, [pid 5015] rmdir("\x2e\x2f\x31\x35\x30\x2f\x2e\x02" [pid 5014] umount2("./148", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] <... rmdir resumed>) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] getdents64(4, [pid 5015] getdents64(3, [pid 5014] openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] <... openat resumed>) = 3 [pid 5018] close(4 [pid 5015] close(3 [pid 5014] newfstatat(3, "", [pid 5018] <... close resumed>) = 0 [pid 5015] <... close resumed>) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] rmdir("\x2e\x2f\x31\x35\x32\x2f\x2e\x02" [pid 5015] rmdir("./150" [pid 5014] getdents64(3, [pid 5018] <... rmdir resumed>) = 0 [pid 5015] <... rmdir resumed>) = 0 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 5 entries */, 32768) = 128 [pid 5018] getdents64(3, [pid 5015] mkdir("./151", 0777 [pid 5014] umount2("./148/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5017] umount2("\x2e\x2f\x31\x34\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... mkdir resumed>) = 0 [pid 5014] <... umount2 resumed>) = 0 [pid 5018] close(3 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5014] umount2("./148/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... close resumed>) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... openat resumed>) = 3 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] rmdir("./152" [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5014] newfstatat(AT_FDCWD, "./148/bus", [pid 5018] <... rmdir resumed>) = 0 [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x39\x2f\x2e\x02", [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] mkdir("./153", 0777 [pid 5015] close(3 [pid 5014] unlink("./148/bus" [pid 5018] <... mkdir resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... close resumed>) = 0 [pid 5014] <... unlink resumed>) = 0 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5017] umount2("\x2e\x2f\x31\x34\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5014] umount2("./148/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... openat resumed>) = 3 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5942 [pid 5014] newfstatat(AT_FDCWD, "./148/binderfs", [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] close(3 [pid 5017] <... openat resumed>) = 4 [pid 5014] unlink("./148/binderfs" [pid 5018] <... close resumed>) = 0 [pid 5017] newfstatat(4, "", [pid 5014] <... unlink resumed>) = 0 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] umount2("\x2e\x2f\x31\x34\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] getdents64(4, [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5942 attached [pid 5941] <... mount resumed>) = 0 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5943 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5014] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x38\x2f\x2e\x02", [pid 5942] set_robust_list(0x555557506760, 24 [pid 5941] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5017] getdents64(4, [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5942] <... set_robust_list resumed>) = 0 [pid 5941] <... openat resumed>) = 3 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5014] umount2("\x2e\x2f\x31\x34\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5943 attached [pid 5942] chdir("./151" [pid 5941] chdir("\x2e\x02" [pid 5017] close(4 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5943] set_robust_list(0x555557506760, 24 [pid 5942] <... chdir resumed>) = 0 [pid 5941] <... chdir resumed>) = 0 [pid 5017] <... close resumed>) = 0 [pid 5014] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5943] <... set_robust_list resumed>) = 0 [pid 5942] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5941] ioctl(4, LOOP_CLR_FD [pid 5017] rmdir("\x2e\x2f\x31\x34\x39\x2f\x2e\x02" [pid 5014] <... openat resumed>) = 4 [pid 5943] chdir("./153" [pid 5942] <... prctl resumed>) = 0 [pid 5941] <... ioctl resumed>) = 0 [pid 5014] newfstatat(4, "", [pid 5943] <... chdir resumed>) = 0 [pid 5942] setpgid(0, 0 [pid 5941] close(4 [pid 5017] <... rmdir resumed>) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5943] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5942] <... setpgid resumed>) = 0 [pid 5941] <... close resumed>) = 0 [pid 5017] getdents64(3, [pid 5014] getdents64(4, [pid 5943] <... prctl resumed>) = 0 [pid 5942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5941] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5943] setpgid(0, 0 [pid 5942] <... openat resumed>) = 3 [pid 5941] <... open resumed>) = 4 [pid 5017] close(3 [pid 5014] getdents64(4, [pid 5943] <... setpgid resumed>) = 0 [pid 5942] write(3, "1000", 4 [pid 5941] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5940] <... write resumed>) = 2097152 [pid 5017] <... close resumed>) = 0 [pid 5014] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5942] <... write resumed>) = 4 [pid 5941] <... mount resumed>) = 0 [pid 5940] munmap(0x7f362c399000, 2097152 [pid 5017] rmdir("./149" [pid 5014] close(4 [pid 5943] <... openat resumed>) = 3 [pid 5942] close(3 [pid 5941] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5940] <... munmap resumed>) = 0 [pid 5014] <... close resumed>) = 0 [pid 5943] write(3, "1000", 4 [pid 5942] <... close resumed>) = 0 [pid 5941] <... open resumed>) = 5 [pid 5017] <... rmdir resumed>) = 0 [pid 5014] rmdir("\x2e\x2f\x31\x34\x38\x2f\x2e\x02" [pid 5943] <... write resumed>) = 4 [pid 5942] symlink("/dev/binderfs", "./binderfs" [pid 5941] openat(AT_FDCWD, NULL, O_RDWR [pid 5017] mkdir("./150", 0777 [pid 5014] <... rmdir resumed>) = 0 [pid 5943] close(3 [pid 5942] <... symlink resumed>) = 0 [pid 5941] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5014] getdents64(3, [pid 5943] <... close resumed>) = 0 [pid 5942] memfd_create("syzkaller", 0 [pid 5941] ftruncate(-1, 2 [pid 5017] <... mkdir resumed>) = 0 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5943] symlink("/dev/binderfs", "./binderfs" [pid 5942] <... memfd_create resumed>) = 3 [pid 5941] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5940] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5014] close(3 [pid 5943] <... symlink resumed>) = 0 [pid 5942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5941] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5940] <... openat resumed>) = 7 [pid 5014] <... close resumed>) = 0 [pid 5017] <... openat resumed>) = 3 [pid 5943] memfd_create("syzkaller", 0 [pid 5942] <... mmap resumed>) = 0x7f3634699000 [ 174.675673][ T5941] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5941] <... mmap resumed>) = 0x20000000 [pid 5940] ioctl(7, LOOP_SET_FD, 6 [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5014] rmdir("./148" [pid 5943] <... memfd_create resumed>) = 3 [pid 5942] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5941] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5940] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5014] <... rmdir resumed>) = 0 [pid 5943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5942] <... write resumed>) = 1048576 [pid 5941] <... open resumed>) = -1 EFAULT (Bad address) [pid 5940] ioctl(7, LOOP_CLR_FD [pid 5014] mkdir("./149", 0777 [pid 5017] close(3 [pid 5943] <... mmap resumed>) = 0x7f3634699000 [pid 5941] memfd_create("syzkaller", 0 [pid 5940] <... ioctl resumed>) = 0 [pid 5014] <... mkdir resumed>) = 0 [pid 5943] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5941] <... memfd_create resumed>) = 6 [pid 5017] <... close resumed>) = 0 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5014] <... openat resumed>) = 3 [pid 5941] <... mmap resumed>) = 0x7f362c399000 [pid 5014] ioctl(3, LOOP_CLR_FD [pid 5940] ioctl(7, LOOP_SET_FD, 6 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5014] <... ioctl resumed>) = 0 [pid 5940] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5014] close(3 [pid 5943] <... write resumed>) = 1048576 [pid 5940] close(7 [pid 5014] <... close resumed>) = 0 [pid 5940] <... close resumed>) = 0 [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5944 [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5944 attached [pid 5940] close(6./strace-static-x86_64: Process 5945 attached [pid 5944] set_robust_list(0x555557506760, 24 [pid 5940] <... close resumed>) = 0 [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 5945 [pid 5945] set_robust_list(0x555557506760, 24 [pid 5944] <... set_robust_list resumed>) = 0 [pid 5944] chdir("./150" [pid 5945] <... set_robust_list resumed>) = 0 [pid 5945] chdir("./149" [pid 5944] <... chdir resumed>) = 0 [pid 5944] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5945] <... chdir resumed>) = 0 [pid 5944] <... prctl resumed>) = 0 [pid 5945] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5944] setpgid(0, 0 [pid 5945] <... prctl resumed>) = 0 [pid 5944] <... setpgid resumed>) = 0 [pid 5942] munmap(0x7f3634699000, 1048576 [pid 5945] setpgid(0, 0 [pid 5944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5945] <... setpgid resumed>) = 0 [pid 5944] <... openat resumed>) = 3 [pid 5942] <... munmap resumed>) = 0 [pid 5940] exit_group(0 [pid 5942] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5940] <... exit_group resumed>) = ? [pid 5945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5944] write(3, "1000", 4 [pid 5942] <... openat resumed>) = 4 [pid 5940] +++ exited with 0 +++ [pid 5945] <... openat resumed>) = 3 [pid 5944] <... write resumed>) = 4 [pid 5943] munmap(0x7f3634699000, 1048576 [pid 5942] ioctl(4, LOOP_SET_FD, 3 [pid 5945] write(3, "1000", 4 [pid 5944] close(3 [pid 5943] <... munmap resumed>) = 0 [pid 5945] <... write resumed>) = 4 [pid 5944] <... close resumed>) = 0 [pid 5943] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5940, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5945] close(3 [pid 5944] symlink("/dev/binderfs", "./binderfs" [pid 5943] <... openat resumed>) = 4 [pid 5943] ioctl(4, LOOP_SET_FD, 3 [pid 5016] umount2("./149", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5945] <... close resumed>) = 0 [pid 5945] symlink("/dev/binderfs", "./binderfs" [pid 5944] <... symlink resumed>) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5945] <... symlink resumed>) = 0 [pid 5016] openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5944] memfd_create("syzkaller", 0 [pid 5016] <... openat resumed>) = 3 [pid 5944] <... memfd_create resumed>) = 3 [pid 5016] newfstatat(3, "", [pid 5945] memfd_create("syzkaller", 0 [pid 5944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5944] <... mmap resumed>) = 0x7f3634699000 [pid 5016] getdents64(3, [pid 5945] <... memfd_create resumed>) = 3 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5942] <... ioctl resumed>) = 0 [pid 5941] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5942] close(3) = 0 [pid 5942] mkdir("\x2e\x02", 0777) = 0 [pid 5942] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5016] umount2("./149/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5945] <... mmap resumed>) = 0x7f3634699000 [pid 5943] <... ioctl resumed>) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5943] close(3) = 0 [pid 5943] mkdir("\x2e\x02", 0777) = 0 [pid 5943] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [ 174.812422][ T5942] loop1: detected capacity change from 0 to 2048 [ 174.823671][ T5943] loop4: detected capacity change from 0 to 2048 [pid 5945] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5016] newfstatat(AT_FDCWD, "./149/binderfs", [pid 5944] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] unlink("./149/binderfs") = 0 [pid 5016] umount2("\x2e\x2f\x31\x34\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 174.860180][ T5942] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 174.880244][ T5943] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [pid 5016] umount2("\x2e\x2f\x31\x34\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5945] <... write resumed>) = 1048576 [pid 5944] <... write resumed>) = 1048576 [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x39\x2f\x2e\x02", [pid 5945] munmap(0x7f3634699000, 1048576 [pid 5944] munmap(0x7f3634699000, 1048576 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5945] <... munmap resumed>) = 0 [pid 5944] <... munmap resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x34\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5944] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5944] <... openat resumed>) = 4 [pid 5945] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5945] <... openat resumed>) = 4 [pid 5944] ioctl(4, LOOP_SET_FD, 3 [pid 5016] <... openat resumed>) = 4 [pid 5941] <... write resumed>) = 2097152 [pid 5945] ioctl(4, LOOP_SET_FD, 3 [pid 5944] <... ioctl resumed>) = 0 [pid 5016] newfstatat(4, "", [pid 5945] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5941] munmap(0x7f362c399000, 2097152 [pid 5945] ioctl(4, LOOP_CLR_FD [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5945] <... ioctl resumed>) = 0 [pid 5944] close(3 [pid 5941] <... munmap resumed>) = 0 [pid 5016] getdents64(4, [pid 5944] <... close resumed>) = 0 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5944] mkdir("\x2e\x02", 0777 [pid 5016] getdents64(4, [pid 5945] ioctl(4, LOOP_SET_FD, 3 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5945] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5944] <... mkdir resumed>) = 0 [pid 5945] close(4 [pid 5944] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5941] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5016] close(4 [pid 5945] <... close resumed>) = 0 [pid 5941] <... openat resumed>) = 7 [pid 5941] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5941] ioctl(7, LOOP_CLR_FD) = 0 [pid 5941] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5941] close(7 [pid 5945] close(3 [pid 5941] <... close resumed>) = 0 [pid 5016] <... close resumed>) = 0 [pid 5941] close(6 [ 174.921409][ T5942] UDF-fs: Scanning with blocksize 512 failed [ 174.936457][ T5943] UDF-fs: Scanning with blocksize 512 failed [ 174.945858][ T5944] loop3: detected capacity change from 0 to 2048 [pid 5945] <... close resumed>) = 0 [pid 5016] rmdir("\x2e\x2f\x31\x34\x39\x2f\x2e\x02") = 0 [pid 5945] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5016] getdents64(3, [pid 5945] <... open resumed>) = 3 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5945] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5016] close(3 [pid 5945] <... mount resumed>) = 0 [pid 5941] <... close resumed>) = 0 [pid 5016] <... close resumed>) = 0 [pid 5945] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5941] exit_group(0 [pid 5016] rmdir("./149" [pid 5945] <... open resumed>) = 4 [pid 5945] openat(AT_FDCWD, NULL, O_RDWR [pid 5016] <... rmdir resumed>) = 0 [pid 5941] <... exit_group resumed>) = ? [pid 5945] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5016] mkdir("./150", 0777 [pid 5945] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5941] +++ exited with 0 +++ [pid 5016] <... mkdir resumed>) = 0 [pid 5945] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5941, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=9 /* 0.09 s */} --- [pid 5019] umount2("./154", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5945] <... mmap resumed>) = 0x20000000 [pid 5019] <... openat resumed>) = 3 [pid 5945] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] newfstatat(3, "", [pid 5016] <... openat resumed>) = 3 [pid 5945] <... open resumed>) = -1 EFAULT (Bad address) [pid 5943] <... mount resumed>) = 0 [pid 5942] <... mount resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5943] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5019] getdents64(3, [pid 5943] <... openat resumed>) = 3 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5945] memfd_create("syzkaller", 0 [pid 5943] chdir("\x2e\x02" [pid 5019] umount2("./154/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5943] <... chdir resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5943] ioctl(4, LOOP_CLR_FD [pid 5945] <... memfd_create resumed>) = 5 [pid 5942] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5019] newfstatat(AT_FDCWD, "./154/binderfs", [pid 5016] close(3 [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5943] <... ioctl resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... close resumed>) = 0 [pid 5945] <... mmap resumed>) = 0x7f362c399000 [pid 5943] close(4 [pid 5019] unlink("./154/binderfs" [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5943] <... close resumed>) = 0 [pid 5019] <... unlink resumed>) = 0 [pid 5943] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] umount2("\x2e\x2f\x31\x35\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5943] <... open resumed>) = 4 [pid 5019] <... umount2 resumed>) = 0 [pid 5943] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5946 [pid 5943] <... mount resumed>) = 0 [pid 5942] <... openat resumed>) = 3 [pid 5943] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5942] chdir("\x2e\x02" [pid 5019] umount2("\x2e\x2f\x31\x35\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5946 attached [pid 5943] <... open resumed>) = 5 [pid 5942] <... chdir resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5946] set_robust_list(0x555557506760, 24 [pid 5943] openat(AT_FDCWD, NULL, O_RDWR [pid 5942] ioctl(4, LOOP_CLR_FD [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x34\x2f\x2e\x02", [pid 5946] <... set_robust_list resumed>) = 0 [pid 5943] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5942] <... ioctl resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5946] chdir("./150" [pid 5943] ftruncate(-1, 2 [ 174.982276][ T5942] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 174.993679][ T5943] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 174.994641][ T5944] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [pid 5942] close(4 [pid 5019] umount2("\x2e\x2f\x31\x35\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5946] <... chdir resumed>) = 0 [pid 5943] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5942] <... close resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5946] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5943] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5946] <... prctl resumed>) = 0 [pid 5943] <... mmap resumed>) = 0x20000000 [pid 5942] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] <... openat resumed>) = 4 [pid 5946] setpgid(0, 0 [pid 5943] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] newfstatat(4, "", [pid 5946] <... setpgid resumed>) = 0 [pid 5943] <... open resumed>) = -1 EFAULT (Bad address) [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5946] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5943] memfd_create("syzkaller", 0 [pid 5942] <... open resumed>) = 4 [pid 5019] getdents64(4, [pid 5946] <... openat resumed>) = 3 [pid 5943] <... memfd_create resumed>) = 6 [pid 5942] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5946] write(3, "1000", 4 [pid 5943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5942] <... mount resumed>) = 0 [pid 5019] getdents64(4, [pid 5946] <... write resumed>) = 4 [pid 5943] <... mmap resumed>) = 0x7f362c399000 [pid 5942] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5946] close(3 [pid 5945] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5019] close(4 [pid 5946] <... close resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5946] symlink("/dev/binderfs", "./binderfs" [pid 5942] <... open resumed>) = 5 [pid 5019] rmdir("\x2e\x2f\x31\x35\x34\x2f\x2e\x02" [pid 5946] <... symlink resumed>) = 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5946] memfd_create("syzkaller", 0 [pid 5019] getdents64(3, [pid 5946] <... memfd_create resumed>) = 3 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] close(3 [pid 5946] <... mmap resumed>) = 0x7f3634699000 [pid 5019] <... close resumed>) = 0 [pid 5942] openat(AT_FDCWD, NULL, O_RDWR [pid 5019] rmdir("./154" [pid 5942] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5019] <... rmdir resumed>) = 0 [pid 5019] mkdir("./155", 0777 [pid 5946] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5942] ftruncate(-1, 2 [pid 5019] <... mkdir resumed>) = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5942] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] <... openat resumed>) = 3 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5942] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5942] <... mmap resumed>) = 0x20000000 [pid 5019] close(3 [pid 5942] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] <... close resumed>) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5942] <... open resumed>) = -1 EFAULT (Bad address) [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5947 [ 175.059684][ T5944] UDF-fs: Scanning with blocksize 512 failed [pid 5942] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5947 attached [pid 5945] <... write resumed>) = 2097152 [pid 5942] <... memfd_create resumed>) = 6 [pid 5947] set_robust_list(0x555557506760, 24 [pid 5945] munmap(0x7f362c399000, 2097152 [pid 5942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5947] <... set_robust_list resumed>) = 0 [pid 5947] chdir("./155") = 0 [pid 5947] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5947] setpgid(0, 0) = 0 [pid 5947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5945] <... munmap resumed>) = 0 [pid 5947] <... openat resumed>) = 3 [pid 5947] write(3, "1000", 4 [pid 5946] <... write resumed>) = 1048576 [pid 5945] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5947] <... write resumed>) = 4 [pid 5947] close(3 [pid 5946] munmap(0x7f3634699000, 1048576 [pid 5947] <... close resumed>) = 0 [pid 5947] symlink("/dev/binderfs", "./binderfs" [pid 5945] <... openat resumed>) = 6 [pid 5947] <... symlink resumed>) = 0 [pid 5947] memfd_create("syzkaller", 0 [pid 5946] <... munmap resumed>) = 0 [pid 5945] ioctl(6, LOOP_SET_FD, 5 [pid 5947] <... memfd_create resumed>) = 3 [pid 5947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5946] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5945] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5946] <... openat resumed>) = 4 [pid 5946] ioctl(4, LOOP_SET_FD, 3 [pid 5943] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5947] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5945] ioctl(6, LOOP_CLR_FD) = 0 [pid 5944] <... mount resumed>) = 0 [pid 5944] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5944] chdir("\x2e\x02") = 0 [pid 5944] ioctl(4, LOOP_CLR_FD) = 0 [pid 5944] close(4 [pid 5945] ioctl(6, LOOP_SET_FD, 5 [pid 5944] <... close resumed>) = 0 [pid 5945] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5944] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5945] close(6 [pid 5944] <... open resumed>) = 4 [pid 5944] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5945] <... close resumed>) = 0 [pid 5945] close(5 [pid 5944] <... mount resumed>) = 0 [pid 5944] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5944] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5944] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5944] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5944] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [ 175.116767][ T5944] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 175.154219][ T5946] loop2: detected capacity change from 0 to 2048 [pid 5946] <... ioctl resumed>) = 0 [pid 5944] memfd_create("syzkaller", 0 [pid 5946] close(3 [pid 5944] <... memfd_create resumed>) = 6 [pid 5946] <... close resumed>) = 0 [pid 5944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5946] mkdir("\x2e\x02", 0777 [pid 5944] <... mmap resumed>) = 0x7f362c399000 [pid 5946] <... mkdir resumed>) = 0 [pid 5945] <... close resumed>) = 0 [pid 5947] <... write resumed>) = 1048576 [pid 5946] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5945] exit_group(0 [pid 5942] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5947] munmap(0x7f3634699000, 1048576 [pid 5945] <... exit_group resumed>) = ? [pid 5945] +++ exited with 0 +++ [pid 5947] <... munmap resumed>) = 0 [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5945, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=4 /* 0.04 s */} --- [pid 5947] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5014] umount2("./149", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5947] <... openat resumed>) = 4 [pid 5014] openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5947] ioctl(4, LOOP_SET_FD, 3 [pid 5014] <... openat resumed>) = 3 [pid 5014] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] umount2("./149/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5014] umount2("./149/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5014] newfstatat(AT_FDCWD, "./149/bus", [pid 5943] <... write resumed>) = 2097152 [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] unlink("./149/bus" [pid 5947] <... ioctl resumed>) = 0 [pid 5014] <... unlink resumed>) = 0 [pid 5947] close(3 [pid 5014] umount2("./149/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5947] <... close resumed>) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5947] mkdir("\x2e\x02", 0777 [pid 5014] newfstatat(AT_FDCWD, "./149/binderfs", [pid 5947] <... mkdir resumed>) = 0 [pid 5942] <... write resumed>) = 2097152 [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5947] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5014] unlink("./149/binderfs") = 0 [pid 5014] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [ 175.231273][ T5946] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 175.243452][ T5947] loop5: detected capacity change from 0 to 2048 [pid 5014] close(3) = 0 [pid 5943] munmap(0x7f362c399000, 2097152 [pid 5014] rmdir("./149") = 0 [pid 5014] mkdir("./150", 0777) = 0 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5943] <... munmap resumed>) = 0 [pid 5942] munmap(0x7f362c399000, 2097152 [pid 5014] ioctl(3, LOOP_CLR_FD) = 0 [pid 5014] close(3) = 0 [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 5948 [pid 5943] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 7 [pid 5943] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5943] ioctl(7, LOOP_CLR_FD) = 0 [pid 5942] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 5948 attached [pid 5944] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5942] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5943] ioctl(7, LOOP_SET_FD, 6 [pid 5942] <... openat resumed>) = 7 [pid 5943] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5943] close(7) = 0 [pid 5943] close(6) = 0 [pid 5942] ioctl(7, LOOP_SET_FD, 6 [pid 5948] set_robust_list(0x555557506760, 24) = 0 [pid 5942] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5942] ioctl(7, LOOP_CLR_FD [pid 5948] chdir("./150" [pid 5942] <... ioctl resumed>) = 0 [pid 5948] <... chdir resumed>) = 0 [ 175.283307][ T5946] UDF-fs: Scanning with blocksize 512 failed [ 175.285395][ T5947] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 175.298667][ T5947] UDF-fs: Scanning with blocksize 512 failed [pid 5948] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5942] ioctl(7, LOOP_SET_FD, 6 [pid 5948] <... prctl resumed>) = 0 [pid 5942] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5948] setpgid(0, 0 [pid 5947] <... mount resumed>) = 0 [pid 5942] close(7 [pid 5948] <... setpgid resumed>) = 0 [pid 5942] <... close resumed>) = 0 [pid 5943] exit_group(0) = ? [pid 5943] +++ exited with 0 +++ [pid 5942] close(6 [pid 5948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5943, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5018] umount2("./153", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5018] openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5018] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5018] umount2("./153/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(AT_FDCWD, "./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] unlink("./153/binderfs") = 0 [pid 5018] umount2("\x2e\x2f\x31\x35\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5948] <... openat resumed>) = 3 [pid 5942] <... close resumed>) = 0 [pid 5948] write(3, "1000", 4 [pid 5947] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5948] <... write resumed>) = 4 [pid 5947] <... openat resumed>) = 3 [pid 5948] close(3 [pid 5947] chdir("\x2e\x02" [pid 5948] <... close resumed>) = 0 [pid 5947] <... chdir resumed>) = 0 [pid 5948] symlink("/dev/binderfs", "./binderfs" [pid 5947] ioctl(4, LOOP_CLR_FD [pid 5948] <... symlink resumed>) = 0 [pid 5947] <... ioctl resumed>) = 0 [pid 5948] memfd_create("syzkaller", 0 [pid 5947] close(4 [pid 5946] <... mount resumed>) = 0 [pid 5948] <... memfd_create resumed>) = 3 [pid 5946] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5947] <... close resumed>) = 0 [pid 5946] chdir("\x2e\x02") = 0 [pid 5948] <... mmap resumed>) = 0x7f3634699000 [ 175.336041][ T5947] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 175.346349][ T5946] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5946] ioctl(4, LOOP_CLR_FD [pid 5948] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5947] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5946] <... ioctl resumed>) = 0 [pid 5942] exit_group(0 [pid 5018] <... umount2 resumed>) = 0 [pid 5946] close(4 [pid 5944] <... write resumed>) = 2097152 [pid 5018] umount2("\x2e\x2f\x31\x35\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5946] <... close resumed>) = 0 [pid 5946] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5946] <... open resumed>) = 4 [pid 5946] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5942] <... exit_group resumed>) = ? [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x33\x2f\x2e\x02", [pid 5947] <... open resumed>) = 4 [pid 5946] <... mount resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5946] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5018] umount2("\x2e\x2f\x31\x35\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5946] <... open resumed>) = 5 [pid 5944] munmap(0x7f362c399000, 2097152 [pid 5942] +++ exited with 0 +++ [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5947] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5946] openat(AT_FDCWD, NULL, O_RDWR [pid 5944] <... munmap resumed>) = 0 [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x33\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5942, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5946] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5018] <... openat resumed>) = 4 [pid 5015] restart_syscall(<... resuming interrupted clone ...> [pid 5947] <... mount resumed>) = 0 [pid 5946] ftruncate(-1, 2 [pid 5018] newfstatat(4, "", [pid 5015] <... restart_syscall resumed>) = 0 [pid 5947] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5946] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5947] <... open resumed>) = 5 [pid 5946] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5018] getdents64(4, [pid 5947] openat(AT_FDCWD, NULL, O_RDWR [pid 5946] <... mmap resumed>) = 0x20000000 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] umount2("./151", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5947] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5946] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5018] getdents64(4, [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5947] ftruncate(-1, 2 [pid 5946] <... open resumed>) = -1 EFAULT (Bad address) [pid 5944] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5947] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5946] memfd_create("syzkaller", 0 [pid 5944] <... openat resumed>) = 7 [pid 5018] close(4 [pid 5015] <... openat resumed>) = 3 [pid 5947] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5946] <... memfd_create resumed>) = 6 [pid 5944] ioctl(7, LOOP_SET_FD, 6 [pid 5018] <... close resumed>) = 0 [pid 5015] newfstatat(3, "", [pid 5946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5944] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5018] rmdir("\x2e\x2f\x31\x35\x33\x2f\x2e\x02" [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5948] <... write resumed>) = 1048576 [pid 5947] <... mmap resumed>) = 0x20000000 [pid 5946] <... mmap resumed>) = 0x7f362c399000 [pid 5944] ioctl(7, LOOP_CLR_FD [pid 5018] <... rmdir resumed>) = 0 [pid 5015] getdents64(3, [pid 5948] munmap(0x7f3634699000, 1048576 [pid 5947] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5944] <... ioctl resumed>) = 0 [pid 5018] getdents64(3, [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] umount2("./151/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] close(3 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... close resumed>) = 0 [pid 5015] newfstatat(AT_FDCWD, "./151/binderfs", [pid 5948] <... munmap resumed>) = 0 [pid 5018] rmdir("./153" [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5947] <... open resumed>) = -1 EFAULT (Bad address) [pid 5948] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5947] memfd_create("syzkaller", 0 [pid 5944] ioctl(7, LOOP_SET_FD, 6 [pid 5018] <... rmdir resumed>) = 0 [pid 5015] unlink("./151/binderfs" [pid 5948] <... openat resumed>) = 4 [pid 5947] <... memfd_create resumed>) = 6 [pid 5944] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5018] mkdir("./154", 0777 [pid 5015] <... unlink resumed>) = 0 [pid 5948] ioctl(4, LOOP_SET_FD, 3 [pid 5947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5944] close(7 [pid 5018] <... mkdir resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x35\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5948] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5947] <... mmap resumed>) = 0x7f362c399000 [pid 5944] <... close resumed>) = 0 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5948] ioctl(4, LOOP_CLR_FD [pid 5944] close(6 [pid 5018] <... openat resumed>) = 3 [pid 5948] <... ioctl resumed>) = 0 [pid 5944] <... close resumed>) = 0 [pid 5018] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5018] close(3) = 0 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5948] ioctl(4, LOOP_SET_FD, 3 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5949 [pid 5948] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5015] <... umount2 resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x35\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x31\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] umount2("\x2e\x2f\x31\x35\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x31\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5015] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5944] exit_group(0 [pid 5015] getdents64(4, [pid 5944] <... exit_group resumed>) = ? [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] close(4) = 0 [pid 5015] rmdir("\x2e\x2f\x31\x35\x31\x2f\x2e\x02") = 0 [pid 5944] +++ exited with 0 +++ [pid 5015] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] close(3) = 0 [pid 5015] rmdir("./151" [pid 5948] close(4 [pid 5015] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 5949 attached [pid 5948] <... close resumed>) = 0 [pid 5947] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5944, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- [pid 5015] mkdir("./152", 0777 [pid 5949] set_robust_list(0x555557506760, 24 [pid 5948] close(3 [pid 5017] umount2("./150", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... mkdir resumed>) = 0 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5015] ioctl(3, LOOP_CLR_FD) = 0 [pid 5015] close(3) = 0 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 5950 [pid 5948] <... close resumed>) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5949] <... set_robust_list resumed>) = 0 [pid 5949] chdir("./154" [pid 5948] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5017] openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5950 attached [pid 5949] <... chdir resumed>) = 0 [pid 5948] <... open resumed>) = 3 [pid 5946] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5950] set_robust_list(0x555557506760, 24) = 0 [pid 5949] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5017] <... openat resumed>) = 3 [pid 5950] chdir("./152" [pid 5949] <... prctl resumed>) = 0 [pid 5017] newfstatat(3, "", [pid 5950] <... chdir resumed>) = 0 [pid 5949] setpgid(0, 0 [pid 5948] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5950] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5949] <... setpgid resumed>) = 0 [pid 5948] <... mount resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5950] <... prctl resumed>) = 0 [pid 5949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5948] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5017] getdents64(3, [pid 5950] setpgid(0, 0 [pid 5949] <... openat resumed>) = 3 [pid 5948] <... open resumed>) = 4 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5950] <... setpgid resumed>) = 0 [pid 5949] write(3, "1000", 4 [pid 5948] openat(AT_FDCWD, NULL, O_RDWR [pid 5017] umount2("./150/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5949] <... write resumed>) = 4 [pid 5948] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5950] <... openat resumed>) = 3 [pid 5950] write(3, "1000", 4 [pid 5949] close(3 [pid 5948] ftruncate(-1, 2 [pid 5017] newfstatat(AT_FDCWD, "./150/binderfs", [pid 5950] <... write resumed>) = 4 [pid 5949] <... close resumed>) = 0 [pid 5948] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5950] close(3) = 0 [pid 5949] symlink("/dev/binderfs", "./binderfs" [pid 5948] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 5017] unlink("./150/binderfs" [pid 5950] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5948] <... mmap resumed>) = 0x20000000 [pid 5950] memfd_create("syzkaller", 0 [pid 5949] <... symlink resumed>) = 0 [pid 5948] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5017] <... unlink resumed>) = 0 [pid 5950] <... memfd_create resumed>) = 3 [pid 5017] umount2("\x2e\x2f\x31\x35\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5949] memfd_create("syzkaller", 0 [pid 5950] <... mmap resumed>) = 0x7f3634699000 [pid 5948] <... open resumed>) = -1 EFAULT (Bad address) [pid 5950] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5949] <... memfd_create resumed>) = 3 [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5948] memfd_create("syzkaller", 0 [pid 5949] <... mmap resumed>) = 0x7f3634699000 [pid 5948] <... memfd_create resumed>) = 5 [pid 5949] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5017] <... umount2 resumed>) = 0 [pid 5017] umount2("\x2e\x2f\x31\x35\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x30\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] umount2("\x2e\x2f\x31\x35\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5017] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5017] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5946] <... write resumed>) = 2097152 [pid 5017] close(4 [pid 5950] <... write resumed>) = 1048576 [pid 5017] <... close resumed>) = 0 [pid 5950] munmap(0x7f3634699000, 1048576 [pid 5947] <... write resumed>) = 2097152 [pid 5946] munmap(0x7f362c399000, 2097152 [pid 5017] rmdir("\x2e\x2f\x31\x35\x30\x2f\x2e\x02") = 0 [pid 5950] <... munmap resumed>) = 0 [pid 5950] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5017] getdents64(3, [pid 5950] <... openat resumed>) = 4 [pid 5950] ioctl(4, LOOP_SET_FD, 3 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5949] <... write resumed>) = 1048576 [pid 5017] close(3 [pid 5948] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5949] munmap(0x7f3634699000, 1048576 [pid 5947] munmap(0x7f362c399000, 2097152 [pid 5946] <... munmap resumed>) = 0 [pid 5017] <... close resumed>) = 0 [pid 5949] <... munmap resumed>) = 0 [pid 5947] <... munmap resumed>) = 0 [pid 5017] rmdir("./150" [pid 5946] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 7 [pid 5946] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5946] ioctl(7, LOOP_CLR_FD) = 0 [pid 5947] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 7 [pid 5946] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5946] close(7) = 0 [pid 5946] close(6 [pid 5947] ioctl(7, LOOP_SET_FD, 6 [pid 5949] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5947] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5947] ioctl(7, LOOP_CLR_FD) = 0 [pid 5017] <... rmdir resumed>) = 0 [pid 5949] <... openat resumed>) = 4 [pid 5949] ioctl(4, LOOP_SET_FD, 3 [pid 5017] mkdir("./151", 0777 [pid 5947] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5947] close(7) = 0 [pid 5947] close(6 [pid 5017] <... mkdir resumed>) = 0 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5950] <... ioctl resumed>) = 0 [pid 5950] close(3) = 0 [pid 5017] <... openat resumed>) = 3 [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5950] mkdir("\x2e\x02", 0777) = 0 [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5950] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5017] close(3) = 0 [ 175.636964][ T5950] loop1: detected capacity change from 0 to 2048 [ 175.667071][ T5949] loop4: detected capacity change from 0 to 2048 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 5951 [pid 5949] <... ioctl resumed>) = 0 [pid 5949] close(3) = 0 ./strace-static-x86_64: Process 5951 attached [pid 5949] mkdir("\x2e\x02", 0777 [pid 5951] set_robust_list(0x555557506760, 24 [pid 5949] <... mkdir resumed>) = 0 [pid 5946] <... close resumed>) = 0 [pid 5951] <... set_robust_list resumed>) = 0 [pid 5949] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5946] exit_group(0 [pid 5951] chdir("./151" [pid 5946] <... exit_group resumed>) = ? [pid 5951] <... chdir resumed>) = 0 [pid 5947] <... close resumed>) = 0 [pid 5951] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5946] +++ exited with 0 +++ [pid 5951] <... prctl resumed>) = 0 [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5946, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=13 /* 0.13 s */} --- [pid 5951] setpgid(0, 0 [pid 5947] exit_group(0 [pid 5951] <... setpgid resumed>) = 0 [pid 5947] <... exit_group resumed>) = ? [pid 5951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5947] +++ exited with 0 +++ [pid 5951] <... openat resumed>) = 3 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5947, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 5016] umount2("./150", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5951] write(3, "1000", 4 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5951] <... write resumed>) = 4 [pid 5016] openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5951] close(3 [pid 5019] umount2("./155", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... openat resumed>) = 3 [pid 5951] <... close resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(3, "", [pid 5951] symlink("/dev/binderfs", "./binderfs" [pid 5019] openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5951] <... symlink resumed>) = 0 [pid 5019] <... openat resumed>) = 3 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5951] memfd_create("syzkaller", 0 [pid 5019] newfstatat(3, "", [pid 5016] getdents64(3, [pid 5951] <... memfd_create resumed>) = 3 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] getdents64(3, [pid 5016] umount2("./150/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5951] <... mmap resumed>) = 0x7f3634699000 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5951] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5948] <... write resumed>) = 2097152 [pid 5019] umount2("./155/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(AT_FDCWD, "./150/binderfs", [pid 5019] newfstatat(AT_FDCWD, "./155/binderfs", [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] unlink("./150/binderfs" [pid 5019] unlink("./155/binderfs") = 0 [pid 5019] umount2("\x2e\x2f\x31\x35\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5948] munmap(0x7f362c399000, 2097152 [pid 5019] <... umount2 resumed>) = 0 [pid 5016] <... unlink resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x35\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] umount2("\x2e\x2f\x31\x35\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x35\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] umount2("\x2e\x2f\x31\x35\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5948] <... munmap resumed>) = 0 [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x35\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5019] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5019] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5019] close(4) = 0 [pid 5019] rmdir("\x2e\x2f\x31\x35\x35\x2f\x2e\x02") = 0 [ 175.685306][ T5950] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 175.721120][ T5949] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 175.729473][ T5950] UDF-fs: Scanning with blocksize 512 failed [pid 5951] <... write resumed>) = 1048576 [pid 5948] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5019] getdents64(3, [pid 5016] <... umount2 resumed>) = 0 [pid 5948] <... openat resumed>) = 6 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5019] close(3 [pid 5948] ioctl(6, LOOP_SET_FD, 5 [pid 5016] umount2("\x2e\x2f\x31\x35\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... close resumed>) = 0 [pid 5948] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] rmdir("./155" [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5948] ioctl(6, LOOP_CLR_FD [pid 5019] <... rmdir resumed>) = 0 [pid 5948] <... ioctl resumed>) = 0 [pid 5019] mkdir("./156", 0777 [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x30\x2f\x2e\x02", [pid 5019] <... mkdir resumed>) = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5019] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5019] close(3) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5952 [pid 5016] umount2("\x2e\x2f\x31\x35\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5948] ioctl(6, LOOP_SET_FD, 5 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5951] munmap(0x7f3634699000, 1048576 [pid 5948] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5951] <... munmap resumed>) = 0 [pid 5948] close(6 [pid 5016] <... openat resumed>) = 4 ./strace-static-x86_64: Process 5952 attached [pid 5951] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5948] <... close resumed>) = 0 [pid 5952] set_robust_list(0x555557506760, 24 [pid 5951] <... openat resumed>) = 4 [pid 5948] close(5 [pid 5016] newfstatat(4, "", [pid 5952] <... set_robust_list resumed>) = 0 [pid 5951] ioctl(4, LOOP_SET_FD, 3 [pid 5952] chdir("./156" [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5952] <... chdir resumed>) = 0 [pid 5016] getdents64(4, [pid 5952] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5952] <... prctl resumed>) = 0 [pid 5016] getdents64(4, [pid 5952] setpgid(0, 0 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5952] <... setpgid resumed>) = 0 [pid 5952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5016] close(4 [pid 5952] <... openat resumed>) = 3 [pid 5016] <... close resumed>) = 0 [pid 5952] write(3, "1000", 4 [pid 5016] rmdir("\x2e\x2f\x31\x35\x30\x2f\x2e\x02" [pid 5952] <... write resumed>) = 4 [pid 5952] close(3 [pid 5016] <... rmdir resumed>) = 0 [pid 5952] <... close resumed>) = 0 [pid 5016] getdents64(3, [pid 5952] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5948] <... close resumed>) = 0 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [ 175.774215][ T5949] UDF-fs: Scanning with blocksize 512 failed [ 175.791602][ T5950] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 175.792740][ T5951] loop3: detected capacity change from 0 to 2048 [pid 5952] memfd_create("syzkaller", 0 [pid 5948] exit_group(0 [pid 5016] close(3 [pid 5952] <... memfd_create resumed>) = 3 [pid 5952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5948] <... exit_group resumed>) = ? [pid 5016] <... close resumed>) = 0 [pid 5952] <... mmap resumed>) = 0x7f3634699000 [pid 5952] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5016] rmdir("./150") = 0 [pid 5016] mkdir("./151", 0777) = 0 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5950] <... mount resumed>) = 0 [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5016] close(3 [pid 5950] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5016] <... close resumed>) = 0 [pid 5950] <... openat resumed>) = 3 [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5950] chdir("\x2e\x02") = 0 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5953 [pid 5950] ioctl(4, LOOP_CLR_FD [pid 5952] <... write resumed>) = 1048576 [pid 5950] <... ioctl resumed>) = 0 [pid 5950] close(4) = 0 [ 175.826917][ T5949] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5950] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5949] <... mount resumed>) = 0 [pid 5951] <... ioctl resumed>) = 0 [pid 5951] close(3) = 0 [pid 5951] mkdir("\x2e\x02", 0777 [pid 5949] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5949] chdir("\x2e\x02") = 0 [pid 5951] <... mkdir resumed>) = 0 [pid 5949] ioctl(4, LOOP_CLR_FD [pid 5951] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5949] <... ioctl resumed>) = 0 [pid 5949] close(4) = 0 [pid 5949] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5952] munmap(0x7f3634699000, 1048576 [pid 5949] <... open resumed>) = 4 [pid 5949] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5949] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5952] <... munmap resumed>) = 0 [pid 5949] <... open resumed>) = 5 [pid 5952] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5949] openat(AT_FDCWD, NULL, O_RDWR./strace-static-x86_64: Process 5953 attached [pid 5952] <... openat resumed>) = 4 [pid 5950] <... open resumed>) = 4 [pid 5949] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5948] +++ exited with 0 +++ [pid 5952] ioctl(4, LOOP_SET_FD, 3 [pid 5949] ftruncate(-1, 2 [pid 5950] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5948, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5953] set_robust_list(0x555557506760, 24 [pid 5950] <... mount resumed>) = 0 [pid 5949] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5953] <... set_robust_list resumed>) = 0 [pid 5950] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5949] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5953] chdir("./151" [pid 5950] <... open resumed>) = 5 [pid 5949] <... mmap resumed>) = 0x20000000 [pid 5949] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5953] <... chdir resumed>) = 0 [pid 5950] openat(AT_FDCWD, NULL, O_RDWR [pid 5949] <... open resumed>) = -1 EFAULT (Bad address) [pid 5953] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5950] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5949] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5014] umount2("./150", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5953] <... prctl resumed>) = 0 [pid 5950] ftruncate(-1, 2 [pid 5949] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5953] setpgid(0, 0 [pid 5952] <... ioctl resumed>) = 0 [pid 5950] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5949] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5014] openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5953] <... setpgid resumed>) = 0 [pid 5952] close(3 [pid 5950] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5949] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5014] <... openat resumed>) = 3 [pid 5953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5952] <... close resumed>) = 0 [pid 5949] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5014] newfstatat(3, "", [pid 5952] mkdir("\x2e\x02", 0777 [pid 5950] <... mmap resumed>) = 0x20000000 [pid 5953] <... openat resumed>) = 3 [pid 5949] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5953] write(3, "1000", 4 [pid 5952] <... mkdir resumed>) = 0 [pid 5950] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5949] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5014] getdents64(3, [pid 5953] <... write resumed>) = 4 [pid 5952] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5950] <... open resumed>) = -1 EFAULT (Bad address) [pid 5949] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5953] close(3 [pid 5950] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5949] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5014] umount2("./150/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5953] <... close resumed>) = 0 [pid 5950] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5949] memfd_create("syzkaller", 0 [pid 5014] <... umount2 resumed>) = 0 [pid 5953] symlink("/dev/binderfs", "./binderfs" [pid 5950] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5949] <... memfd_create resumed>) = 6 [pid 5014] umount2("./150/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5953] <... symlink resumed>) = 0 [pid 5950] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5949] <... mmap resumed>) = 0x7f362c399000 [pid 5014] newfstatat(AT_FDCWD, "./150/bus", [ 175.868163][ T27] kauditd_printk_skb: 29 callbacks suppressed [ 175.868177][ T27] audit: type=1800 audit(1692541379.528:917): pid=5950 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop1" ino=851 res=0 errno=0 [ 175.881864][ T5951] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 175.905569][ T5952] loop5: detected capacity change from 0 to 2048 [pid 5953] memfd_create("syzkaller", 0 [pid 5950] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5949] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5953] <... memfd_create resumed>) = 3 [pid 5950] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5949] exit_group(0 [pid 5014] unlink("./150/bus" [pid 5953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5950] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5949] <... exit_group resumed>) = ? [pid 5014] <... unlink resumed>) = 0 [pid 5953] <... mmap resumed>) = 0x7f3634699000 [pid 5950] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5949] +++ exited with 0 +++ [pid 5014] umount2("./150/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5949, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] newfstatat(AT_FDCWD, "./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] unlink("./150/binderfs") = 0 [pid 5014] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] umount2("./154", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] close(3 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... close resumed>) = 0 [pid 5950] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5018] openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] rmdir("./150" [pid 5950] memfd_create("syzkaller", 0 [pid 5018] <... openat resumed>) = 3 [pid 5014] <... rmdir resumed>) = 0 [pid 5950] <... memfd_create resumed>) = 6 [pid 5018] newfstatat(3, "", [pid 5014] mkdir("./151", 0777 [pid 5950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] <... mkdir resumed>) = 0 [pid 5950] <... mmap resumed>) = 0x7f362c399000 [pid 5018] getdents64(3, [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5950] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] <... openat resumed>) = 3 [pid 5950] exit_group(0 [pid 5018] umount2("./154/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] ioctl(3, LOOP_CLR_FD [pid 5950] <... exit_group resumed>) = ? [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5953] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5950] +++ exited with 0 +++ [pid 5018] newfstatat(AT_FDCWD, "./154/binderfs", [ 175.948430][ T5952] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 175.971271][ T5952] UDF-fs: Scanning with blocksize 512 failed [ 175.981529][ T5951] UDF-fs: Scanning with blocksize 512 failed [pid 5014] close(3 [pid 5953] <... write resumed>) = 1048576 [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5950, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5014] <... close resumed>) = 0 [pid 5018] unlink("./154/binderfs" [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5018] <... unlink resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x35\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] umount2("./152", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 5954 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5015] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] umount2("./152/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5954 attached [pid 5015] newfstatat(AT_FDCWD, "./152/binderfs", [pid 5954] set_robust_list(0x555557506760, 24 [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5954] <... set_robust_list resumed>) = 0 [pid 5015] unlink("./152/binderfs" [pid 5954] chdir("./151" [pid 5015] <... unlink resumed>) = 0 [pid 5954] <... chdir resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x35\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5954] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5954] setpgid(0, 0) = 0 [pid 5954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5015] <... umount2 resumed>) = 0 [pid 5954] <... openat resumed>) = 3 [pid 5015] umount2("\x2e\x2f\x31\x35\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5954] write(3, "1000", 4 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5954] <... write resumed>) = 4 [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x32\x2f\x2e\x02", [pid 5954] close(3 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5954] <... close resumed>) = 0 [pid 5018] <... umount2 resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x35\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5954] symlink("/dev/binderfs", "./binderfs" [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5954] <... symlink resumed>) = 0 [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5954] memfd_create("syzkaller", 0 [pid 5015] <... openat resumed>) = 4 [pid 5954] <... memfd_create resumed>) = 3 [pid 5015] newfstatat(4, "", [pid 5954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5954] <... mmap resumed>) = 0x7f3634699000 [pid 5015] getdents64(4, [pid 5018] umount2("\x2e\x2f\x31\x35\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5953] munmap(0x7f3634699000, 1048576 [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x34\x2f\x2e\x02", [pid 5015] getdents64(4, [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 175.988255][ T27] audit: type=1800 audit(1692541379.538:918): pid=5949 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop4" ino=851 res=0 errno=0 [ 176.037935][ T5952] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5953] <... munmap resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x35\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] close(4 [pid 5954] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... close resumed>) = 0 [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] rmdir("\x2e\x2f\x31\x35\x32\x2f\x2e\x02" [pid 5018] <... openat resumed>) = 4 [pid 5015] <... rmdir resumed>) = 0 [pid 5018] newfstatat(4, "", [pid 5953] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5015] getdents64(3, [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] close(3 [pid 5018] getdents64(4, [pid 5015] <... close resumed>) = 0 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] rmdir("./152") = 0 [pid 5018] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] mkdir("./153", 0777 [pid 5018] close(4) = 0 [pid 5015] <... mkdir resumed>) = 0 [pid 5018] rmdir("\x2e\x2f\x31\x35\x34\x2f\x2e\x02" [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5018] <... rmdir resumed>) = 0 [pid 5018] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] close(3) = 0 [pid 5953] <... openat resumed>) = 4 [pid 5018] rmdir("./154") = 0 [pid 5018] mkdir("./155", 0777) = 0 [pid 5953] ioctl(4, LOOP_SET_FD, 3 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5952] <... mount resumed>) = 0 [pid 5954] <... write resumed>) = 1048576 [pid 5952] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5952] chdir("\x2e\x02") = 0 [pid 5952] ioctl(4, LOOP_CLR_FD [pid 5951] <... mount resumed>) = 0 [pid 5952] <... ioctl resumed>) = 0 [pid 5951] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5952] close(4 [pid 5951] <... openat resumed>) = 3 [pid 5952] <... close resumed>) = 0 [pid 5951] chdir("\x2e\x02" [pid 5952] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5951] <... chdir resumed>) = 0 [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5952] <... open resumed>) = 4 [pid 5951] ioctl(4, LOOP_CLR_FD [pid 5018] close(3 [pid 5952] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5951] <... ioctl resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5954] munmap(0x7f3634699000, 1048576 [pid 5952] <... mount resumed>) = 0 [pid 5951] close(4 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5954] <... munmap resumed>) = 0 [pid 5952] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5951] <... close resumed>) = 0 [ 176.048874][ T5951] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 176.080116][ T5953] loop2: detected capacity change from 0 to 2048 [pid 5952] <... open resumed>) = 5 [pid 5951] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5954] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5952] openat(AT_FDCWD, NULL, O_RDWR [pid 5951] <... open resumed>) = 4 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5955 [pid 5954] <... openat resumed>) = 4 [pid 5952] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5951] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5954] ioctl(4, LOOP_SET_FD, 3 [pid 5952] ftruncate(-1, 2 [pid 5951] <... mount resumed>) = 0 ./strace-static-x86_64: Process 5955 attached [pid 5954] <... ioctl resumed>) = 0 [pid 5952] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5951] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5955] set_robust_list(0x555557506760, 24 [pid 5952] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5951] <... open resumed>) = 5 [pid 5955] <... set_robust_list resumed>) = 0 [pid 5953] <... ioctl resumed>) = 0 [pid 5952] <... mmap resumed>) = 0x20000000 [pid 5951] openat(AT_FDCWD, NULL, O_RDWR [pid 5955] chdir("./155" [pid 5953] close(3 [pid 5952] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5951] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5955] <... chdir resumed>) = 0 [pid 5952] <... open resumed>) = -1 EFAULT (Bad address) [pid 5951] ftruncate(-1, 2 [pid 5955] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5953] <... close resumed>) = 0 [pid 5952] memfd_create("syzkaller", 0 [pid 5951] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5015] <... openat resumed>) = 3 [pid 5955] <... prctl resumed>) = 0 [pid 5953] mkdir("\x2e\x02", 0777 [pid 5952] <... memfd_create resumed>) = 6 [pid 5951] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5955] setpgid(0, 0 [pid 5952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5951] <... mmap resumed>) = 0x20000000 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5955] <... setpgid resumed>) = 0 [pid 5953] <... mkdir resumed>) = 0 [pid 5952] <... mmap resumed>) = 0x7f362c399000 [pid 5951] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5015] close(3 [pid 5955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5953] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5951] <... open resumed>) = -1 EFAULT (Bad address) [pid 5015] <... close resumed>) = 0 [pid 5955] <... openat resumed>) = 3 [ 176.092197][ T27] audit: type=1800 audit(1692541379.748:919): pid=5952 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop5" ino=851 res=0 errno=0 [ 176.116853][ T5954] loop0: detected capacity change from 0 to 2048 [pid 5951] memfd_create("syzkaller", 0 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5955] write(3, "1000", 4 [pid 5951] <... memfd_create resumed>) = 6 [pid 5955] <... write resumed>) = 4 [pid 5951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5955] close(3 [pid 5951] <... mmap resumed>) = 0x7f362c399000 ./strace-static-x86_64: Process 5956 attached [pid 5955] <... close resumed>) = 0 [pid 5954] close(3 [pid 5955] symlink("/dev/binderfs", "./binderfs" [pid 5954] <... close resumed>) = 0 [pid 5956] set_robust_list(0x555557506760, 24 [pid 5955] <... symlink resumed>) = 0 [pid 5954] mkdir("\x2e\x02", 0777 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5956 [pid 5956] <... set_robust_list resumed>) = 0 [pid 5955] memfd_create("syzkaller", 0 [pid 5954] <... mkdir resumed>) = 0 [pid 5955] <... memfd_create resumed>) = 3 [pid 5955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5954] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [pid 5956] chdir("./153" [pid 5955] <... mmap resumed>) = 0x7f3634699000 [pid 5956] <... chdir resumed>) = 0 [pid 5955] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5956] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5956] setpgid(0, 0) = 0 [pid 5956] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5956] write(3, "1000", 4) = 4 [pid 5956] close(3) = 0 [pid 5956] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5956] memfd_create("syzkaller", 0) = 3 [ 176.148702][ T5953] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [pid 5956] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5956] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5955] <... write resumed>) = 1048576 [pid 5955] munmap(0x7f3634699000, 1048576) = 0 [pid 5952] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5955] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 176.210553][ T5954] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 176.214561][ T5953] UDF-fs: Scanning with blocksize 512 failed [ 176.244107][ T5955] loop4: detected capacity change from 0 to 2048 [ 176.250853][ T5954] UDF-fs: Scanning with blocksize 512 failed [pid 5955] ioctl(4, LOOP_SET_FD, 3 [pid 5956] <... write resumed>) = 1048576 [pid 5951] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5956] munmap(0x7f3634699000, 1048576 [pid 5955] <... ioctl resumed>) = 0 [pid 5956] <... munmap resumed>) = 0 [pid 5955] close(3) = 0 [pid 5956] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5955] mkdir("\x2e\x02", 0777 [pid 5956] <... openat resumed>) = 4 [pid 5955] <... mkdir resumed>) = 0 [pid 5956] ioctl(4, LOOP_SET_FD, 3 [ 176.251316][ T27] audit: type=1800 audit(1692541379.778:920): pid=5951 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop3" ino=851 res=0 errno=0 [ 176.292756][ T5954] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 176.301457][ T5956] loop1: detected capacity change from 0 to 2048 [pid 5955] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5956] <... ioctl resumed>) = 0 [pid 5956] close(3) = 0 [pid 5956] mkdir("\x2e\x02", 0777) = 0 [pid 5956] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5953] <... mount resumed>) = 0 [pid 5953] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5953] chdir("\x2e\x02") = 0 [pid 5953] ioctl(4, LOOP_CLR_FD) = 0 [pid 5953] close(4) = 0 [pid 5953] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5953] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5953] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5953] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5953] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5953] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5953] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5951] <... write resumed>) = 2097152 [ 176.309032][ T5954] UDF-fs: Scanning with blocksize 1024 failed [ 176.309343][ T5953] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 176.331518][ T5955] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 176.350045][ T5956] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [pid 5951] munmap(0x7f362c399000, 2097152 [pid 5952] <... write resumed>) = 2097152 [pid 5953] memfd_create("syzkaller", 0 [pid 5952] munmap(0x7f362c399000, 2097152 [pid 5953] <... memfd_create resumed>) = 6 [pid 5953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5952] <... munmap resumed>) = 0 [pid 5951] <... munmap resumed>) = 0 [pid 5951] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 7 [pid 5951] ioctl(7, LOOP_SET_FD, 6 [pid 5952] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5951] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5952] <... openat resumed>) = 7 [pid 5951] ioctl(7, LOOP_CLR_FD [pid 5952] ioctl(7, LOOP_SET_FD, 6 [pid 5951] <... ioctl resumed>) = 0 [pid 5952] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5952] ioctl(7, LOOP_CLR_FD) = 0 [ 176.360632][ T5954] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 176.385121][ T5955] UDF-fs: Scanning with blocksize 512 failed [ 176.385848][ T5956] UDF-fs: Scanning with blocksize 512 failed [pid 5952] ioctl(7, LOOP_SET_FD, 6 [pid 5951] ioctl(7, LOOP_SET_FD, 6 [pid 5952] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5951] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5952] close(7 [pid 5951] close(7 [pid 5952] <... close resumed>) = 0 [pid 5951] <... close resumed>) = 0 [pid 5952] close(6 [pid 5951] close(6 [pid 5952] <... close resumed>) = 0 [pid 5951] <... close resumed>) = 0 [pid 5951] exit_group(0) = ? [ 176.393166][ T27] audit: type=1800 audit(1692541380.008:921): pid=5953 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop2" ino=851 res=0 errno=0 [ 176.398249][ T5954] UDF-fs: Scanning with blocksize 2048 failed [ 176.449881][ T5955] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5952] exit_group(0 [pid 5951] +++ exited with 0 +++ [pid 5952] <... exit_group resumed>) = ? [pid 5952] +++ exited with 0 +++ [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5952, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5019] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5019] umount2("./156", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5019] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5019] umount2("./156/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] newfstatat(AT_FDCWD, "./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] unlink("./156/binderfs") = 0 [pid 5019] umount2("\x2e\x2f\x31\x35\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5951, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 5019] <... umount2 resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x35\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x36\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] umount2("\x2e\x2f\x31\x35\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5019] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5019] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5019] close(4) = 0 [pid 5019] rmdir("\x2e\x2f\x31\x35\x36\x2f\x2e\x02") = 0 [pid 5019] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5019] close(3) = 0 [pid 5019] rmdir("./156") = 0 [pid 5019] mkdir("./157", 0777) = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5953] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5017] restart_syscall(<... resuming interrupted clone ...> [pid 5019] <... ioctl resumed>) = 0 [pid 5019] close(3) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5017] <... restart_syscall resumed>) = 0 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5957 [pid 5017] umount2("./151", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5017] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5955] <... mount resumed>) = 0 ./strace-static-x86_64: Process 5957 attached [pid 5955] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5017] getdents64(3, [pid 5957] set_robust_list(0x555557506760, 24 [pid 5955] <... openat resumed>) = 3 [pid 5957] <... set_robust_list resumed>) = 0 [pid 5955] chdir("\x2e\x02" [pid 5957] chdir("./157" [pid 5955] <... chdir resumed>) = 0 [pid 5957] <... chdir resumed>) = 0 [pid 5955] ioctl(4, LOOP_CLR_FD [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5957] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5955] <... ioctl resumed>) = 0 [pid 5017] umount2("./151/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5957] <... prctl resumed>) = 0 [pid 5955] close(4 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5957] setpgid(0, 0 [pid 5955] <... close resumed>) = 0 [pid 5017] newfstatat(AT_FDCWD, "./151/binderfs", [pid 5957] <... setpgid resumed>) = 0 [pid 5955] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5955] <... open resumed>) = 4 [pid 5957] <... openat resumed>) = 3 [pid 5955] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5017] unlink("./151/binderfs" [pid 5957] write(3, "1000", 4 [pid 5955] <... mount resumed>) = 0 [pid 5957] <... write resumed>) = 4 [pid 5955] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5957] close(3 [pid 5955] <... open resumed>) = 5 [pid 5017] <... unlink resumed>) = 0 [pid 5957] <... close resumed>) = 0 [pid 5955] openat(AT_FDCWD, NULL, O_RDWR [pid 5017] umount2("\x2e\x2f\x31\x35\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5957] symlink("/dev/binderfs", "./binderfs" [pid 5955] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5957] <... symlink resumed>) = 0 [pid 5955] ftruncate(-1, 2 [pid 5957] memfd_create("syzkaller", 0 [pid 5955] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5957] <... memfd_create resumed>) = 3 [pid 5955] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5955] <... mmap resumed>) = 0x20000000 [pid 5957] <... mmap resumed>) = 0x7f3634699000 [ 176.465693][ T5956] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5955] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5957] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5956] <... mount resumed>) = 0 [pid 5955] <... open resumed>) = -1 EFAULT (Bad address) [pid 5956] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5955] memfd_create("syzkaller", 0 [pid 5017] <... umount2 resumed>) = 0 [pid 5956] <... openat resumed>) = 3 [pid 5955] <... memfd_create resumed>) = 6 [pid 5017] umount2("\x2e\x2f\x31\x35\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5956] chdir("\x2e\x02" [pid 5955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5955] <... mmap resumed>) = 0x7f362c399000 [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x31\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] umount2("\x2e\x2f\x31\x35\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x31\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5017] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5956] <... chdir resumed>) = 0 [pid 5017] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5017] close(4) = 0 [pid 5017] rmdir("\x2e\x2f\x31\x35\x31\x2f\x2e\x02") = 0 [pid 5017] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5017] close(3) = 0 [pid 5956] ioctl(4, LOOP_CLR_FD [pid 5017] rmdir("./151" [pid 5956] <... ioctl resumed>) = 0 [pid 5017] <... rmdir resumed>) = 0 [pid 5956] close(4 [pid 5017] mkdir("./152", 0777 [pid 5956] <... close resumed>) = 0 [pid 5017] <... mkdir resumed>) = 0 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5956] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5017] <... openat resumed>) = 3 [pid 5017] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5957] <... write resumed>) = 1048576 [pid 5956] <... open resumed>) = 4 [pid 5017] close(3 [pid 5956] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5953] <... write resumed>) = 2097152 [pid 5017] <... close resumed>) = 0 [pid 5956] <... mount resumed>) = 0 [ 176.542262][ T27] audit: type=1800 audit(1692541380.168:922): pid=5955 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop4" ino=851 res=0 errno=0 [pid 5953] munmap(0x7f362c399000, 2097152 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5956] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5953] <... munmap resumed>) = 0 [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5958 [pid 5956] <... open resumed>) = 5 [pid 5956] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5956] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5956] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0./strace-static-x86_64: Process 5958 attached [pid 5957] munmap(0x7f3634699000, 1048576 [pid 5953] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5958] set_robust_list(0x555557506760, 24 [pid 5957] <... munmap resumed>) = 0 [pid 5956] <... mmap resumed>) = 0x20000000 [pid 5953] <... openat resumed>) = 7 [pid 5956] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5958] <... set_robust_list resumed>) = 0 [pid 5957] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5953] ioctl(7, LOOP_SET_FD, 6 [pid 5958] chdir("./152" [pid 5957] <... openat resumed>) = 4 [pid 5956] memfd_create("syzkaller", 0 [pid 5953] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5958] <... chdir resumed>) = 0 [pid 5957] ioctl(4, LOOP_SET_FD, 3 [pid 5956] <... memfd_create resumed>) = 6 [ 176.593450][ T5954] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 176.630183][ T5957] loop5: detected capacity change from 0 to 2048 [pid 5953] ioctl(7, LOOP_CLR_FD [pid 5958] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5956] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5953] <... ioctl resumed>) = 0 [pid 5958] <... prctl resumed>) = 0 [pid 5958] setpgid(0, 0) = 0 [pid 5958] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5958] write(3, "1000", 4) = 4 [pid 5953] ioctl(7, LOOP_SET_FD, 6 [pid 5958] close(3 [pid 5953] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5958] <... close resumed>) = 0 [pid 5953] close(7 [pid 5958] symlink("/dev/binderfs", "./binderfs" [pid 5953] <... close resumed>) = 0 [pid 5958] <... symlink resumed>) = 0 [pid 5953] close(6 [pid 5958] memfd_create("syzkaller", 0) = 3 [pid 5958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5958] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5956] <... mmap resumed>) = 0x7f362c399000 [pid 5955] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5957] <... ioctl resumed>) = 0 [ 176.632833][ T27] audit: type=1800 audit(1692541380.248:923): pid=5956 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop1" ino=851 res=0 errno=0 [ 176.655283][ T5954] UDF-fs: Scanning with blocksize 4096 failed [pid 5957] close(3) = 0 [pid 5956] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5953] <... close resumed>) = 0 [pid 5957] mkdir("\x2e\x02", 0777) = 0 [pid 5957] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5953] exit_group(0) = ? [pid 5958] <... write resumed>) = 1048576 [pid 5958] munmap(0x7f3634699000, 1048576 [pid 5954] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5958] <... munmap resumed>) = 0 [pid 5954] ioctl(4, LOOP_CLR_FD [pid 5953] +++ exited with 0 +++ [pid 5958] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5954] <... ioctl resumed>) = 0 [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5953, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} --- [pid 5958] <... openat resumed>) = 4 [pid 5954] close(4 [pid 5958] ioctl(4, LOOP_SET_FD, 3 [pid 5954] <... close resumed>) = 0 [pid 5954] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 3 [pid 5016] umount2("./151", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5016] openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5016] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] umount2("./151/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(AT_FDCWD, "./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] unlink("./151/binderfs") = 0 [ 176.727881][ T5957] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 176.744153][ T5958] loop3: detected capacity change from 0 to 2048 [ 176.752246][ T27] audit: type=1800 audit(1692541380.408:924): pid=5954 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="sda1" ino=1948 res=0 errno=0 [ 176.768543][ T5957] UDF-fs: Scanning with blocksize 512 failed [pid 5016] umount2("\x2e\x2f\x31\x35\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5958] <... ioctl resumed>) = 0 [pid 5956] <... write resumed>) = 2097152 [pid 5955] <... write resumed>) = 2097152 [pid 5954] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5958] close(3 [pid 5956] munmap(0x7f362c399000, 2097152 [pid 5955] munmap(0x7f362c399000, 2097152 [pid 5954] <... mount resumed>) = 0 [pid 5958] <... close resumed>) = 0 [pid 5956] <... munmap resumed>) = 0 [pid 5955] <... munmap resumed>) = 0 [pid 5954] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5016] <... umount2 resumed>) = 0 [pid 5958] mkdir("\x2e\x02", 0777 [pid 5956] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5955] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5954] <... open resumed>) = 4 [pid 5958] <... mkdir resumed>) = 0 [pid 5956] <... openat resumed>) = 7 [pid 5955] <... openat resumed>) = 7 [pid 5954] openat(AT_FDCWD, NULL, O_RDWR [pid 5016] umount2("\x2e\x2f\x31\x35\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5958] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5956] ioctl(7, LOOP_SET_FD, 6 [pid 5955] ioctl(7, LOOP_SET_FD, 6 [pid 5954] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5956] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5955] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5954] ftruncate(-1, 2 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5956] ioctl(7, LOOP_CLR_FD [pid 5955] ioctl(7, LOOP_CLR_FD [pid 5954] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x31\x2f\x2e\x02", [pid 5956] <... ioctl resumed>) = 0 [pid 5955] <... ioctl resumed>) = 0 [pid 5954] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 5954] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5954] memfd_create("syzkaller", 0 [pid 5956] ioctl(7, LOOP_SET_FD, 6 [pid 5955] ioctl(7, LOOP_SET_FD, 6 [pid 5954] <... memfd_create resumed>) = 5 [pid 5956] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5955] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5956] close(7 [pid 5955] close(7 [pid 5954] <... mmap resumed>) = 0x7f362c399000 [pid 5956] <... close resumed>) = 0 [pid 5955] <... close resumed>) = 0 [pid 5956] close(6 [pid 5955] close(6 [pid 5956] <... close resumed>) = 0 [pid 5955] <... close resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 176.803289][ T5958] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 176.805318][ T5957] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5016] umount2("\x2e\x2f\x31\x35\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x31\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5956] exit_group(0 [pid 5016] <... openat resumed>) = 4 [pid 5016] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5956] <... exit_group resumed>) = ? [pid 5955] exit_group(0 [pid 5957] <... mount resumed>) = 0 [pid 5955] <... exit_group resumed>) = ? [pid 5016] getdents64(4, [pid 5957] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5956] +++ exited with 0 +++ [pid 5955] +++ exited with 0 +++ [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5956, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5955, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 5957] <... openat resumed>) = 3 [pid 5018] umount2("./155", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5957] chdir("\x2e\x02" [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] umount2("./153", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] getdents64(4, [pid 5018] openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... openat resumed>) = 3 [pid 5015] openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] newfstatat(3, "", [pid 5015] <... openat resumed>) = 3 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] newfstatat(3, "", [pid 5018] getdents64(3, [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5957] <... chdir resumed>) = 0 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] getdents64(3, [pid 5957] ioctl(4, LOOP_CLR_FD [ 176.844014][ T5958] UDF-fs: Scanning with blocksize 512 failed [pid 5018] umount2("./155/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] close(4 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5957] <... ioctl resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] umount2("./153/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] newfstatat(AT_FDCWD, "./155/binderfs", [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] newfstatat(AT_FDCWD, "./153/binderfs", [pid 5018] unlink("./155/binderfs" [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] <... unlink resumed>) = 0 [pid 5015] unlink("./153/binderfs" [pid 5018] umount2("\x2e\x2f\x31\x35\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... unlink resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x35\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5957] close(4 [pid 5016] <... close resumed>) = 0 [pid 5954] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5957] <... close resumed>) = 0 [pid 5957] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5016] rmdir("\x2e\x2f\x31\x35\x31\x2f\x2e\x02") = 0 [pid 5957] <... open resumed>) = 4 [pid 5016] getdents64(3, [pid 5957] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5957] <... mount resumed>) = 0 [pid 5957] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5016] close(3 [pid 5957] <... open resumed>) = 5 [pid 5957] openat(AT_FDCWD, NULL, O_RDWR [pid 5016] <... close resumed>) = 0 [pid 5957] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5016] rmdir("./151" [pid 5957] ftruncate(-1, 2 [pid 5016] <... rmdir resumed>) = 0 [pid 5957] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5016] mkdir("./152", 0777 [pid 5957] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5016] <... mkdir resumed>) = 0 [pid 5957] <... mmap resumed>) = 0x20000000 [pid 5954] <... write resumed>) = 2097152 [pid 5954] munmap(0x7f362c399000, 2097152 [pid 5957] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5957] memfd_create("syzkaller", 0) = 6 [pid 5016] <... openat resumed>) = 3 [pid 5957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5016] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5016] close(3 [pid 5957] <... mmap resumed>) = 0x7f362c399000 [pid 5016] <... close resumed>) = 0 [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5954] <... munmap resumed>) = 0 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5959 ./strace-static-x86_64: Process 5959 attached [pid 5959] set_robust_list(0x555557506760, 24) = 0 [pid 5959] chdir("./152") = 0 [pid 5954] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5018] <... umount2 resumed>) = 0 [pid 5015] <... umount2 resumed>) = 0 [pid 5959] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5954] <... openat resumed>) = 6 [pid 5959] <... prctl resumed>) = 0 [pid 5954] ioctl(6, LOOP_SET_FD, 5 [pid 5958] <... mount resumed>) = 0 [pid 5958] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5959] setpgid(0, 0 [pid 5954] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5959] <... setpgid resumed>) = 0 [pid 5954] ioctl(6, LOOP_CLR_FD [pid 5958] <... openat resumed>) = 3 [pid 5958] chdir("\x2e\x02" [pid 5959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5958] <... chdir resumed>) = 0 [pid 5954] <... ioctl resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x35\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] umount2("\x2e\x2f\x31\x35\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5959] <... openat resumed>) = 3 [pid 5958] ioctl(4, LOOP_CLR_FD [pid 5959] write(3, "1000", 4 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5959] <... write resumed>) = 4 [pid 5958] <... ioctl resumed>) = 0 [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x35\x2f\x2e\x02", [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x33\x2f\x2e\x02", [pid 5959] close(3 [pid 5958] close(4 [pid 5959] <... close resumed>) = 0 [pid 5954] ioctl(6, LOOP_SET_FD, 5 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5959] symlink("/dev/binderfs", "./binderfs" [pid 5958] <... close resumed>) = 0 [pid 5954] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5018] umount2("\x2e\x2f\x31\x35\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] umount2("\x2e\x2f\x31\x35\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5959] <... symlink resumed>) = 0 [pid 5958] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5954] close(6 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 176.894303][ T27] audit: type=1800 audit(1692541380.548:925): pid=5957 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop5" ino=851 res=0 errno=0 [ 176.898849][ T5958] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5959] memfd_create("syzkaller", 0 [pid 5954] <... close resumed>) = 0 [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x35\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x33\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5959] <... memfd_create resumed>) = 3 [pid 5958] <... open resumed>) = 4 [pid 5957] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5018] <... openat resumed>) = 4 [pid 5015] <... openat resumed>) = 4 [pid 5959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5958] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5954] close(5 [pid 5018] newfstatat(4, "", [pid 5015] newfstatat(4, "", [pid 5958] <... mount resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5958] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5018] getdents64(4, [pid 5015] getdents64(4, [pid 5958] <... open resumed>) = 5 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5958] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] getdents64(4, [pid 5015] getdents64(4, [pid 5958] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5958] ftruncate(-1, 2 [pid 5018] close(4 [pid 5015] close(4 [pid 5958] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5018] <... close resumed>) = 0 [pid 5015] <... close resumed>) = 0 [pid 5958] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5018] rmdir("\x2e\x2f\x31\x35\x35\x2f\x2e\x02" [pid 5015] rmdir("\x2e\x2f\x31\x35\x33\x2f\x2e\x02" [pid 5959] <... mmap resumed>) = 0x7f3634699000 [pid 5958] <... mmap resumed>) = 0x20000000 [pid 5018] <... rmdir resumed>) = 0 [pid 5015] <... rmdir resumed>) = 0 [pid 5958] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5018] getdents64(3, [pid 5015] getdents64(3, [pid 5958] <... open resumed>) = -1 EFAULT (Bad address) [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5958] memfd_create("syzkaller", 0 [pid 5018] close(3 [pid 5015] close(3 [pid 5958] <... memfd_create resumed>) = 6 [pid 5018] <... close resumed>) = 0 [pid 5015] <... close resumed>) = 0 [pid 5958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] rmdir("./155" [pid 5015] rmdir("./153" [pid 5958] <... mmap resumed>) = 0x7f362c399000 [pid 5018] <... rmdir resumed>) = 0 [pid 5015] <... rmdir resumed>) = 0 [pid 5959] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5954] <... close resumed>) = 0 [pid 5018] mkdir("./156", 0777 [pid 5015] mkdir("./154", 0777 [pid 5018] <... mkdir resumed>) = 0 [pid 5015] <... mkdir resumed>) = 0 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5018] <... openat resumed>) = 3 [pid 5015] <... openat resumed>) = 3 [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5018] close(3 [pid 5015] close(3 [pid 5018] <... close resumed>) = 0 [pid 5015] <... close resumed>) = 0 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [ 176.973720][ T27] audit: type=1800 audit(1692541380.628:926): pid=5958 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop3" ino=851 res=0 errno=0 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5959] <... write resumed>) = 1048576 [pid 5954] exit_group(0 [pid 5957] <... write resumed>) = 2097152 [pid 5954] <... exit_group resumed>) = ? [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5960 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5961 [pid 5954] +++ exited with 0 +++ [pid 5959] munmap(0x7f3634699000, 1048576 [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5954, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=14 /* 0.14 s */} --- ./strace-static-x86_64: Process 5960 attached ./strace-static-x86_64: Process 5961 attached [pid 5960] set_robust_list(0x555557506760, 24 [pid 5961] set_robust_list(0x555557506760, 24 [pid 5960] <... set_robust_list resumed>) = 0 [pid 5959] <... munmap resumed>) = 0 [pid 5961] <... set_robust_list resumed>) = 0 [pid 5960] chdir("./156" [pid 5959] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5961] chdir("./154" [pid 5960] <... chdir resumed>) = 0 [pid 5959] <... openat resumed>) = 4 [pid 5961] <... chdir resumed>) = 0 [pid 5960] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5959] ioctl(4, LOOP_SET_FD, 3 [pid 5014] umount2("./151", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5960] <... prctl resumed>) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5960] setpgid(0, 0 [pid 5014] openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5960] <... setpgid resumed>) = 0 [pid 5014] <... openat resumed>) = 3 [pid 5960] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5014] newfstatat(3, "", [pid 5960] <... openat resumed>) = 3 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5960] write(3, "1000", 4 [pid 5957] munmap(0x7f362c399000, 2097152 [pid 5014] getdents64(3, [pid 5960] <... write resumed>) = 4 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 5 entries */, 32768) = 128 [pid 5960] close(3 [pid 5014] umount2("./151/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5960] <... close resumed>) = 0 [pid 5960] symlink("/dev/binderfs", "./binderfs" [pid 5961] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5960] <... symlink resumed>) = 0 [pid 5958] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5960] memfd_create("syzkaller", 0) = 3 [pid 5960] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5961] <... prctl resumed>) = 0 [pid 5959] <... ioctl resumed>) = 0 [pid 5961] setpgid(0, 0 [pid 5960] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5957] <... munmap resumed>) = 0 [pid 5014] <... umount2 resumed>) = 0 [pid 5961] <... setpgid resumed>) = 0 [pid 5959] close(3 [pid 5957] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5014] umount2("./151/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5957] <... openat resumed>) = 7 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5957] ioctl(7, LOOP_SET_FD, 6 [pid 5014] newfstatat(AT_FDCWD, "./151/bus", [pid 5957] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5957] ioctl(7, LOOP_CLR_FD [pid 5014] unlink("./151/bus" [pid 5957] <... ioctl resumed>) = 0 [pid 5014] <... unlink resumed>) = 0 [pid 5961] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5959] <... close resumed>) = 0 [pid 5014] umount2("./151/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5961] <... openat resumed>) = 3 [pid 5959] mkdir("\x2e\x02", 0777 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5961] write(3, "1000", 4 [pid 5959] <... mkdir resumed>) = 0 [pid 5957] ioctl(7, LOOP_SET_FD, 6 [pid 5014] newfstatat(AT_FDCWD, "./151/binderfs", [pid 5961] <... write resumed>) = 4 [pid 5959] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5957] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5961] close(3 [pid 5957] close(7 [pid 5014] unlink("./151/binderfs" [pid 5961] <... close resumed>) = 0 [pid 5957] <... close resumed>) = 0 [pid 5014] <... unlink resumed>) = 0 [pid 5961] symlink("/dev/binderfs", "./binderfs" [ 177.063688][ T5959] loop2: detected capacity change from 0 to 2048 [pid 5957] close(6 [pid 5014] umount2("\x2e\x2f\x31\x35\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5961] <... symlink resumed>) = 0 [pid 5957] <... close resumed>) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5961] memfd_create("syzkaller", 0 [pid 5014] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x31\x2f\x2e\x02", [pid 5961] <... memfd_create resumed>) = 3 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5014] umount2("\x2e\x2f\x31\x35\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5961] <... mmap resumed>) = 0x7f3634699000 [pid 5960] <... write resumed>) = 1048576 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x31\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5960] munmap(0x7f3634699000, 1048576 [pid 5014] <... openat resumed>) = 4 [pid 5014] newfstatat(4, "", [pid 5960] <... munmap resumed>) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5961] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5014] getdents64(4, [pid 5960] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5014] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5960] <... openat resumed>) = 4 [pid 5957] exit_group(0 [pid 5014] getdents64(4, [pid 5960] ioctl(4, LOOP_SET_FD, 3 [pid 5957] <... exit_group resumed>) = ? [pid 5014] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5957] +++ exited with 0 +++ [pid 5014] close(4 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5957, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5014] <... close resumed>) = 0 [pid 5014] rmdir("\x2e\x2f\x31\x35\x31\x2f\x2e\x02") = 0 [pid 5019] umount2("./157", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] getdents64(3, [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5019] openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] close(3 [pid 5019] <... openat resumed>) = 3 [pid 5014] <... close resumed>) = 0 [pid 5019] newfstatat(3, "", [pid 5014] rmdir("./151" [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] <... rmdir resumed>) = 0 [pid 5019] getdents64(3, [pid 5014] mkdir("./152", 0777 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] <... mkdir resumed>) = 0 [pid 5019] umount2("./157/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5958] <... write resumed>) = 2097152 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... openat resumed>) = 3 [pid 5019] newfstatat(AT_FDCWD, "./157/binderfs", [pid 5014] ioctl(3, LOOP_CLR_FD [pid 5958] munmap(0x7f362c399000, 2097152 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] <... ioctl resumed>) = 0 [pid 5958] <... munmap resumed>) = 0 [pid 5019] unlink("./157/binderfs" [pid 5014] close(3 [pid 5019] <... unlink resumed>) = 0 [pid 5014] <... close resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x35\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5961] <... write resumed>) = 1048576 [pid 5960] <... ioctl resumed>) = 0 [pid 5019] <... umount2 resumed>) = 0 [pid 5960] close(3 [pid 5019] umount2("\x2e\x2f\x31\x35\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5961] munmap(0x7f3634699000, 1048576 [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 5962 [pid 5960] <... close resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5960] mkdir("\x2e\x02", 0777 [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x37\x2f\x2e\x02", [pid 5961] <... munmap resumed>) = 0 [pid 5960] <... mkdir resumed>) = 0 [pid 5958] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 5962 attached [pid 5961] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5960] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5958] <... openat resumed>) = 7 [pid 5019] umount2("\x2e\x2f\x31\x35\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5962] set_robust_list(0x555557506760, 24 [pid 5961] <... openat resumed>) = 4 [pid 5958] ioctl(7, LOOP_SET_FD, 6 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5962] <... set_robust_list resumed>) = 0 [pid 5961] ioctl(4, LOOP_SET_FD, 3 [pid 5958] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [ 177.104286][ T5959] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 177.129554][ T5960] loop4: detected capacity change from 0 to 2048 [ 177.139731][ T5959] UDF-fs: Scanning with blocksize 512 failed [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x37\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5962] chdir("./152" [pid 5958] ioctl(7, LOOP_CLR_FD [pid 5019] <... openat resumed>) = 4 [pid 5962] <... chdir resumed>) = 0 [pid 5958] <... ioctl resumed>) = 0 [pid 5019] newfstatat(4, "", [pid 5962] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5962] <... prctl resumed>) = 0 [pid 5019] getdents64(4, [pid 5962] setpgid(0, 0 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5962] <... setpgid resumed>) = 0 [pid 5019] getdents64(4, [pid 5962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5958] ioctl(7, LOOP_SET_FD, 6 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5962] <... openat resumed>) = 3 [pid 5958] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] close(4 [pid 5962] write(3, "1000", 4 [pid 5958] close(7 [pid 5019] <... close resumed>) = 0 [pid 5962] <... write resumed>) = 4 [pid 5958] <... close resumed>) = 0 [pid 5019] rmdir("\x2e\x2f\x31\x35\x37\x2f\x2e\x02" [pid 5962] close(3 [pid 5961] <... ioctl resumed>) = 0 [pid 5958] close(6 [pid 5019] <... rmdir resumed>) = 0 [pid 5962] <... close resumed>) = 0 [pid 5961] close(3 [pid 5958] <... close resumed>) = 0 [pid 5019] getdents64(3, [pid 5962] symlink("/dev/binderfs", "./binderfs" [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5962] <... symlink resumed>) = 0 [pid 5019] close(3 [pid 5962] memfd_create("syzkaller", 0 [pid 5019] <... close resumed>) = 0 [pid 5962] <... memfd_create resumed>) = 3 [pid 5019] rmdir("./157" [pid 5962] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5962] <... mmap resumed>) = 0x7f3634699000 [pid 5961] <... close resumed>) = 0 [pid 5019] mkdir("./158", 0777 [pid 5962] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5961] mkdir("\x2e\x02", 0777 [pid 5958] exit_group(0) = ? [pid 5958] +++ exited with 0 +++ [pid 5019] <... mkdir resumed>) = 0 [pid 5961] <... mkdir resumed>) = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5961] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5019] <... openat resumed>) = 3 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5958, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- [ 177.178663][ T5961] loop1: detected capacity change from 0 to 2048 [ 177.185943][ T5960] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 177.193740][ T5960] UDF-fs: Scanning with blocksize 512 failed [ 177.215712][ T5959] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5017] umount2("./152", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5959] <... mount resumed>) = 0 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5959] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5019] close(3 [pid 5017] openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5962] <... write resumed>) = 1048576 [pid 5959] <... openat resumed>) = 3 [pid 5019] <... close resumed>) = 0 [pid 5017] <... openat resumed>) = 3 [pid 5959] chdir("\x2e\x02" [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5017] newfstatat(3, "", [pid 5959] <... chdir resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5959] ioctl(4, LOOP_CLR_FD [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5963 [pid 5017] getdents64(3, [pid 5959] <... ioctl resumed>) = 0 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5959] close(4 [pid 5017] umount2("./152/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5959] <... close resumed>) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5959] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5017] newfstatat(AT_FDCWD, "./152/binderfs", ./strace-static-x86_64: Process 5963 attached {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5963] set_robust_list(0x555557506760, 24 [pid 5017] unlink("./152/binderfs" [pid 5963] <... set_robust_list resumed>) = 0 [pid 5959] <... open resumed>) = 4 [pid 5017] <... unlink resumed>) = 0 [pid 5963] chdir("./158" [pid 5959] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5017] umount2("\x2e\x2f\x31\x35\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5963] <... chdir resumed>) = 0 [pid 5962] munmap(0x7f3634699000, 1048576 [pid 5959] <... mount resumed>) = 0 [pid 5963] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5962] <... munmap resumed>) = 0 [pid 5963] <... prctl resumed>) = 0 [pid 5963] setpgid(0, 0) = 0 [pid 5962] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 177.265606][ T5961] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 177.273308][ T5961] UDF-fs: Scanning with blocksize 512 failed [pid 5963] write(3, "1000", 4) = 4 [pid 5962] <... openat resumed>) = 4 [pid 5959] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5017] <... umount2 resumed>) = 0 [pid 5963] close(3 [pid 5962] ioctl(4, LOOP_SET_FD, 3 [pid 5963] <... close resumed>) = 0 [pid 5959] <... open resumed>) = 5 [pid 5017] umount2("\x2e\x2f\x31\x35\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5963] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5963] memfd_create("syzkaller", 0) = 3 [pid 5963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5963] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5959] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5959] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5959] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5959] <... mmap resumed>) = 0x20000000 [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x32\x2f\x2e\x02", [pid 5959] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5962] <... ioctl resumed>) = 0 [pid 5962] close(3) = 0 [pid 5962] mkdir("\x2e\x02", 0777) = 0 [pid 5962] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [ 177.306297][ T5960] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 177.316813][ T5962] loop0: detected capacity change from 0 to 2048 [ 177.339175][ T5959] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2 [pid 5017] umount2("\x2e\x2f\x31\x35\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5960] <... mount resumed>) = 0 [pid 5960] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5960] chdir("\x2e\x02") = 0 [pid 5017] <... openat resumed>) = 4 [pid 5960] ioctl(4, LOOP_CLR_FD) = 0 [pid 5017] newfstatat(4, "", [pid 5960] close(4 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5960] <... close resumed>) = 0 [pid 5017] getdents64(4, [pid 5960] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5017] getdents64(4, [pid 5960] <... open resumed>) = 4 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5963] <... write resumed>) = 1048576 [pid 5960] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5017] close(4 [pid 5960] <... mount resumed>) = 0 [pid 5963] munmap(0x7f3634699000, 1048576 [pid 5960] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5017] <... close resumed>) = 0 [pid 5963] <... munmap resumed>) = 0 [pid 5960] <... open resumed>) = 5 [pid 5017] rmdir("\x2e\x2f\x31\x35\x32\x2f\x2e\x02" [pid 5963] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5960] openat(AT_FDCWD, NULL, O_RDWR [pid 5963] <... openat resumed>) = 4 [pid 5960] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5017] <... rmdir resumed>) = 0 [pid 5963] ioctl(4, LOOP_SET_FD, 3 [ 177.351055][ T5961] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 177.374993][ T5962] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 177.382688][ T5962] UDF-fs: Scanning with blocksize 512 failed [pid 5960] ftruncate(-1, 2 [pid 5017] getdents64(3, [pid 5960] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5959] memfd_create("syzkaller", 0 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5960] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5017] close(3 [pid 5960] <... mmap resumed>) = 0x20000000 [pid 5017] <... close resumed>) = 0 [pid 5960] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5959] <... memfd_create resumed>) = 6 [pid 5017] rmdir("./152" [pid 5960] <... open resumed>) = -1 EFAULT (Bad address) [pid 5960] memfd_create("syzkaller", 0 [pid 5959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] <... rmdir resumed>) = 0 [pid 5960] <... memfd_create resumed>) = 6 [pid 5017] mkdir("./153", 0777 [pid 5961] <... mount resumed>) = 0 [pid 5960] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5959] <... mmap resumed>) = 0x7f362c399000 [pid 5961] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5960] <... mmap resumed>) = 0x7f362c399000 [pid 5017] <... mkdir resumed>) = 0 [pid 5961] <... openat resumed>) = 3 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5961] chdir("\x2e\x02") = 0 [pid 5017] <... openat resumed>) = 3 [pid 5961] ioctl(4, LOOP_CLR_FD [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5961] <... ioctl resumed>) = 0 [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5961] close(4 [pid 5017] close(3 [pid 5961] <... close resumed>) = 0 [pid 5017] <... close resumed>) = 0 [pid 5961] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5961] <... open resumed>) = 4 [pid 5961] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5961] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5963] <... ioctl resumed>) = 0 [pid 5961] openat(AT_FDCWD, NULL, O_RDWR [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5964 [pid 5963] close(3 [pid 5961] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5963] <... close resumed>) = 0 [pid 5961] ftruncate(-1, 2 [pid 5963] mkdir("\x2e\x02", 0777 [pid 5961] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5963] <... mkdir resumed>) = 0 [pid 5961] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5963] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5961] <... mmap resumed>) = 0x20000000 ./strace-static-x86_64: Process 5964 attached [ 177.400931][ T5963] loop5: detected capacity change from 0 to 2048 [pid 5961] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5964] set_robust_list(0x555557506760, 24 [pid 5961] <... open resumed>) = -1 EFAULT (Bad address) [pid 5964] <... set_robust_list resumed>) = 0 [pid 5961] memfd_create("syzkaller", 0 [pid 5964] chdir("./153" [pid 5961] <... memfd_create resumed>) = 6 [pid 5964] <... chdir resumed>) = 0 [pid 5961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5964] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5961] <... mmap resumed>) = 0x7f362c399000 [pid 5964] <... prctl resumed>) = 0 [pid 5964] setpgid(0, 0) = 0 [pid 5964] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5964] write(3, "1000", 4) = 4 [pid 5964] close(3 [pid 5960] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5964] <... close resumed>) = 0 [pid 5964] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5964] memfd_create("syzkaller", 0) = 3 [pid 5964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [ 177.454626][ T5963] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 177.462343][ T5963] UDF-fs: Scanning with blocksize 512 failed [pid 5964] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5961] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5959] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5964] <... write resumed>) = 1048576 [pid 5964] munmap(0x7f3634699000, 1048576) = 0 [pid 5964] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5964] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5964] close(3) = 0 [pid 5960] <... write resumed>) = 2097152 [pid 5964] mkdir("\x2e\x02", 0777) = 0 [pid 5959] <... write resumed>) = 2097152 [pid 5964] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [ 177.560942][ T5962] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 177.576428][ T5963] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 177.587057][ T5964] loop3: detected capacity change from 0 to 2048 [ 177.600109][ T5962] UDF-fs: Scanning with blocksize 1024 failed [pid 5960] munmap(0x7f362c399000, 2097152) = 0 [pid 5960] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 7 [pid 5960] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5961] <... write resumed>) = 2097152 [pid 5960] ioctl(7, LOOP_CLR_FD [pid 5959] munmap(0x7f362c399000, 2097152 [pid 5960] <... ioctl resumed>) = 0 [pid 5963] <... mount resumed>) = 0 [pid 5959] <... munmap resumed>) = 0 [pid 5960] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5960] close(7) = 0 [pid 5960] close(6 [pid 5963] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5959] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 7 [pid 5963] <... openat resumed>) = 3 [pid 5963] chdir("\x2e\x02" [pid 5959] ioctl(7, LOOP_SET_FD, 6 [pid 5961] munmap(0x7f362c399000, 2097152 [pid 5963] <... chdir resumed>) = 0 [pid 5959] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5963] ioctl(4, LOOP_CLR_FD [pid 5961] <... munmap resumed>) = 0 [pid 5959] ioctl(7, LOOP_CLR_FD) = 0 [pid 5963] <... ioctl resumed>) = 0 [pid 5963] close(4 [pid 5961] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5963] <... close resumed>) = 0 [pid 5961] <... openat resumed>) = 7 [pid 5961] ioctl(7, LOOP_SET_FD, 6 [pid 5963] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5961] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5961] ioctl(7, LOOP_CLR_FD) = 0 [pid 5959] ioctl(7, LOOP_SET_FD, 6 [pid 5963] <... open resumed>) = 4 [pid 5959] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5963] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5960] <... close resumed>) = 0 [pid 5959] close(7 [pid 5961] ioctl(7, LOOP_SET_FD, 6 [pid 5959] <... close resumed>) = 0 [pid 5963] <... mount resumed>) = 0 [pid 5961] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5959] close(6 [pid 5961] close(7 [pid 5960] exit_group(0 [pid 5961] <... close resumed>) = 0 [pid 5960] <... exit_group resumed>) = ? [pid 5963] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5961] close(6 [pid 5960] +++ exited with 0 +++ [ 177.611411][ T5964] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 177.626880][ T5962] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 177.631082][ T5964] UDF-fs: Scanning with blocksize 512 failed [pid 5963] <... open resumed>) = 5 [pid 5959] <... close resumed>) = 0 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5960, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5018] umount2("./156", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5018] openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5018] newfstatat(3, "", [pid 5963] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5963] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5018] getdents64(3, [pid 5963] ftruncate(-1, 2 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5963] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5018] umount2("./156/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5963] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(AT_FDCWD, "./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5963] <... mmap resumed>) = 0x20000000 [pid 5018] unlink("./156/binderfs" [pid 5963] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5961] <... close resumed>) = 0 [pid 5959] exit_group(0 [pid 5018] <... unlink resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x35\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5961] exit_group(0 [pid 5963] <... open resumed>) = -1 EFAULT (Bad address) [pid 5959] <... exit_group resumed>) = ? [pid 5018] <... umount2 resumed>) = 0 [pid 5961] <... exit_group resumed>) = ? [pid 5961] +++ exited with 0 +++ [pid 5959] +++ exited with 0 +++ [pid 5018] umount2("\x2e\x2f\x31\x35\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5961, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x36\x2f\x2e\x02", [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5959, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] restart_syscall(<... resuming interrupted clone ...> [pid 5018] umount2("\x2e\x2f\x31\x35\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... restart_syscall resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5016] umount2("./152", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] umount2("./154", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] newfstatat(4, "", [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] getdents64(4, [pid 5016] <... openat resumed>) = 3 [pid 5015] <... openat resumed>) = 3 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5016] newfstatat(3, "", [ 177.681776][ T5962] UDF-fs: Scanning with blocksize 2048 failed [ 177.700151][ T5964] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5015] newfstatat(3, "", [pid 5018] getdents64(4, [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5016] getdents64(3, [pid 5015] getdents64(3, [pid 5018] close(4 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5964] <... mount resumed>) = 0 [pid 5963] memfd_create("syzkaller", 0 [pid 5018] <... close resumed>) = 0 [pid 5016] umount2("./152/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] umount2("./154/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] rmdir("\x2e\x2f\x31\x35\x36\x2f\x2e\x02" [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5964] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5963] <... memfd_create resumed>) = 6 [pid 5018] <... rmdir resumed>) = 0 [pid 5016] newfstatat(AT_FDCWD, "./152/binderfs", [pid 5015] newfstatat(AT_FDCWD, "./154/binderfs", [pid 5964] <... openat resumed>) = 3 [pid 5963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] getdents64(3, [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] unlink("./152/binderfs" [pid 5015] unlink("./154/binderfs" [pid 5964] chdir("\x2e\x02" [pid 5963] <... mmap resumed>) = 0x7f362c399000 [pid 5018] close(3 [pid 5016] <... unlink resumed>) = 0 [pid 5015] <... unlink resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x35\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] umount2("\x2e\x2f\x31\x35\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5964] <... chdir resumed>) = 0 [pid 5018] rmdir("./156" [pid 5016] <... umount2 resumed>) = 0 [pid 5015] <... umount2 resumed>) = 0 [pid 5964] ioctl(4, LOOP_CLR_FD [pid 5018] <... rmdir resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x35\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5964] <... ioctl resumed>) = 0 [pid 5018] mkdir("./157", 0777 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] umount2("\x2e\x2f\x31\x35\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5964] close(4 [pid 5018] <... mkdir resumed>) = 0 [pid 5964] <... close resumed>) = 0 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x32\x2f\x2e\x02", [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5964] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5018] <... openat resumed>) = 3 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 177.733765][ T5962] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x34\x2f\x2e\x02", [pid 5964] <... open resumed>) = 4 [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5016] umount2("\x2e\x2f\x31\x35\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] umount2("\x2e\x2f\x31\x35\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5964] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5018] close(3 [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5964] <... mount resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5016] <... openat resumed>) = 4 [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5964] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5016] newfstatat(4, "", [pid 5015] <... openat resumed>) = 4 [pid 5964] <... open resumed>) = 5 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] newfstatat(4, "", [pid 5964] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5965 [pid 5016] getdents64(4, [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5964] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] getdents64(4, [pid 5964] ftruncate(-1, 2 [pid 5016] getdents64(4, [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5964] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5963] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] getdents64(4, [pid 5964] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5016] close(4 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5016] <... close resumed>) = 0 [pid 5015] close(4 [pid 5016] rmdir("\x2e\x2f\x31\x35\x32\x2f\x2e\x02" [pid 5015] <... close resumed>) = 0 ./strace-static-x86_64: Process 5965 attached [pid 5016] <... rmdir resumed>) = 0 [pid 5015] rmdir("\x2e\x2f\x31\x35\x34\x2f\x2e\x02" [pid 5965] set_robust_list(0x555557506760, 24 [pid 5016] getdents64(3, [pid 5015] <... rmdir resumed>) = 0 [pid 5965] <... set_robust_list resumed>) = 0 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] getdents64(3, [pid 5965] chdir("./157" [pid 5016] close(3 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5965] <... chdir resumed>) = 0 [pid 5962] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... close resumed>) = 0 [pid 5015] close(3 [pid 5965] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5964] <... mmap resumed>) = 0x20000000 [pid 5962] ioctl(4, LOOP_CLR_FD [pid 5016] rmdir("./152" [pid 5015] <... close resumed>) = 0 [pid 5965] <... prctl resumed>) = 0 [pid 5964] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5962] <... ioctl resumed>) = 0 [pid 5016] <... rmdir resumed>) = 0 [pid 5015] rmdir("./154" [pid 5965] setpgid(0, 0 [pid 5964] <... open resumed>) = -1 EFAULT (Bad address) [pid 5962] close(4 [pid 5016] mkdir("./153", 0777 [pid 5015] <... rmdir resumed>) = 0 [pid 5965] <... setpgid resumed>) = 0 [pid 5962] <... close resumed>) = 0 [pid 5016] <... mkdir resumed>) = 0 [pid 5964] memfd_create("syzkaller", 0 [pid 5015] mkdir("./155", 0777 [pid 5965] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5964] <... memfd_create resumed>) = 6 [pid 5962] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5015] <... mkdir resumed>) = 0 [pid 5965] <... openat resumed>) = 3 [pid 5964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5962] <... open resumed>) = 3 [pid 5016] <... openat resumed>) = 3 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5965] write(3, "1000", 4 [pid 5964] <... mmap resumed>) = 0x7f362c399000 [pid 5962] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5015] <... openat resumed>) = 3 [pid 5965] <... write resumed>) = 4 [pid 5965] close(3 [pid 5962] <... mount resumed>) = 0 [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5965] <... close resumed>) = 0 [pid 5962] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5016] close(3 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5965] symlink("/dev/binderfs", "./binderfs" [pid 5962] <... open resumed>) = 4 [pid 5016] <... close resumed>) = 0 [ 177.775022][ T5962] UDF-fs: Scanning with blocksize 4096 failed [pid 5015] close(3 [pid 5965] <... symlink resumed>) = 0 [pid 5962] openat(AT_FDCWD, NULL, O_RDWR [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5015] <... close resumed>) = 0 [pid 5965] memfd_create("syzkaller", 0 [pid 5962] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5965] <... memfd_create resumed>) = 3 [pid 5962] ftruncate(-1, 2 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5966 [pid 5965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5962] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5967 [pid 5965] <... mmap resumed>) = 0x7f3634699000 [pid 5962] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0./strace-static-x86_64: Process 5967 attached ./strace-static-x86_64: Process 5966 attached [pid 5965] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5962] <... mmap resumed>) = 0x20000000 [pid 5967] set_robust_list(0x555557506760, 24 [pid 5966] set_robust_list(0x555557506760, 24 [pid 5963] <... write resumed>) = 2097152 [pid 5962] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5967] <... set_robust_list resumed>) = 0 [pid 5966] <... set_robust_list resumed>) = 0 [pid 5963] munmap(0x7f362c399000, 2097152 [pid 5962] <... open resumed>) = -1 EFAULT (Bad address) [pid 5967] chdir("./155" [pid 5966] chdir("./153" [pid 5962] memfd_create("syzkaller", 0 [pid 5967] <... chdir resumed>) = 0 [pid 5966] <... chdir resumed>) = 0 [pid 5962] <... memfd_create resumed>) = 5 [pid 5967] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5966] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5962] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5967] <... prctl resumed>) = 0 [pid 5966] <... prctl resumed>) = 0 [pid 5964] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5963] <... munmap resumed>) = 0 [pid 5962] <... mmap resumed>) = 0x7f362c399000 [pid 5967] setpgid(0, 0 [pid 5966] setpgid(0, 0 [pid 5963] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5967] <... setpgid resumed>) = 0 [pid 5966] <... setpgid resumed>) = 0 [pid 5963] <... openat resumed>) = 7 [pid 5966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5966] <... openat resumed>) = 3 [pid 5963] ioctl(7, LOOP_SET_FD, 6 [pid 5967] <... openat resumed>) = 3 [pid 5966] write(3, "1000", 4 [pid 5963] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5967] write(3, "1000", 4 [pid 5966] <... write resumed>) = 4 [pid 5963] ioctl(7, LOOP_CLR_FD [pid 5967] <... write resumed>) = 4 [pid 5966] close(3 [pid 5963] <... ioctl resumed>) = 0 [pid 5967] close(3 [pid 5966] <... close resumed>) = 0 [pid 5967] <... close resumed>) = 0 [pid 5966] symlink("/dev/binderfs", "./binderfs" [pid 5967] symlink("/dev/binderfs", "./binderfs" [pid 5966] <... symlink resumed>) = 0 [pid 5967] <... symlink resumed>) = 0 [pid 5966] memfd_create("syzkaller", 0 [pid 5963] ioctl(7, LOOP_SET_FD, 6 [pid 5967] memfd_create("syzkaller", 0) = 3 [pid 5966] <... memfd_create resumed>) = 3 [pid 5963] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5966] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5965] <... write resumed>) = 1048576 [pid 5964] <... write resumed>) = 2097152 [pid 5963] close(7 [pid 5967] <... mmap resumed>) = 0x7f3634699000 [pid 5966] <... mmap resumed>) = 0x7f3634699000 [pid 5965] munmap(0x7f3634699000, 1048576 [pid 5964] munmap(0x7f362c399000, 2097152 [pid 5963] <... close resumed>) = 0 [pid 5967] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5966] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5965] <... munmap resumed>) = 0 [pid 5963] close(6 [pid 5962] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5966] <... write resumed>) = 1048576 [pid 5965] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5964] <... munmap resumed>) = 0 [pid 5965] <... openat resumed>) = 4 [pid 5965] ioctl(4, LOOP_SET_FD, 3 [pid 5964] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 7 [pid 5964] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5963] <... close resumed>) = 0 [pid 5964] ioctl(7, LOOP_CLR_FD) = 0 [pid 5964] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5963] exit_group(0 [pid 5964] close(7 [pid 5963] <... exit_group resumed>) = ? [pid 5965] <... ioctl resumed>) = 0 [pid 5965] close(3 [pid 5964] <... close resumed>) = 0 [pid 5963] +++ exited with 0 +++ [pid 5965] <... close resumed>) = 0 [pid 5964] close(6 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5963, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5967] <... write resumed>) = 1048576 [pid 5965] mkdir("\x2e\x02", 0777 [pid 5962] <... write resumed>) = 2097152 [pid 5966] munmap(0x7f3634699000, 1048576 [pid 5967] munmap(0x7f3634699000, 1048576 [pid 5965] <... mkdir resumed>) = 0 [pid 5962] munmap(0x7f362c399000, 2097152 [pid 5965] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5019] umount2("./158", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 177.962574][ T5965] loop4: detected capacity change from 0 to 2048 [pid 5019] openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5967] <... munmap resumed>) = 0 [pid 5019] <... openat resumed>) = 3 [pid 5967] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5962] <... munmap resumed>) = 0 [pid 5019] newfstatat(3, "", [pid 5967] <... openat resumed>) = 4 [pid 5966] <... munmap resumed>) = 0 [pid 5962] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] getdents64(3, [pid 5967] ioctl(4, LOOP_SET_FD, 3 [pid 5964] <... close resumed>) = 0 [pid 5962] <... openat resumed>) = 6 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5019] umount2("./158/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5964] exit_group(0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5962] ioctl(6, LOOP_SET_FD, 5 [pid 5019] newfstatat(AT_FDCWD, "./158/binderfs", [pid 5964] <... exit_group resumed>) = ? [pid 5964] +++ exited with 0 +++ [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5964, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5017] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5017] umount2("./153", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5017] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] getdents64(3, [pid 5962] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] unlink("./158/binderfs" [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5019] <... unlink resumed>) = 0 [pid 5017] umount2("./153/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] umount2("\x2e\x2f\x31\x35\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5962] ioctl(6, LOOP_CLR_FD [pid 5966] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5017] newfstatat(AT_FDCWD, "./153/binderfs", [pid 5966] <... openat resumed>) = 4 [pid 5962] <... ioctl resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5966] ioctl(4, LOOP_SET_FD, 3 [pid 5017] unlink("./153/binderfs") = 0 [ 178.005901][ T5965] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 178.023309][ T5967] loop1: detected capacity change from 0 to 2048 [ 178.035275][ T5966] loop2: detected capacity change from 0 to 2048 [ 178.036545][ T5965] UDF-fs: Scanning with blocksize 512 failed [pid 5017] umount2("\x2e\x2f\x31\x35\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5967] <... ioctl resumed>) = 0 [pid 5966] <... ioctl resumed>) = 0 [pid 5967] close(3 [pid 5966] close(3 [pid 5962] ioctl(6, LOOP_SET_FD, 5 [pid 5019] <... umount2 resumed>) = 0 [pid 5017] <... umount2 resumed>) = 0 [pid 5967] <... close resumed>) = 0 [pid 5966] <... close resumed>) = 0 [pid 5962] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] umount2("\x2e\x2f\x31\x35\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5967] mkdir("\x2e\x02", 0777 [pid 5966] mkdir("\x2e\x02", 0777 [pid 5962] close(6 [pid 5017] umount2("\x2e\x2f\x31\x35\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x38\x2f\x2e\x02", [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5967] <... mkdir resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5966] <... mkdir resumed>) = 0 [pid 5962] <... close resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x35\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x33\x2f\x2e\x02", [pid 5967] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5966] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5962] close(5 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] umount2("\x2e\x2f\x31\x35\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... openat resumed>) = 4 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 178.064089][ T5965] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5019] newfstatat(4, "", [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x33\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] <... openat resumed>) = 4 [pid 5019] getdents64(4, [pid 5017] newfstatat(4, "", [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] getdents64(4, [pid 5017] getdents64(4, [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5019] close(4 [pid 5017] getdents64(4, [pid 5019] <... close resumed>) = 0 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5019] rmdir("\x2e\x2f\x31\x35\x38\x2f\x2e\x02" [pid 5017] close(4 [pid 5019] <... rmdir resumed>) = 0 [pid 5017] <... close resumed>) = 0 [pid 5019] getdents64(3, [pid 5017] rmdir("\x2e\x2f\x31\x35\x33\x2f\x2e\x02" [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5017] <... rmdir resumed>) = 0 [pid 5019] close(3 [pid 5017] getdents64(3, [pid 5019] <... close resumed>) = 0 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5019] rmdir("./158" [pid 5017] close(3 [pid 5019] <... rmdir resumed>) = 0 [pid 5017] <... close resumed>) = 0 [pid 5019] mkdir("./159", 0777 [pid 5017] rmdir("./153" [pid 5019] <... mkdir resumed>) = 0 [pid 5017] <... rmdir resumed>) = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5017] mkdir("./154", 0777 [pid 5019] <... openat resumed>) = 3 [pid 5017] <... mkdir resumed>) = 0 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5962] <... close resumed>) = 0 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5017] <... openat resumed>) = 3 [pid 5019] close(3 [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5019] <... close resumed>) = 0 [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5017] close(3) = 0 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5968 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5962] exit_group(0) = ? [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5969 ./strace-static-x86_64: Process 5968 attached [pid 5968] set_robust_list(0x555557506760, 24 [pid 5965] <... mount resumed>) = 0 [pid 5962] +++ exited with 0 +++ [pid 5968] <... set_robust_list resumed>) = 0 [pid 5965] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5968] chdir("./159" [pid 5965] <... openat resumed>) = 3 [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5962, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- [pid 5968] <... chdir resumed>) = 0 [pid 5965] chdir("\x2e\x02" [pid 5968] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5965] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 5969 attached [pid 5968] <... prctl resumed>) = 0 [pid 5965] ioctl(4, LOOP_CLR_FD [pid 5969] set_robust_list(0x555557506760, 24 [pid 5968] setpgid(0, 0 [pid 5965] <... ioctl resumed>) = 0 [pid 5969] <... set_robust_list resumed>) = 0 [pid 5968] <... setpgid resumed>) = 0 [pid 5965] close(4 [pid 5969] chdir("./154" [pid 5968] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5965] <... close resumed>) = 0 [pid 5968] <... openat resumed>) = 3 [ 178.107458][ T5967] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 178.115789][ T5966] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 178.124093][ T5966] UDF-fs: Scanning with blocksize 512 failed [ 178.131523][ T5967] UDF-fs: Scanning with blocksize 512 failed [pid 5965] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5969] <... chdir resumed>) = 0 [pid 5968] write(3, "1000", 4 [pid 5965] <... open resumed>) = 4 [pid 5968] <... write resumed>) = 4 [pid 5965] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5968] close(3 [pid 5965] <... mount resumed>) = 0 [pid 5968] <... close resumed>) = 0 [pid 5965] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5968] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5968] memfd_create("syzkaller", 0 [pid 5014] umount2("./152", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5969] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5968] <... memfd_create resumed>) = 3 [pid 5965] <... open resumed>) = 5 [pid 5969] <... prctl resumed>) = 0 [pid 5968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5965] openat(AT_FDCWD, NULL, O_RDWR [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5969] setpgid(0, 0 [pid 5968] <... mmap resumed>) = 0x7f3634699000 [pid 5965] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5969] <... setpgid resumed>) = 0 [pid 5968] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5966] <... mount resumed>) = 0 [pid 5965] ftruncate(-1, 2 [pid 5014] openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5966] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5965] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5965] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5014] <... openat resumed>) = 3 [pid 5969] <... openat resumed>) = 3 [pid 5966] <... openat resumed>) = 3 [pid 5965] <... mmap resumed>) = 0x20000000 [pid 5014] newfstatat(3, "", [pid 5969] write(3, "1000", 4 [pid 5966] chdir("\x2e\x02" [pid 5965] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5969] <... write resumed>) = 4 [pid 5966] <... chdir resumed>) = 0 [pid 5965] <... open resumed>) = -1 EFAULT (Bad address) [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5969] close(3 [pid 5966] ioctl(4, LOOP_CLR_FD [pid 5965] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5965] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5965] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5965] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5965] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5965] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5014] getdents64(3, [pid 5969] <... close resumed>) = 0 [pid 5966] <... ioctl resumed>) = 0 [pid 5965] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5969] symlink("/dev/binderfs", "./binderfs" [pid 5966] close(4 [pid 5965] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 5 entries */, 32768) = 128 [pid 5969] <... symlink resumed>) = 0 [pid 5966] <... close resumed>) = 0 [pid 5965] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5014] umount2("./152/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5969] memfd_create("syzkaller", 0 [pid 5966] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5965] memfd_create("syzkaller", 0 [pid 5969] <... memfd_create resumed>) = 3 [pid 5965] <... memfd_create resumed>) = 6 [pid 5014] <... umount2 resumed>) = 0 [pid 5969] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5966] <... open resumed>) = 4 [pid 5965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5014] umount2("./152/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5969] <... mmap resumed>) = 0x7f3634699000 [pid 5968] <... write resumed>) = 1048576 [pid 5966] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5965] <... mmap resumed>) = 0x7f362c399000 [ 178.162001][ T5966] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 178.177065][ T5967] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5965] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5965] exit_group(0) = ? [pid 5966] <... mount resumed>) = 0 [pid 5965] +++ exited with 0 +++ [pid 5014] newfstatat(AT_FDCWD, "./152/bus", [pid 5966] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5965, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5966] <... open resumed>) = 5 [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5966] openat(AT_FDCWD, NULL, O_RDWR [pid 5014] unlink("./152/bus" [pid 5966] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5014] <... unlink resumed>) = 0 [pid 5966] ftruncate(-1, 2 [pid 5014] umount2("./152/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5969] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5966] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5967] <... mount resumed>) = 0 [pid 5966] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5967] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5966] <... mmap resumed>) = 0x20000000 [pid 5967] chdir("\x2e\x02" [pid 5966] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5018] umount2("./157", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] newfstatat(AT_FDCWD, "./152/binderfs", [pid 5968] munmap(0x7f3634699000, 1048576 [pid 5967] <... chdir resumed>) = 0 [pid 5966] <... open resumed>) = -1 EFAULT (Bad address) [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5968] <... munmap resumed>) = 0 [pid 5967] ioctl(4, LOOP_CLR_FD [pid 5966] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5018] openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5968] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5967] <... ioctl resumed>) = 0 [pid 5966] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5018] <... openat resumed>) = 3 [pid 5014] unlink("./152/binderfs" [pid 5968] <... openat resumed>) = 4 [pid 5967] close(4 [pid 5966] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5018] newfstatat(3, "", [pid 5968] ioctl(4, LOOP_SET_FD, 3 [pid 5967] <... close resumed>) = 0 [pid 5966] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] <... unlink resumed>) = 0 [pid 5969] <... write resumed>) = 1048576 [pid 5967] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5966] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5018] getdents64(3, [pid 5014] umount2("\x2e\x2f\x31\x35\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5967] <... open resumed>) = 4 [pid 5966] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5967] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5966] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5018] umount2("./157/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5967] <... mount resumed>) = 0 [pid 5966] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x32\x2f\x2e\x02", [pid 5967] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5966] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5018] newfstatat(AT_FDCWD, "./157/binderfs", [pid 5967] <... open resumed>) = 5 [pid 5966] memfd_create("syzkaller", 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5967] openat(AT_FDCWD, NULL, O_RDWR [pid 5966] <... memfd_create resumed>) = 6 [pid 5018] unlink("./157/binderfs" [pid 5014] umount2("\x2e\x2f\x31\x35\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5967] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5966] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5967] ftruncate(-1, 2 [pid 5018] <... unlink resumed>) = 0 [pid 5966] <... mmap resumed>) = 0x7f362c399000 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5967] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5966] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5018] umount2("\x2e\x2f\x31\x35\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5967] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5014] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5967] <... mmap resumed>) = 0x20000000 [pid 5966] exit_group(0 [pid 5967] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5966] <... exit_group resumed>) = ? [pid 5018] <... umount2 resumed>) = 0 [pid 5014] <... openat resumed>) = 4 [pid 5967] <... open resumed>) = -1 EFAULT (Bad address) [pid 5968] <... ioctl resumed>) = 0 [pid 5967] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5968] close(3 [pid 5967] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5966] +++ exited with 0 +++ [pid 5018] umount2("\x2e\x2f\x31\x35\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] newfstatat(4, "", [pid 5968] <... close resumed>) = 0 [pid 5967] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5968] mkdir("\x2e\x02", 0777 [pid 5967] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x37\x2f\x2e\x02", [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5966, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5969] munmap(0x7f3634699000, 1048576 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5968] <... mkdir resumed>) = 0 [pid 5967] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] restart_syscall(<... resuming interrupted clone ...> [pid 5014] getdents64(4, [pid 5968] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5967] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5018] umount2("\x2e\x2f\x31\x35\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... restart_syscall resumed>) = 0 [pid 5969] <... munmap resumed>) = 0 [pid 5967] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5969] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5967] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x37\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5969] <... openat resumed>) = 4 [pid 5967] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5014] getdents64(4, [pid 5969] ioctl(4, LOOP_SET_FD, 3 [pid 5967] memfd_create("syzkaller", 0 [pid 5018] <... openat resumed>) = 4 [pid 5016] umount2("./153", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5967] <... memfd_create resumed>) = 6 [pid 5967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5967] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [ 178.242566][ T5968] loop5: detected capacity change from 0 to 2048 [ 178.280595][ T5968] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [pid 5967] exit_group(0) = ? [pid 5967] +++ exited with 0 +++ [pid 5018] newfstatat(4, "", [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] close(4 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5967, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5018] getdents64(4, [pid 5014] <... close resumed>) = 0 [pid 5016] <... openat resumed>) = 3 [pid 5014] rmdir("\x2e\x2f\x31\x35\x32\x2f\x2e\x02" [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5016] newfstatat(3, "", [pid 5018] getdents64(4, [pid 5015] umount2("./155", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... rmdir resumed>) = 0 [pid 5969] <... ioctl resumed>) = 0 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] getdents64(3, [pid 5969] close(3 [pid 5018] close(4 [pid 5016] getdents64(3, [pid 5015] openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5969] <... close resumed>) = 0 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] <... close resumed>) = 0 [pid 5015] <... openat resumed>) = 3 [pid 5014] close(3 [pid 5969] mkdir("\x2e\x02", 0777 [pid 5018] rmdir("\x2e\x2f\x31\x35\x37\x2f\x2e\x02" [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] newfstatat(3, "", [pid 5014] <... close resumed>) = 0 [pid 5969] <... mkdir resumed>) = 0 [pid 5016] umount2("./153/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] rmdir("./152" [pid 5018] <... rmdir resumed>) = 0 [pid 5014] <... rmdir resumed>) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] getdents64(3, [pid 5015] getdents64(3, [pid 5014] mkdir("./153", 0777 [pid 5016] newfstatat(AT_FDCWD, "./153/binderfs", [pid 5969] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] unlink("./153/binderfs" [pid 5014] <... mkdir resumed>) = 0 [pid 5018] close(3 [pid 5015] umount2("./155/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... unlink resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] rmdir("./157" [pid 5016] umount2("\x2e\x2f\x31\x35\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] newfstatat(AT_FDCWD, "./155/binderfs", [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5018] <... rmdir resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] mkdir("./158", 0777 [pid 5015] unlink("./155/binderfs" [pid 5014] <... openat resumed>) = 3 [pid 5018] <... mkdir resumed>) = 0 [pid 5015] <... unlink resumed>) = 0 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5014] ioctl(3, LOOP_CLR_FD [pid 5015] umount2("\x2e\x2f\x31\x35\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... openat resumed>) = 3 [pid 5014] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5014] close(3 [pid 5018] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5014] <... close resumed>) = 0 [pid 5018] close(3) = 0 [pid 5016] <... umount2 resumed>) = 0 [pid 5015] <... umount2 resumed>) = 0 [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [ 178.289041][ T5969] loop3: detected capacity change from 0 to 2048 [ 178.295213][ T5968] UDF-fs: Scanning with blocksize 512 failed [ 178.317829][ T5969] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 178.322609][ T5968] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5015] umount2("\x2e\x2f\x31\x35\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x35\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] umount2("\x2e\x2f\x31\x35\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x35\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5015] newfstatat(4, "", [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5016] umount2("\x2e\x2f\x31\x35\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x33\x2f\x2e\x02", [pid 5015] getdents64(4, [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5971 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 5970 ./strace-static-x86_64: Process 5970 attached [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] close(4) = 0 [pid 5015] rmdir("\x2e\x2f\x31\x35\x35\x2f\x2e\x02") = 0 [pid 5015] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] close(3) = 0 [pid 5015] rmdir("./155") = 0 ./strace-static-x86_64: Process 5971 attached [pid 5971] set_robust_list(0x555557506760, 24 [pid 5015] mkdir("./156", 0777 [pid 5971] <... set_robust_list resumed>) = 0 [pid 5970] set_robust_list(0x555557506760, 24 [pid 5016] umount2("\x2e\x2f\x31\x35\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5971] chdir("./158" [pid 5970] <... set_robust_list resumed>) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5971] <... chdir resumed>) = 0 [pid 5970] chdir("./153" [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x33\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] <... mkdir resumed>) = 0 [pid 5971] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5970] <... chdir resumed>) = 0 [pid 5971] <... prctl resumed>) = 0 [pid 5970] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5016] <... openat resumed>) = 4 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5971] setpgid(0, 0 [pid 5970] <... prctl resumed>) = 0 [pid 5016] newfstatat(4, "", [pid 5015] <... openat resumed>) = 3 [pid 5971] <... setpgid resumed>) = 0 [pid 5970] setpgid(0, 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5971] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5970] <... setpgid resumed>) = 0 [pid 5016] getdents64(4, [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5971] <... openat resumed>) = 3 [pid 5970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5971] write(3, "1000", 4 [pid 5970] <... openat resumed>) = 3 [pid 5016] getdents64(4, [pid 5015] close(3 [pid 5971] <... write resumed>) = 4 [pid 5970] write(3, "1000", 4 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] <... close resumed>) = 0 [pid 5971] close(3 [pid 5970] <... write resumed>) = 4 [pid 5016] close(4 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5971] <... close resumed>) = 0 [pid 5970] close(3 [pid 5016] <... close resumed>) = 0 [pid 5971] symlink("/dev/binderfs", "./binderfs" [pid 5970] <... close resumed>) = 0 [pid 5016] rmdir("\x2e\x2f\x31\x35\x33\x2f\x2e\x02" [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5972 [pid 5971] <... symlink resumed>) = 0 [pid 5970] symlink("/dev/binderfs", "./binderfs" [pid 5971] memfd_create("syzkaller", 0 [pid 5970] <... symlink resumed>) = 0 [pid 5016] <... rmdir resumed>) = 0 [pid 5971] <... memfd_create resumed>) = 3 [pid 5970] memfd_create("syzkaller", 0 [pid 5968] <... mount resumed>) = 0 [pid 5016] getdents64(3, ./strace-static-x86_64: Process 5972 attached [pid 5971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5970] <... memfd_create resumed>) = 3 [pid 5968] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5972] set_robust_list(0x555557506760, 24 [pid 5971] <... mmap resumed>) = 0x7f3634699000 [pid 5970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5968] <... openat resumed>) = 3 [pid 5016] close(3 [pid 5972] <... set_robust_list resumed>) = 0 [pid 5971] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5970] <... mmap resumed>) = 0x7f3634699000 [pid 5969] <... mount resumed>) = 0 [pid 5968] chdir("\x2e\x02" [pid 5016] <... close resumed>) = 0 [pid 5972] chdir("./156" [pid 5968] <... chdir resumed>) = 0 [ 178.342320][ T5969] UDF-fs: Scanning with blocksize 512 failed [ 178.379292][ T5969] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5972] <... chdir resumed>) = 0 [pid 5968] ioctl(4, LOOP_CLR_FD [pid 5972] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5968] <... ioctl resumed>) = 0 [pid 5972] <... prctl resumed>) = 0 [pid 5968] close(4 [pid 5972] setpgid(0, 0 [pid 5968] <... close resumed>) = 0 [pid 5016] rmdir("./153" [pid 5972] <... setpgid resumed>) = 0 [pid 5968] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5969] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5968] <... open resumed>) = 4 [pid 5016] <... rmdir resumed>) = 0 [pid 5972] <... openat resumed>) = 3 [pid 5970] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5969] <... openat resumed>) = 3 [pid 5968] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5016] mkdir("./154", 0777 [pid 5972] write(3, "1000", 4 [pid 5969] chdir("\x2e\x02" [pid 5968] <... mount resumed>) = 0 [pid 5972] <... write resumed>) = 4 [pid 5969] <... chdir resumed>) = 0 [pid 5968] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5016] <... mkdir resumed>) = 0 [pid 5972] close(3 [pid 5969] ioctl(4, LOOP_CLR_FD [pid 5968] <... open resumed>) = 5 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5972] <... close resumed>) = 0 [pid 5969] <... ioctl resumed>) = 0 [pid 5968] openat(AT_FDCWD, NULL, O_RDWR [pid 5016] <... openat resumed>) = 3 [pid 5972] symlink("/dev/binderfs", "./binderfs" [pid 5971] <... write resumed>) = 1048576 [pid 5969] close(4 [pid 5968] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5972] <... symlink resumed>) = 0 [pid 5969] <... close resumed>) = 0 [pid 5968] ftruncate(-1, 2 [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5972] memfd_create("syzkaller", 0 [pid 5969] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5968] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5016] close(3 [pid 5972] <... memfd_create resumed>) = 3 [pid 5968] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5972] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5969] <... open resumed>) = 4 [pid 5968] <... mmap resumed>) = 0x20000000 [pid 5016] <... close resumed>) = 0 [pid 5972] <... mmap resumed>) = 0x7f3634699000 [pid 5969] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5968] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5972] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5971] munmap(0x7f3634699000, 1048576 [pid 5970] <... write resumed>) = 1048576 [pid 5969] <... mount resumed>) = 0 [pid 5968] <... open resumed>) = -1 EFAULT (Bad address) [pid 5971] <... munmap resumed>) = 0 [pid 5969] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5968] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5971] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5969] <... open resumed>) = 5 [pid 5968] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5973 [pid 5971] <... openat resumed>) = 4 [pid 5969] openat(AT_FDCWD, NULL, O_RDWR [pid 5968] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5971] ioctl(4, LOOP_SET_FD, 3 [pid 5969] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5968] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- ./strace-static-x86_64: Process 5973 attached [pid 5970] munmap(0x7f3634699000, 1048576 [pid 5969] ftruncate(-1, 2 [pid 5968] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5973] set_robust_list(0x555557506760, 24 [pid 5968] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5970] <... munmap resumed>) = 0 [pid 5968] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5969] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5973] <... set_robust_list resumed>) = 0 [pid 5970] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5969] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5968] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5973] chdir("./154" [pid 5968] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5973] <... chdir resumed>) = 0 [pid 5970] <... openat resumed>) = 4 [pid 5969] <... mmap resumed>) = 0x20000000 [pid 5968] memfd_create("syzkaller", 0 [pid 5973] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5972] <... write resumed>) = 1048576 [pid 5970] ioctl(4, LOOP_SET_FD, 3 [pid 5969] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5968] <... memfd_create resumed>) = 6 [pid 5973] <... prctl resumed>) = 0 [pid 5968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5973] setpgid(0, 0 [pid 5969] <... open resumed>) = -1 EFAULT (Bad address) [pid 5973] <... setpgid resumed>) = 0 [pid 5973] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5973] write(3, "1000", 4 [pid 5970] <... ioctl resumed>) = 0 [pid 5972] munmap(0x7f3634699000, 1048576 [pid 5973] <... write resumed>) = 4 [pid 5970] close(3 [pid 5973] close(3 [pid 5970] <... close resumed>) = 0 [pid 5972] <... munmap resumed>) = 0 [pid 5971] <... ioctl resumed>) = 0 [pid 5972] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5971] close(3 [pid 5972] <... openat resumed>) = 4 [pid 5971] <... close resumed>) = 0 [pid 5972] ioctl(4, LOOP_SET_FD, 3 [ 178.463774][ T5971] loop4: detected capacity change from 0 to 2048 [ 178.480345][ T5970] loop0: detected capacity change from 0 to 2048 [ 178.482418][ T5968] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2 [pid 5971] mkdir("\x2e\x02", 0777 [pid 5973] <... close resumed>) = 0 [pid 5971] <... mkdir resumed>) = 0 [pid 5970] mkdir("\x2e\x02", 0777 [pid 5973] symlink("/dev/binderfs", "./binderfs" [pid 5971] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5973] <... symlink resumed>) = 0 [pid 5970] <... mkdir resumed>) = 0 [pid 5972] <... ioctl resumed>) = 0 [pid 5972] close(3) = 0 [pid 5972] mkdir("\x2e\x02", 0777) = 0 [pid 5973] memfd_create("syzkaller", 0 [pid 5972] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5973] <... memfd_create resumed>) = 3 [pid 5973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5970] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [pid 5973] <... mmap resumed>) = 0x7f3634699000 [ 178.509416][ T5972] loop1: detected capacity change from 0 to 2048 [ 178.529062][ T5971] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 178.548515][ T5971] UDF-fs: Scanning with blocksize 512 failed [pid 5973] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5969] memfd_create("syzkaller", 0) = 6 [pid 5969] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [ 178.561774][ T5970] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [pid 5973] <... write resumed>) = 1048576 [pid 5973] munmap(0x7f3634699000, 1048576) = 0 [pid 5973] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5973] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5973] close(3) = 0 [ 178.596083][ T5972] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 178.602146][ T5970] UDF-fs: Scanning with blocksize 512 failed [ 178.603740][ T5972] UDF-fs: Scanning with blocksize 512 failed [ 178.626149][ T5971] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 178.639809][ T5973] loop2: detected capacity change from 0 to 2048 [pid 5969] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2099208 [pid 5973] mkdir("\x2e\x02", 0777 [pid 5971] <... mount resumed>) = 0 [pid 5968] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2099208 [pid 5971] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5971] chdir("\x2e\x02") = 0 [pid 5971] ioctl(4, LOOP_CLR_FD) = 0 [pid 5971] close(4 [pid 5973] <... mkdir resumed>) = 0 [pid 5971] <... close resumed>) = 0 [pid 5971] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5971] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5971] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5971] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5971] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5971] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5971] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5973] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5971] memfd_create("syzkaller", 0) = 6 [pid 5971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5972] <... mount resumed>) = 0 [pid 5972] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5972] chdir("\x2e\x02") = 0 [pid 5972] ioctl(4, LOOP_CLR_FD) = 0 [pid 5972] close(4) = 0 [pid 5972] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5972] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5972] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5972] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5972] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5972] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5972] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [ 178.654670][ T5972] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 178.673130][ T5970] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 178.692518][ T5973] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [pid 5972] memfd_create("syzkaller", 0) = 6 [pid 5972] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5969] <... write resumed>) = 2099208 [pid 5969] munmap(0x7f362c399000, 2099208 [pid 5968] <... write resumed>) = 2099208 [pid 5969] <... munmap resumed>) = 0 [pid 5969] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 7 [pid 5973] <... mount resumed>) = 0 [pid 5971] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5969] ioctl(7, LOOP_SET_FD, 6 [pid 5968] munmap(0x7f362c399000, 2099208 [pid 5973] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5969] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5973] <... openat resumed>) = 3 [pid 5969] ioctl(7, LOOP_CLR_FD [pid 5968] <... munmap resumed>) = 0 [pid 5973] chdir("\x2e\x02" [pid 5969] <... ioctl resumed>) = 0 [pid 5968] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5973] <... chdir resumed>) = 0 [pid 5973] ioctl(4, LOOP_CLR_FD [pid 5968] <... openat resumed>) = 7 [pid 5973] <... ioctl resumed>) = 0 [pid 5968] ioctl(7, LOOP_SET_FD, 6 [pid 5973] close(4 [pid 5968] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5973] <... close resumed>) = 0 [ 178.736304][ T5973] UDF-fs: Scanning with blocksize 512 failed [ 178.737422][ T5970] UDF-fs: Scanning with blocksize 1024 failed [ 178.774022][ T5973] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5969] ioctl(7, LOOP_SET_FD, 6 [pid 5972] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5973] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5969] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5968] ioctl(7, LOOP_CLR_FD [pid 5973] <... open resumed>) = 4 [pid 5969] close(7 [pid 5968] <... ioctl resumed>) = 0 [pid 5973] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5969] <... close resumed>) = 0 [pid 5973] <... mount resumed>) = 0 [pid 5969] close(6 [pid 5973] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5968] ioctl(7, LOOP_SET_FD, 6 [pid 5973] <... open resumed>) = 5 [pid 5968] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5973] openat(AT_FDCWD, NULL, O_RDWR [pid 5968] close(7 [pid 5973] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5968] <... close resumed>) = 0 [pid 5973] ftruncate(-1, 2 [pid 5968] close(6 [pid 5973] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5971] <... write resumed>) = 2097152 [pid 5973] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5973] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5973] memfd_create("syzkaller", 0) = 6 [pid 5973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5969] <... close resumed>) = 0 [pid 5969] exit_group(0 [pid 5968] <... close resumed>) = 0 [pid 5969] <... exit_group resumed>) = ? [pid 5971] munmap(0x7f362c399000, 2097152 [pid 5968] exit_group(0 [pid 5971] <... munmap resumed>) = 0 [pid 5969] +++ exited with 0 +++ [pid 5968] <... exit_group resumed>) = ? [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5969, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5017] umount2("./154", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5968] +++ exited with 0 +++ [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5968, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [ 178.848307][ T5970] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [pid 5017] openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5017] newfstatat(3, "", [pid 5019] umount2("./159", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5971] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] getdents64(3, [pid 5971] <... openat resumed>) = 7 [pid 5019] openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5971] ioctl(7, LOOP_SET_FD, 6 [pid 5019] <... openat resumed>) = 3 [pid 5017] umount2("./154/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5971] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] newfstatat(3, "", [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5971] ioctl(7, LOOP_CLR_FD [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] newfstatat(AT_FDCWD, "./154/binderfs", [pid 5971] <... ioctl resumed>) = 0 [pid 5019] getdents64(3, [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] unlink("./154/binderfs" [pid 5019] umount2("./159/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... unlink resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] umount2("\x2e\x2f\x31\x35\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5972] <... write resumed>) = 2097152 [pid 5971] ioctl(7, LOOP_SET_FD, 6 [pid 5019] newfstatat(AT_FDCWD, "./159/binderfs", [pid 5017] <... umount2 resumed>) = 0 [pid 5972] munmap(0x7f362c399000, 2097152 [pid 5971] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] umount2("\x2e\x2f\x31\x35\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5971] close(7 [pid 5019] unlink("./159/binderfs" [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5972] <... munmap resumed>) = 0 [pid 5971] <... close resumed>) = 0 [pid 5019] <... unlink resumed>) = 0 [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x34\x2f\x2e\x02", [pid 5971] close(6 [pid 5019] umount2("\x2e\x2f\x31\x35\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5973] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5971] <... close resumed>) = 0 [pid 5017] umount2("\x2e\x2f\x31\x35\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 178.905298][ T5970] UDF-fs: Scanning with blocksize 2048 failed [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5017] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] getdents64(4, [pid 5972] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5972] <... openat resumed>) = 7 [pid 5017] getdents64(4, [pid 5972] ioctl(7, LOOP_SET_FD, 6 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5972] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] close(4 [pid 5972] ioctl(7, LOOP_CLR_FD [pid 5017] <... close resumed>) = 0 [pid 5972] <... ioctl resumed>) = 0 [pid 5017] rmdir("\x2e\x2f\x31\x35\x34\x2f\x2e\x02") = 0 [pid 5017] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5017] close(3) = 0 [pid 5972] ioctl(7, LOOP_SET_FD, 6 [pid 5019] <... umount2 resumed>) = 0 [pid 5017] rmdir("./154" [pid 5972] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] umount2("\x2e\x2f\x31\x35\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... rmdir resumed>) = 0 [pid 5972] close(7 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] mkdir("./155", 0777 [pid 5972] <... close resumed>) = 0 [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x39\x2f\x2e\x02", [pid 5017] <... mkdir resumed>) = 0 [pid 5972] close(6 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5971] exit_group(0 [pid 5019] umount2("\x2e\x2f\x31\x35\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... openat resumed>) = 3 [pid 5971] <... exit_group resumed>) = ? [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5971] +++ exited with 0 +++ [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5970] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5019] <... openat resumed>) = 4 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5971, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5017] close(3 [pid 5970] ioctl(4, LOOP_CLR_FD [pid 5019] newfstatat(4, "", [pid 5017] <... close resumed>) = 0 [pid 5970] <... ioctl resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5970] close(4 [pid 5019] getdents64(4, [pid 5018] umount2("./158", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5970] <... close resumed>) = 0 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5974 [pid 5970] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] getdents64(4, [pid 5018] openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5970] <... open resumed>) = 3 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] <... openat resumed>) = 3 [pid 5970] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] close(4 [pid 5018] newfstatat(3, "", [pid 5970] <... mount resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5970] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5019] rmdir("\x2e\x2f\x31\x35\x39\x2f\x2e\x02"./strace-static-x86_64: Process 5974 attached [pid 5970] <... open resumed>) = 4 [pid 5019] <... rmdir resumed>) = 0 [pid 5018] getdents64(3, [pid 5974] set_robust_list(0x555557506760, 24 [pid 5970] openat(AT_FDCWD, NULL, O_RDWR [pid 5019] getdents64(3, [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5974] <... set_robust_list resumed>) = 0 [pid 5970] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [ 178.946477][ T5970] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 178.959576][ T5970] UDF-fs: Scanning with blocksize 4096 failed [pid 5018] umount2("./158/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5974] chdir("./155" [pid 5972] <... close resumed>) = 0 [pid 5970] ftruncate(-1, 2 [pid 5019] close(3 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5974] <... chdir resumed>) = 0 [pid 5973] <... write resumed>) = 2097152 [pid 5970] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] <... close resumed>) = 0 [pid 5018] newfstatat(AT_FDCWD, "./158/binderfs", [pid 5974] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5973] munmap(0x7f362c399000, 2097152 [pid 5970] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 5019] rmdir("./159" [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5974] <... prctl resumed>) = 0 [pid 5972] exit_group(0 [pid 5970] <... mmap resumed>) = 0x20000000 [pid 5019] <... rmdir resumed>) = 0 [pid 5018] unlink("./158/binderfs" [pid 5974] setpgid(0, 0 [pid 5972] <... exit_group resumed>) = ? [pid 5970] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] mkdir("./160", 0777 [pid 5974] <... setpgid resumed>) = 0 [pid 5972] +++ exited with 0 +++ [pid 5970] <... open resumed>) = -1 EFAULT (Bad address) [pid 5019] <... mkdir resumed>) = 0 [pid 5018] <... unlink resumed>) = 0 [pid 5974] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5974] <... openat resumed>) = 3 [pid 5019] <... openat resumed>) = 3 [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5972, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5018] umount2("\x2e\x2f\x31\x35\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5974] write(3, "1000", 4 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5015] restart_syscall(<... resuming interrupted clone ...> [pid 5974] <... write resumed>) = 4 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5015] <... restart_syscall resumed>) = 0 [pid 5974] close(3 [pid 5019] close(3 [pid 5974] <... close resumed>) = 0 [pid 5970] memfd_create("syzkaller", 0 [pid 5019] <... close resumed>) = 0 [pid 5974] symlink("/dev/binderfs", "./binderfs" [pid 5970] <... memfd_create resumed>) = 5 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5973] <... munmap resumed>) = 0 [pid 5018] <... umount2 resumed>) = 0 [pid 5015] umount2("./156", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5974] <... symlink resumed>) = 0 [pid 5973] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5974] memfd_create("syzkaller", 0 [pid 5973] <... openat resumed>) = 7 [pid 5970] <... mmap resumed>) = 0x7f362c399000 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5975 [pid 5018] umount2("\x2e\x2f\x31\x35\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5975 attached [pid 5974] <... memfd_create resumed>) = 3 [pid 5973] ioctl(7, LOOP_SET_FD, 6 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... openat resumed>) = 3 [pid 5974] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x38\x2f\x2e\x02", [pid 5015] newfstatat(3, "", [pid 5974] <... mmap resumed>) = 0x7f3634699000 [pid 5973] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5975] set_robust_list(0x555557506760, 24 [pid 5974] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5973] ioctl(7, LOOP_CLR_FD [pid 5018] umount2("\x2e\x2f\x31\x35\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] getdents64(3, [pid 5975] <... set_robust_list resumed>) = 0 [pid 5973] <... ioctl resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5975] chdir("./160" [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] umount2("./156/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5975] <... chdir resumed>) = 0 [pid 5018] <... openat resumed>) = 4 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5975] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5018] newfstatat(4, "", [pid 5015] newfstatat(AT_FDCWD, "./156/binderfs", [pid 5975] <... prctl resumed>) = 0 [pid 5973] ioctl(7, LOOP_SET_FD, 6 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5975] setpgid(0, 0 [pid 5973] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5018] getdents64(4, [pid 5015] unlink("./156/binderfs" [pid 5975] <... setpgid resumed>) = 0 [pid 5973] close(7 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] <... unlink resumed>) = 0 [pid 5975] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5973] <... close resumed>) = 0 [pid 5018] getdents64(4, [pid 5015] umount2("\x2e\x2f\x31\x35\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5975] <... openat resumed>) = 3 [pid 5973] close(6 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5975] write(3, "1000", 4 [pid 5974] <... write resumed>) = 1048576 [pid 5018] close(4 [pid 5975] <... write resumed>) = 4 [pid 5018] <... close resumed>) = 0 [pid 5975] close(3 [pid 5018] rmdir("\x2e\x2f\x31\x35\x38\x2f\x2e\x02" [pid 5975] <... close resumed>) = 0 [pid 5018] <... rmdir resumed>) = 0 [pid 5975] symlink("/dev/binderfs", "./binderfs" [pid 5018] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5975] <... symlink resumed>) = 0 [pid 5018] close(3 [pid 5975] memfd_create("syzkaller", 0 [pid 5018] <... close resumed>) = 0 [pid 5975] <... memfd_create resumed>) = 3 [pid 5018] rmdir("./158" [pid 5975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] <... rmdir resumed>) = 0 [pid 5975] <... mmap resumed>) = 0x7f3634699000 [pid 5018] mkdir("./159", 0777) = 0 [pid 5974] munmap(0x7f3634699000, 1048576 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5974] <... munmap resumed>) = 0 [pid 5018] <... openat resumed>) = 3 [pid 5018] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5018] close(3 [pid 5974] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5018] <... close resumed>) = 0 [pid 5975] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5974] <... openat resumed>) = 4 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5974] ioctl(4, LOOP_SET_FD, 3 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5976 ./strace-static-x86_64: Process 5976 attached [pid 5976] set_robust_list(0x555557506760, 24 [pid 5973] <... close resumed>) = 0 [pid 5970] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5015] <... umount2 resumed>) = 0 [pid 5974] <... ioctl resumed>) = 0 [pid 5973] exit_group(0 [pid 5015] umount2("\x2e\x2f\x31\x35\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5976] <... set_robust_list resumed>) = 0 [pid 5973] <... exit_group resumed>) = ? [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5976] chdir("./159") = 0 [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x36\x2f\x2e\x02", [pid 5976] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5973] +++ exited with 0 +++ [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5976] <... prctl resumed>) = 0 [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5973, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5015] umount2("\x2e\x2f\x31\x35\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5976] setpgid(0, 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5976] <... setpgid resumed>) = 0 [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5976] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5015] <... openat resumed>) = 4 [pid 5976] <... openat resumed>) = 3 [pid 5015] newfstatat(4, "", [pid 5976] write(3, "1000", 4 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5976] <... write resumed>) = 4 [pid 5016] umount2("./154", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] getdents64(4, [pid 5976] close(3 [pid 5975] <... write resumed>) = 1048576 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5976] <... close resumed>) = 0 [pid 5975] munmap(0x7f3634699000, 1048576 [pid 5974] close(3 [pid 5016] openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] getdents64(4, [pid 5976] symlink("/dev/binderfs", "./binderfs" [pid 5974] <... close resumed>) = 0 [pid 5016] <... openat resumed>) = 3 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5976] <... symlink resumed>) = 0 [pid 5975] <... munmap resumed>) = 0 [pid 5974] mkdir("\x2e\x02", 0777 [pid 5016] newfstatat(3, "", [pid 5015] close(4 [pid 5976] memfd_create("syzkaller", 0 [pid 5975] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5974] <... mkdir resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... close resumed>) = 0 [pid 5976] <... memfd_create resumed>) = 3 [pid 5975] <... openat resumed>) = 4 [pid 5974] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5016] getdents64(3, [pid 5015] rmdir("\x2e\x2f\x31\x35\x36\x2f\x2e\x02" [pid 5976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5975] ioctl(4, LOOP_SET_FD, 3 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] <... rmdir resumed>) = 0 [pid 5976] <... mmap resumed>) = 0x7f3634699000 [pid 5015] getdents64(3, [pid 5976] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5016] umount2("./154/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] close(3 [pid 5016] newfstatat(AT_FDCWD, "./154/binderfs", [pid 5015] <... close resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] rmdir("./156" [pid 5016] unlink("./154/binderfs" [pid 5015] <... rmdir resumed>) = 0 [pid 5016] <... unlink resumed>) = 0 [pid 5015] mkdir("./157", 0777 [pid 5016] umount2("\x2e\x2f\x31\x35\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... mkdir resumed>) = 0 [pid 5976] <... write resumed>) = 1048576 [pid 5970] <... write resumed>) = 2097152 [pid 5016] <... umount2 resumed>) = 0 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5016] umount2("\x2e\x2f\x31\x35\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... openat resumed>) = 3 [pid 5970] munmap(0x7f362c399000, 2097152 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x34\x2f\x2e\x02", [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] close(3 [pid 5016] umount2("\x2e\x2f\x31\x35\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... close resumed>) = 0 [ 179.096746][ T5974] loop3: detected capacity change from 0 to 2048 [ 179.131102][ T5974] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 179.131199][ T5975] loop5: detected capacity change from 0 to 2048 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5970] <... munmap resumed>) = 0 [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5977 [pid 5016] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5975] <... ioctl resumed>) = 0 [pid 5970] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5016] getdents64(4, [pid 5975] close(3 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 5977 attached [pid 5975] <... close resumed>) = 0 [pid 5970] <... openat resumed>) = 6 [pid 5016] getdents64(4, [pid 5977] set_robust_list(0x555557506760, 24 [pid 5975] mkdir("\x2e\x02", 0777 [pid 5970] ioctl(6, LOOP_SET_FD, 5 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5977] <... set_robust_list resumed>) = 0 [pid 5016] close(4 [pid 5977] chdir("./157" [pid 5975] <... mkdir resumed>) = 0 [pid 5970] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5016] <... close resumed>) = 0 [pid 5977] <... chdir resumed>) = 0 [pid 5976] munmap(0x7f3634699000, 1048576 [pid 5975] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5970] ioctl(6, LOOP_CLR_FD [pid 5016] rmdir("\x2e\x2f\x31\x35\x34\x2f\x2e\x02" [pid 5977] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5976] <... munmap resumed>) = 0 [pid 5970] <... ioctl resumed>) = 0 [pid 5016] <... rmdir resumed>) = 0 [pid 5977] <... prctl resumed>) = 0 [pid 5976] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5016] getdents64(3, [pid 5977] setpgid(0, 0 [pid 5976] <... openat resumed>) = 4 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5977] <... setpgid resumed>) = 0 [pid 5976] ioctl(4, LOOP_SET_FD, 3 [pid 5016] close(3 [pid 5977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5016] <... close resumed>) = 0 [pid 5977] <... openat resumed>) = 3 [pid 5016] rmdir("./154" [pid 5977] write(3, "1000", 4 [pid 5016] <... rmdir resumed>) = 0 [pid 5977] <... write resumed>) = 4 [pid 5016] mkdir("./155", 0777 [pid 5977] close(3 [pid 5016] <... mkdir resumed>) = 0 [pid 5977] <... close resumed>) = 0 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5977] symlink("/dev/binderfs", "./binderfs" [pid 5016] <... openat resumed>) = 3 [pid 5977] <... symlink resumed>) = 0 [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5977] memfd_create("syzkaller", 0 [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5977] <... memfd_create resumed>) = 3 [pid 5016] close(3 [pid 5977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5016] <... close resumed>) = 0 [pid 5977] <... mmap resumed>) = 0x7f3634699000 [pid 5976] <... ioctl resumed>) = 0 [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5977] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5976] close(3 [pid 5970] ioctl(6, LOOP_SET_FD, 5 [pid 5976] <... close resumed>) = 0 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5978 [pid 5976] mkdir("\x2e\x02", 0777 [pid 5970] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5976] <... mkdir resumed>) = 0 [pid 5970] close(6 [pid 5976] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5970] <... close resumed>) = 0 [ 179.187556][ T5974] UDF-fs: Scanning with blocksize 512 failed [ 179.199930][ T5975] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 179.204357][ T5976] loop4: detected capacity change from 0 to 2048 [ 179.215827][ T5975] UDF-fs: Scanning with blocksize 512 failed [pid 5970] close(5./strace-static-x86_64: Process 5978 attached [pid 5978] set_robust_list(0x555557506760, 24) = 0 [pid 5978] chdir("./155") = 0 [pid 5978] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5978] setpgid(0, 0) = 0 [pid 5970] <... close resumed>) = 0 [pid 5978] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5970] exit_group(0 [pid 5978] <... openat resumed>) = 3 [pid 5970] <... exit_group resumed>) = ? [pid 5978] write(3, "1000", 4) = 4 [pid 5978] close(3) = 0 [pid 5978] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5977] <... write resumed>) = 1048576 [pid 5977] munmap(0x7f3634699000, 1048576 [pid 5978] memfd_create("syzkaller", 0) = 3 [pid 5977] <... munmap resumed>) = 0 [pid 5978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 179.242901][ T5975] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 179.245157][ T5974] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 179.261283][ T5976] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [pid 5977] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5978] <... mmap resumed>) = 0x7f3634699000 [pid 5977] <... openat resumed>) = 4 [pid 5977] ioctl(4, LOOP_SET_FD, 3 [pid 5978] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5975] <... mount resumed>) = 0 [pid 5975] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5975] chdir("\x2e\x02") = 0 [pid 5975] ioctl(4, LOOP_CLR_FD) = 0 [pid 5975] close(4) = 0 [pid 5975] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5977] <... ioctl resumed>) = 0 [pid 5975] <... open resumed>) = 4 [pid 5975] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5977] close(3 [pid 5975] <... mount resumed>) = 0 [pid 5977] <... close resumed>) = 0 [pid 5975] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5977] mkdir("\x2e\x02", 0777 [pid 5975] <... open resumed>) = 5 [pid 5977] <... mkdir resumed>) = 0 [pid 5975] openat(AT_FDCWD, NULL, O_RDWR [pid 5974] <... mount resumed>) = 0 [pid 5977] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5975] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5974] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5978] <... write resumed>) = 1048576 [pid 5975] ftruncate(-1, 2 [pid 5974] <... openat resumed>) = 3 [pid 5975] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5974] chdir("\x2e\x02" [pid 5975] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5974] <... chdir resumed>) = 0 [ 179.289367][ T5976] UDF-fs: Scanning with blocksize 512 failed [ 179.298067][ T5977] loop1: detected capacity change from 0 to 2048 [ 179.323894][ T5976] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5974] ioctl(4, LOOP_CLR_FD [pid 5975] <... mmap resumed>) = 0x20000000 [pid 5974] <... ioctl resumed>) = 0 [pid 5974] close(4) = 0 [pid 5974] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5975] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5974] <... open resumed>) = 4 [pid 5970] +++ exited with 0 +++ [pid 5974] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5975] <... open resumed>) = -1 EFAULT (Bad address) [pid 5974] <... mount resumed>) = 0 [pid 5975] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5974] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5970, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [pid 5974] <... open resumed>) = 5 [pid 5974] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5975] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5974] ftruncate(-1, 2 [pid 5014] restart_syscall(<... resuming interrupted clone ...> [pid 5974] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5974] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5014] <... restart_syscall resumed>) = 0 [pid 5975] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5974] <... mmap resumed>) = 0x20000000 [pid 5974] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5975] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5978] munmap(0x7f3634699000, 1048576 [pid 5974] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5975] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5974] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5978] <... munmap resumed>) = 0 [pid 5975] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5974] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5014] umount2("./153", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5978] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5974] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5975] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5978] <... openat resumed>) = 4 [pid 5974] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5978] ioctl(4, LOOP_SET_FD, 3 [pid 5974] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5975] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5974] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5014] openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5974] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5975] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5974] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5014] <... openat resumed>) = 3 [pid 5975] memfd_create("syzkaller", 0 [pid 5974] memfd_create("syzkaller", 0 [pid 5976] <... mount resumed>) = 0 [pid 5975] <... memfd_create resumed>) = 6 [pid 5974] <... memfd_create resumed>) = 6 [pid 5014] newfstatat(3, "", [pid 5976] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5974] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5976] <... openat resumed>) = 3 [pid 5974] <... mmap resumed>) = 0x7f362c399000 [pid 5976] chdir("\x2e\x02" [pid 5974] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5976] <... chdir resumed>) = 0 [pid 5974] exit_group(0 [pid 5976] ioctl(4, LOOP_CLR_FD [pid 5974] <... exit_group resumed>) = ? [pid 5976] <... ioctl resumed>) = 0 [pid 5974] +++ exited with 0 +++ [pid 5976] close(4 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5974, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5976] <... close resumed>) = 0 [pid 5017] restart_syscall(<... resuming interrupted clone ...> [pid 5976] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] <... restart_syscall resumed>) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5976] <... open resumed>) = 4 [pid 5975] <... mmap resumed>) = 0x7f362c399000 [pid 5976] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5975] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5014] getdents64(3, [pid 5976] <... mount resumed>) = 0 [pid 5017] umount2("./155", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5976] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5975] exit_group(0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 5 entries */, 32768) = 128 [pid 5976] <... open resumed>) = 5 [pid 5975] <... exit_group resumed>) = ? [pid 5017] openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] umount2("./153/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5976] openat(AT_FDCWD, NULL, O_RDWR [pid 5017] <... openat resumed>) = 3 [pid 5978] <... ioctl resumed>) = 0 [pid 5976] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5017] newfstatat(3, "", [pid 5978] close(3 [pid 5976] ftruncate(-1, 2 [pid 5975] +++ exited with 0 +++ [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5978] <... close resumed>) = 0 [pid 5976] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5017] getdents64(3, [pid 5014] <... umount2 resumed>) = 0 [pid 5978] mkdir("\x2e\x02", 0777 [ 179.337337][ T5977] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 179.359359][ T5978] loop2: detected capacity change from 0 to 2048 [ 179.369017][ T5977] UDF-fs: Scanning with blocksize 512 failed [pid 5976] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5975, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5978] <... mkdir resumed>) = 0 [pid 5976] <... mmap resumed>) = 0x20000000 [pid 5019] restart_syscall(<... resuming interrupted clone ...> [pid 5017] umount2("./155/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] umount2("./153/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5978] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5976] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] <... restart_syscall resumed>) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5976] <... open resumed>) = -1 EFAULT (Bad address) [pid 5017] newfstatat(AT_FDCWD, "./155/binderfs", [pid 5014] newfstatat(AT_FDCWD, "./153/bus", [pid 5976] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5976] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5019] umount2("./160", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] unlink("./155/binderfs" [pid 5014] unlink("./153/bus" [pid 5976] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... unlink resumed>) = 0 [pid 5014] <... unlink resumed>) = 0 [pid 5976] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5019] openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] umount2("\x2e\x2f\x31\x35\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] umount2("./153/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5976] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5019] <... openat resumed>) = 3 [pid 5017] <... umount2 resumed>) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5976] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5019] newfstatat(3, "", [pid 5017] umount2("\x2e\x2f\x31\x35\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] newfstatat(AT_FDCWD, "./153/binderfs", [pid 5976] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5976] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5019] getdents64(3, [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x35\x2f\x2e\x02", [pid 5014] unlink("./153/binderfs" [pid 5976] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] <... unlink resumed>) = 0 [pid 5976] memfd_create("syzkaller", 0 [pid 5019] umount2("./160/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] umount2("\x2e\x2f\x31\x35\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] umount2("\x2e\x2f\x31\x35\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5976] <... memfd_create resumed>) = 6 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] newfstatat(AT_FDCWD, "./160/binderfs", [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x35\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x33\x2f\x2e\x02", [pid 5976] <... mmap resumed>) = 0x7f362c399000 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] <... openat resumed>) = 4 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5976] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5019] unlink("./160/binderfs" [pid 5017] newfstatat(4, "", [pid 5014] umount2("\x2e\x2f\x31\x35\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5976] exit_group(0 [pid 5019] <... unlink resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5976] <... exit_group resumed>) = ? [pid 5019] umount2("\x2e\x2f\x31\x36\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] getdents64(4, [pid 5014] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x33\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5976] +++ exited with 0 +++ [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5014] <... openat resumed>) = 4 [pid 5019] <... umount2 resumed>) = 0 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5976, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5017] getdents64(4, [pid 5014] newfstatat(4, "", [pid 5019] umount2("\x2e\x2f\x31\x36\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] close(4 [pid 5014] getdents64(4, [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x30\x2f\x2e\x02", [pid 5018] umount2("./159", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... close resumed>) = 0 [ 179.392344][ T5978] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 179.428081][ T5978] UDF-fs: Scanning with blocksize 512 failed [pid 5014] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] rmdir("\x2e\x2f\x31\x35\x35\x2f\x2e\x02" [pid 5014] getdents64(4, [pid 5019] umount2("\x2e\x2f\x31\x36\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] <... rmdir resumed>) = 0 [pid 5014] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... openat resumed>) = 3 [pid 5017] getdents64(3, [pid 5014] close(4 [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] newfstatat(3, "", [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] <... close resumed>) = 0 [pid 5019] <... openat resumed>) = 4 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] close(3 [pid 5014] rmdir("\x2e\x2f\x31\x35\x33\x2f\x2e\x02" [pid 5019] newfstatat(4, "", [pid 5018] getdents64(3, [pid 5017] <... close resumed>) = 0 [pid 5014] <... rmdir resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] rmdir("./155" [pid 5014] getdents64(3, [pid 5019] getdents64(4, [pid 5018] umount2("./159/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... rmdir resumed>) = 0 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] mkdir("./156", 0777 [pid 5014] close(3 [pid 5019] getdents64(4, [pid 5018] newfstatat(AT_FDCWD, "./159/binderfs", [pid 5017] <... mkdir resumed>) = 0 [pid 5014] <... close resumed>) = 0 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5014] rmdir("./153" [pid 5019] close(4 [pid 5018] unlink("./159/binderfs" [pid 5017] <... openat resumed>) = 3 [pid 5014] <... rmdir resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5018] <... unlink resumed>) = 0 [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5014] mkdir("./154", 0777 [pid 5019] rmdir("\x2e\x2f\x31\x36\x30\x2f\x2e\x02" [pid 5018] umount2("\x2e\x2f\x31\x35\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5014] <... mkdir resumed>) = 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5017] close(3 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5019] getdents64(3, [pid 5017] <... close resumed>) = 0 [pid 5014] <... openat resumed>) = 3 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5014] ioctl(3, LOOP_CLR_FD [pid 5019] close(3 [pid 5018] <... umount2 resumed>) = 0 [pid 5014] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5977] <... mount resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x35\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5979 [pid 5014] close(3 [pid 5977] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5019] rmdir("./160" [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... close resumed>) = 0 [pid 5977] <... openat resumed>) = 3 [pid 5019] <... rmdir resumed>) = 0 [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x39\x2f\x2e\x02", [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5977] chdir("\x2e\x02" [ 179.437145][ T5977] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5019] mkdir("./161", 0777 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5977] <... chdir resumed>) = 0 [pid 5019] <... mkdir resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x35\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 5980 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5977] ioctl(4, LOOP_CLR_FD [pid 5019] <... openat resumed>) = 3 [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5979 attached [pid 5977] <... ioctl resumed>) = 0 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5018] <... openat resumed>) = 4 [pid 5979] set_robust_list(0x555557506760, 24 [pid 5977] close(4 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5018] newfstatat(4, "", [pid 5979] <... set_robust_list resumed>) = 0 [pid 5019] close(3 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5979] chdir("./156" [pid 5977] <... close resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5018] getdents64(4, [pid 5979] <... chdir resumed>) = 0 [pid 5977] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5979] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5977] <... open resumed>) = 4 [pid 5018] getdents64(4, ./strace-static-x86_64: Process 5980 attached [pid 5979] <... prctl resumed>) = 0 [pid 5977] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5981 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5979] setpgid(0, 0 [pid 5977] <... mount resumed>) = 0 [pid 5018] close(4 [pid 5979] <... setpgid resumed>) = 0 [pid 5977] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5018] <... close resumed>) = 0 ./strace-static-x86_64: Process 5981 attached [pid 5980] set_robust_list(0x555557506760, 24 [pid 5979] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5977] <... open resumed>) = 5 [pid 5018] rmdir("\x2e\x2f\x31\x35\x39\x2f\x2e\x02" [pid 5981] set_robust_list(0x555557506760, 24 [pid 5980] <... set_robust_list resumed>) = 0 [pid 5979] <... openat resumed>) = 3 [pid 5977] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] <... rmdir resumed>) = 0 [pid 5981] <... set_robust_list resumed>) = 0 [pid 5979] write(3, "1000", 4 [pid 5977] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5018] getdents64(3, [pid 5981] chdir("./161" [pid 5980] chdir("./154" [pid 5979] <... write resumed>) = 4 [pid 5977] ftruncate(-1, 2 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5981] <... chdir resumed>) = 0 [pid 5979] close(3 [pid 5980] <... chdir resumed>) = 0 [pid 5977] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5018] close(3 [pid 5981] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5979] <... close resumed>) = 0 [pid 5977] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5018] <... close resumed>) = 0 [pid 5981] <... prctl resumed>) = 0 [pid 5979] symlink("/dev/binderfs", "./binderfs" [pid 5018] rmdir("./159" [pid 5981] setpgid(0, 0 [pid 5980] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5979] <... symlink resumed>) = 0 [pid 5977] <... mmap resumed>) = 0x20000000 [pid 5018] <... rmdir resumed>) = 0 [pid 5981] <... setpgid resumed>) = 0 [pid 5980] <... prctl resumed>) = 0 [pid 5979] memfd_create("syzkaller", 0 [pid 5977] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5018] mkdir("./160", 0777 [pid 5981] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5980] setpgid(0, 0 [pid 5979] <... memfd_create resumed>) = 3 [pid 5977] <... open resumed>) = -1 EFAULT (Bad address) [pid 5018] <... mkdir resumed>) = 0 [pid 5981] <... openat resumed>) = 3 [pid 5980] <... setpgid resumed>) = 0 [pid 5979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5978] <... mount resumed>) = 0 [pid 5977] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5981] write(3, "1000", 4 [pid 5980] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5979] <... mmap resumed>) = 0x7f3634699000 [pid 5978] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5977] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5018] <... openat resumed>) = 3 [pid 5981] <... write resumed>) = 4 [pid 5980] <... openat resumed>) = 3 [pid 5979] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5978] <... openat resumed>) = 3 [pid 5977] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5981] close(3 [pid 5980] write(3, "1000", 4 [pid 5978] chdir("\x2e\x02" [pid 5977] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5981] <... close resumed>) = 0 [pid 5978] <... chdir resumed>) = 0 [pid 5018] close(3 [pid 5980] <... write resumed>) = 4 [pid 5981] symlink("/dev/binderfs", "./binderfs" [pid 5980] close(3 [pid 5978] ioctl(4, LOOP_CLR_FD [pid 5977] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5018] <... close resumed>) = 0 [pid 5981] <... symlink resumed>) = 0 [pid 5978] <... ioctl resumed>) = 0 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5981] memfd_create("syzkaller", 0 [pid 5980] <... close resumed>) = 0 [pid 5978] close(4 [pid 5977] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5981] <... memfd_create resumed>) = 3 [pid 5980] symlink("/dev/binderfs", "./binderfs" [pid 5978] <... close resumed>) = 0 [pid 5977] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5982 [pid 5981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5978] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5980] <... symlink resumed>) = 0 [pid 5981] <... mmap resumed>) = 0x7f3634699000 [ 179.469215][ T5978] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5979] <... write resumed>) = 1048576 [pid 5978] <... open resumed>) = 4 [pid 5977] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- ./strace-static-x86_64: Process 5982 attached [pid 5981] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5980] memfd_create("syzkaller", 0 [pid 5978] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5982] set_robust_list(0x555557506760, 24 [pid 5980] <... memfd_create resumed>) = 3 [pid 5978] <... mount resumed>) = 0 [pid 5977] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5982] <... set_robust_list resumed>) = 0 [pid 5978] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5977] memfd_create("syzkaller", 0 [pid 5982] chdir("./160" [pid 5980] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5978] <... open resumed>) = 5 [pid 5977] <... memfd_create resumed>) = 6 [pid 5982] <... chdir resumed>) = 0 [pid 5980] <... mmap resumed>) = 0x7f3634699000 [pid 5978] openat(AT_FDCWD, NULL, O_RDWR [pid 5977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5982] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5978] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5982] <... prctl resumed>) = 0 [pid 5978] ftruncate(-1, 2 [pid 5982] setpgid(0, 0 [pid 5979] munmap(0x7f3634699000, 1048576 [pid 5978] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5982] <... setpgid resumed>) = 0 [pid 5978] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5982] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5979] <... munmap resumed>) = 0 [pid 5978] <... mmap resumed>) = 0x20000000 [pid 5982] <... openat resumed>) = 3 [pid 5979] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5978] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5982] write(3, "1000", 4 [pid 5980] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5979] <... openat resumed>) = 4 [pid 5978] <... open resumed>) = -1 EFAULT (Bad address) [pid 5977] <... mmap resumed>) = 0x7f362c399000 [pid 5982] <... write resumed>) = 4 [pid 5979] ioctl(4, LOOP_SET_FD, 3 [pid 5978] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5982] close(3 [pid 5978] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5977] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5982] <... close resumed>) = 0 [pid 5981] <... write resumed>) = 1048576 [pid 5978] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5982] symlink("/dev/binderfs", "./binderfs" [pid 5978] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5977] exit_group(0 [pid 5982] <... symlink resumed>) = 0 [pid 5978] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5977] <... exit_group resumed>) = ? [pid 5982] memfd_create("syzkaller", 0 [pid 5978] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5982] <... memfd_create resumed>) = 3 [pid 5981] munmap(0x7f3634699000, 1048576 [pid 5978] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5982] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5981] <... munmap resumed>) = 0 [pid 5978] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5977] +++ exited with 0 +++ [pid 5982] <... mmap resumed>) = 0x7f3634699000 [pid 5978] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5977, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5982] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5981] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5978] memfd_create("syzkaller", 0 [pid 5982] <... write resumed>) = 1048576 [pid 5981] <... openat resumed>) = 4 [pid 5980] <... write resumed>) = 1048576 [pid 5978] <... memfd_create resumed>) = 6 [pid 5981] ioctl(4, LOOP_SET_FD, 3 [pid 5980] munmap(0x7f3634699000, 1048576 [pid 5978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5015] umount2("./157", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5980] <... munmap resumed>) = 0 [pid 5978] <... mmap resumed>) = 0x7f362c399000 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5978] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5980] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5015] openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5978] exit_group(0 [pid 5015] <... openat resumed>) = 3 [pid 5980] <... openat resumed>) = 4 [pid 5979] <... ioctl resumed>) = 0 [pid 5978] <... exit_group resumed>) = ? [pid 5015] newfstatat(3, "", [pid 5980] ioctl(4, LOOP_SET_FD, 3 [pid 5979] close(3 [pid 5978] +++ exited with 0 +++ [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5979] <... close resumed>) = 0 [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5978, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [ 179.551900][ T5979] loop3: detected capacity change from 0 to 2048 [ 179.584861][ T5981] loop5: detected capacity change from 0 to 2048 [pid 5015] getdents64(3, [pid 5979] mkdir("\x2e\x02", 0777 [pid 5016] restart_syscall(<... resuming interrupted clone ...> [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5979] <... mkdir resumed>) = 0 [pid 5016] <... restart_syscall resumed>) = 0 [pid 5015] umount2("./157/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5979] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(AT_FDCWD, "./157/binderfs", [pid 5016] umount2("./155", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] unlink("./157/binderfs" [pid 5016] openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] <... unlink resumed>) = 0 [pid 5016] <... openat resumed>) = 3 [pid 5015] umount2("\x2e\x2f\x31\x35\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5981] <... ioctl resumed>) = 0 [pid 5016] getdents64(3, [pid 5981] close(3 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5981] <... close resumed>) = 0 [pid 5016] umount2("./155/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5981] mkdir("\x2e\x02", 0777 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5981] <... mkdir resumed>) = 0 [pid 5016] newfstatat(AT_FDCWD, "./155/binderfs", [pid 5982] munmap(0x7f3634699000, 1048576 [pid 5981] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5982] <... munmap resumed>) = 0 [pid 5016] unlink("./155/binderfs") = 0 [pid 5016] umount2("\x2e\x2f\x31\x35\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5015] <... umount2 resumed>) = 0 [pid 5982] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5016] umount2("\x2e\x2f\x31\x35\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] umount2("\x2e\x2f\x31\x35\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x35\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] umount2("\x2e\x2f\x31\x35\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 179.598663][ T5980] loop0: detected capacity change from 0 to 2048 [ 179.605025][ T5979] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 179.605047][ T5979] UDF-fs: Scanning with blocksize 512 failed [ 179.613793][ T5979] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 179.644617][ T5981] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x35\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5982] <... openat resumed>) = 4 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... openat resumed>) = 4 [pid 5982] ioctl(4, LOOP_SET_FD, 3 [pid 5016] newfstatat(4, "", [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x37\x2f\x2e\x02", [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5016] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5016] close(4) = 0 [pid 5016] rmdir("\x2e\x2f\x31\x35\x35\x2f\x2e\x02") = 0 [pid 5016] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] close(3) = 0 [pid 5016] rmdir("./155") = 0 [pid 5016] mkdir("./156", 0777 [pid 5982] <... ioctl resumed>) = 0 [pid 5016] <... mkdir resumed>) = 0 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... openat resumed>) = 3 [pid 5015] umount2("\x2e\x2f\x31\x35\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5016] close(3 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... close resumed>) = 0 [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x37\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5015] <... openat resumed>) = 4 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5983 [pid 5015] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] close(4) = 0 ./strace-static-x86_64: Process 5983 attached [pid 5015] rmdir("\x2e\x2f\x31\x35\x37\x2f\x2e\x02" [pid 5983] set_robust_list(0x555557506760, 24 [pid 5982] close(3 [pid 5983] <... set_robust_list resumed>) = 0 [pid 5982] <... close resumed>) = 0 [ 179.666905][ T5981] UDF-fs: Scanning with blocksize 512 failed [ 179.675276][ T5982] loop4: detected capacity change from 0 to 2048 [pid 5015] <... rmdir resumed>) = 0 [pid 5983] chdir("./156" [pid 5982] mkdir("\x2e\x02", 0777 [pid 5983] <... chdir resumed>) = 0 [pid 5983] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5982] <... mkdir resumed>) = 0 [pid 5980] <... ioctl resumed>) = 0 [pid 5015] getdents64(3, [pid 5983] <... prctl resumed>) = 0 [pid 5983] setpgid(0, 0) = 0 [pid 5983] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5982] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5980] close(3 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5983] <... openat resumed>) = 3 [pid 5983] write(3, "1000", 4 [pid 5015] close(3 [pid 5983] <... write resumed>) = 4 [pid 5980] <... close resumed>) = 0 [pid 5979] <... mount resumed>) = 0 [pid 5015] <... close resumed>) = 0 [pid 5983] close(3 [pid 5979] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5983] <... close resumed>) = 0 [pid 5979] <... openat resumed>) = 3 [pid 5983] symlink("/dev/binderfs", "./binderfs" [pid 5979] chdir("\x2e\x02" [pid 5015] rmdir("./157" [pid 5983] <... symlink resumed>) = 0 [pid 5980] mkdir("\x2e\x02", 0777 [pid 5979] <... chdir resumed>) = 0 [pid 5983] memfd_create("syzkaller", 0 [pid 5979] ioctl(4, LOOP_CLR_FD [pid 5015] <... rmdir resumed>) = 0 [pid 5983] <... memfd_create resumed>) = 3 [pid 5980] <... mkdir resumed>) = 0 [pid 5979] <... ioctl resumed>) = 0 [pid 5015] mkdir("./158", 0777 [pid 5983] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5979] close(4 [pid 5983] <... mmap resumed>) = 0x7f3634699000 [pid 5979] <... close resumed>) = 0 [pid 5015] <... mkdir resumed>) = 0 [pid 5983] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5980] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [pid 5979] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5979] <... open resumed>) = 4 [pid 5979] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5015] <... openat resumed>) = 3 [pid 5979] <... mount resumed>) = 0 [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5979] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5979] openat(AT_FDCWD, NULL, O_RDWR [pid 5015] close(3 [pid 5979] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5015] <... close resumed>) = 0 [pid 5979] ftruncate(-1, 2 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5979] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [ 179.711508][ T5981] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 179.743430][ T5982] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [pid 5979] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5981] <... mount resumed>) = 0 [pid 5979] <... mmap resumed>) = 0x20000000 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5984 [pid 5981] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5979] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5983] <... write resumed>) = 1048576 [pid 5981] <... openat resumed>) = 3 [pid 5979] <... open resumed>) = -1 EFAULT (Bad address) ./strace-static-x86_64: Process 5984 attached [pid 5981] chdir("\x2e\x02" [pid 5979] memfd_create("syzkaller", 0 [pid 5984] set_robust_list(0x555557506760, 24 [pid 5981] <... chdir resumed>) = 0 [pid 5979] <... memfd_create resumed>) = 6 [pid 5984] <... set_robust_list resumed>) = 0 [pid 5981] ioctl(4, LOOP_CLR_FD [pid 5979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5984] chdir("./158" [pid 5981] <... ioctl resumed>) = 0 [pid 5979] <... mmap resumed>) = 0x7f362c399000 [pid 5984] <... chdir resumed>) = 0 [pid 5981] close(4 [pid 5984] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5981] <... close resumed>) = 0 [pid 5984] <... prctl resumed>) = 0 [pid 5981] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5984] setpgid(0, 0 [pid 5981] <... open resumed>) = 4 [pid 5984] <... setpgid resumed>) = 0 [pid 5981] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5981] <... mount resumed>) = 0 [pid 5984] <... openat resumed>) = 3 [pid 5981] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5984] write(3, "1000", 4 [pid 5981] <... open resumed>) = 5 [pid 5984] <... write resumed>) = 4 [pid 5981] openat(AT_FDCWD, NULL, O_RDWR [pid 5984] close(3 [pid 5983] munmap(0x7f3634699000, 1048576 [pid 5981] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5984] <... close resumed>) = 0 [pid 5983] <... munmap resumed>) = 0 [pid 5981] ftruncate(-1, 2 [pid 5984] symlink("/dev/binderfs", "./binderfs" [pid 5981] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5984] <... symlink resumed>) = 0 [pid 5983] openat(AT_FDCWD, "/dev/loop2", O_RDWR [ 179.792436][ T5980] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 179.811642][ T5982] UDF-fs: Scanning with blocksize 512 failed [pid 5981] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5984] memfd_create("syzkaller", 0 [pid 5983] <... openat resumed>) = 4 [pid 5981] <... mmap resumed>) = 0x20000000 [pid 5984] <... memfd_create resumed>) = 3 [pid 5983] ioctl(4, LOOP_SET_FD, 3 [pid 5981] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5984] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5981] <... open resumed>) = -1 EFAULT (Bad address) [pid 5984] <... mmap resumed>) = 0x7f3634699000 [pid 5981] memfd_create("syzkaller", 0 [pid 5984] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5981] <... memfd_create resumed>) = 6 [pid 5981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5983] <... ioctl resumed>) = 0 [pid 5983] close(3) = 0 [pid 5983] mkdir("\x2e\x02", 0777) = 0 [ 179.836673][ T5980] UDF-fs: Scanning with blocksize 512 failed [ 179.849482][ T5983] loop2: detected capacity change from 0 to 2048 [ 179.870301][ T5982] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5983] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5984] <... write resumed>) = 1048576 [pid 5982] <... mount resumed>) = 0 [pid 5982] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5984] munmap(0x7f3634699000, 1048576 [pid 5982] <... openat resumed>) = 3 [pid 5982] chdir("\x2e\x02" [pid 5979] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5984] <... munmap resumed>) = 0 [pid 5982] <... chdir resumed>) = 0 [pid 5984] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5982] ioctl(4, LOOP_CLR_FD [pid 5984] <... openat resumed>) = 4 [pid 5984] ioctl(4, LOOP_SET_FD, 3 [pid 5982] <... ioctl resumed>) = 0 [pid 5982] close(4) = 0 [pid 5982] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5982] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5982] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5981] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5982] <... open resumed>) = 5 [pid 5982] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5982] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [ 179.934011][ T5983] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 179.965972][ T5984] loop1: detected capacity change from 0 to 2048 [pid 5982] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5982] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5979] <... write resumed>) = 2097152 [pid 5984] <... ioctl resumed>) = 0 [pid 5982] <... open resumed>) = -1 EFAULT (Bad address) [pid 5984] close(3) = 0 [pid 5984] mkdir("\x2e\x02", 0777) = 0 [pid 5982] memfd_create("syzkaller", 0 [pid 5984] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5982] <... memfd_create resumed>) = 6 [pid 5982] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [ 179.987493][ T5983] UDF-fs: Scanning with blocksize 512 failed [ 180.023312][ T5984] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [pid 5979] munmap(0x7f362c399000, 2097152) = 0 [pid 5979] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5981] <... write resumed>) = 2097152 [pid 5979] <... openat resumed>) = 7 [pid 5979] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5979] ioctl(7, LOOP_CLR_FD) = 0 [pid 5981] munmap(0x7f362c399000, 2097152 [pid 5979] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5979] close(7 [pid 5981] <... munmap resumed>) = 0 [pid 5979] <... close resumed>) = 0 [ 180.051660][ T5983] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 180.063213][ T5980] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 180.084676][ T5984] UDF-fs: Scanning with blocksize 512 failed [pid 5979] close(6 [pid 5981] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 7 [pid 5981] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5983] <... mount resumed>) = 0 [pid 5981] ioctl(7, LOOP_CLR_FD [pid 5983] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5981] <... ioctl resumed>) = 0 [pid 5983] <... openat resumed>) = 3 [pid 5983] chdir("\x2e\x02") = 0 [pid 5983] ioctl(4, LOOP_CLR_FD) = 0 [pid 5981] ioctl(7, LOOP_SET_FD, 6 [pid 5979] <... close resumed>) = 0 [pid 5983] close(4 [pid 5981] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5983] <... close resumed>) = 0 [pid 5981] close(7 [pid 5983] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5981] <... close resumed>) = 0 [pid 5983] <... open resumed>) = 4 [pid 5981] close(6 [pid 5983] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5979] exit_group(0 [pid 5983] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5979] <... exit_group resumed>) = ? [pid 5983] <... open resumed>) = 5 [pid 5979] +++ exited with 0 +++ [pid 5983] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5982] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5979, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 5983] ftruncate(-1, 2 [pid 5017] umount2("./156", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5983] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 180.099050][ T5984] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 180.137554][ T5980] UDF-fs: Scanning with blocksize 1024 failed [pid 5983] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5017] openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5983] <... mmap resumed>) = 0x20000000 [pid 5017] <... openat resumed>) = 3 [pid 5983] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5981] <... close resumed>) = 0 [pid 5017] newfstatat(3, "", [pid 5983] <... open resumed>) = -1 EFAULT (Bad address) [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5983] memfd_create("syzkaller", 0 [pid 5017] getdents64(3, [pid 5983] <... memfd_create resumed>) = 6 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5984] <... mount resumed>) = 0 [pid 5983] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] umount2("./156/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5983] <... mmap resumed>) = 0x7f362c399000 [pid 5981] exit_group(0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5984] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5981] <... exit_group resumed>) = ? [pid 5017] newfstatat(AT_FDCWD, "./156/binderfs", [pid 5984] <... openat resumed>) = 3 [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5984] chdir("\x2e\x02" [pid 5981] +++ exited with 0 +++ [pid 5017] unlink("./156/binderfs" [pid 5984] <... chdir resumed>) = 0 [pid 5982] <... write resumed>) = 2097152 [pid 5017] <... unlink resumed>) = 0 [pid 5984] ioctl(4, LOOP_CLR_FD [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5981, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5017] umount2("\x2e\x2f\x31\x35\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5984] <... ioctl resumed>) = 0 [pid 5019] umount2("./161", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5984] close(4 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... umount2 resumed>) = 0 [pid 5984] <... close resumed>) = 0 [pid 5019] openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] umount2("\x2e\x2f\x31\x35\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5984] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] <... openat resumed>) = 3 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5984] <... open resumed>) = 4 [pid 5019] newfstatat(3, "", [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x36\x2f\x2e\x02", [pid 5984] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5984] <... mount resumed>) = 0 [pid 5019] getdents64(3, [pid 5017] umount2("\x2e\x2f\x31\x35\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5984] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5982] munmap(0x7f362c399000, 2097152 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5984] <... open resumed>) = 5 [ 180.165099][ T5980] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 180.181277][ T5980] UDF-fs: Scanning with blocksize 2048 failed [pid 5019] umount2("./161/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5984] openat(AT_FDCWD, NULL, O_RDWR [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5984] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5019] newfstatat(AT_FDCWD, "./161/binderfs", [pid 5017] <... openat resumed>) = 4 [pid 5984] ftruncate(-1, 2 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] newfstatat(4, "", [pid 5984] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] unlink("./161/binderfs") = 0 [pid 5019] umount2("\x2e\x2f\x31\x36\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5984] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5984] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5017] getdents64(4, [pid 5984] <... open resumed>) = -1 EFAULT (Bad address) [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5017] getdents64(4, [pid 5984] memfd_create("syzkaller", 0 [pid 5982] <... munmap resumed>) = 0 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5019] <... umount2 resumed>) = 0 [pid 5984] <... memfd_create resumed>) = 6 [pid 5982] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5019] umount2("\x2e\x2f\x31\x36\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] close(4 [pid 5984] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5983] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5982] <... openat resumed>) = 7 [pid 5980] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... close resumed>) = 0 [pid 5984] <... mmap resumed>) = 0x7f362c399000 [pid 5982] ioctl(7, LOOP_SET_FD, 6 [pid 5980] ioctl(4, LOOP_CLR_FD [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x31\x2f\x2e\x02", [pid 5017] rmdir("\x2e\x2f\x31\x35\x36\x2f\x2e\x02" [pid 5982] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5980] <... ioctl resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5982] ioctl(7, LOOP_CLR_FD [pid 5980] close(4 [pid 5019] umount2("\x2e\x2f\x31\x36\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... rmdir resumed>) = 0 [pid 5982] <... ioctl resumed>) = 0 [pid 5980] <... close resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] getdents64(3, [pid 5980] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x31\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5980] <... open resumed>) = 3 [pid 5980] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] <... openat resumed>) = 4 [pid 5017] close(3 [pid 5982] ioctl(7, LOOP_SET_FD, 6 [pid 5980] <... mount resumed>) = 0 [pid 5982] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] newfstatat(4, "", [pid 5982] close(7 [pid 5980] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] <... close resumed>) = 0 [pid 5982] <... close resumed>) = 0 [pid 5980] <... open resumed>) = 4 [pid 5019] getdents64(4, [pid 5017] rmdir("./156" [pid 5982] close(6 [pid 5980] openat(AT_FDCWD, NULL, O_RDWR [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5017] <... rmdir resumed>) = 0 [pid 5980] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5019] getdents64(4, [pid 5017] mkdir("./157", 0777 [pid 5980] ftruncate(-1, 2 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5980] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] close(4 [pid 5017] <... mkdir resumed>) = 0 [pid 5980] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 5019] <... close resumed>) = 0 [ 180.229005][ T5980] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 180.249910][ T5980] UDF-fs: Scanning with blocksize 4096 failed [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5980] <... mmap resumed>) = 0x20000000 [pid 5019] rmdir("\x2e\x2f\x31\x36\x31\x2f\x2e\x02" [pid 5017] <... openat resumed>) = 3 [pid 5980] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] <... rmdir resumed>) = 0 [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5980] <... open resumed>) = -1 EFAULT (Bad address) [pid 5019] getdents64(3, [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5982] <... close resumed>) = 0 [pid 5980] memfd_create("syzkaller", 0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5017] close(3 [pid 5980] <... memfd_create resumed>) = 5 [pid 5019] close(3 [pid 5017] <... close resumed>) = 0 [pid 5980] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] <... close resumed>) = 0 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5980] <... mmap resumed>) = 0x7f362c399000 [pid 5019] rmdir("./161") = 0 [pid 5019] mkdir("./162", 0777 [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5985 [pid 5019] <... mkdir resumed>) = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5019] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5019] close(3) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 5986 [pid 5982] exit_group(0) = ? ./strace-static-x86_64: Process 5985 attached ./strace-static-x86_64: Process 5986 attached [pid 5985] set_robust_list(0x555557506760, 24 [pid 5982] +++ exited with 0 +++ [pid 5986] set_robust_list(0x555557506760, 24 [pid 5985] <... set_robust_list resumed>) = 0 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5982, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5986] <... set_robust_list resumed>) = 0 [pid 5985] chdir("./157" [pid 5018] restart_syscall(<... resuming interrupted clone ...> [pid 5986] chdir("./162" [pid 5985] <... chdir resumed>) = 0 [pid 5983] <... write resumed>) = 2097152 [pid 5018] <... restart_syscall resumed>) = 0 [pid 5986] <... chdir resumed>) = 0 [pid 5985] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5984] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5983] munmap(0x7f362c399000, 2097152 [pid 5986] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5985] <... prctl resumed>) = 0 [pid 5986] <... prctl resumed>) = 0 [pid 5985] setpgid(0, 0 [pid 5983] <... munmap resumed>) = 0 [pid 5018] umount2("./160", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5986] setpgid(0, 0 [pid 5985] <... setpgid resumed>) = 0 [pid 5983] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5986] <... setpgid resumed>) = 0 [pid 5985] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5018] openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5983] <... openat resumed>) = 7 [pid 5986] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5985] <... openat resumed>) = 3 [pid 5018] <... openat resumed>) = 3 [pid 5983] ioctl(7, LOOP_SET_FD, 6 [pid 5986] <... openat resumed>) = 3 [pid 5985] write(3, "1000", 4 [pid 5983] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5980] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5018] newfstatat(3, "", [pid 5986] write(3, "1000", 4 [pid 5985] <... write resumed>) = 4 [pid 5983] ioctl(7, LOOP_CLR_FD [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5986] <... write resumed>) = 4 [pid 5985] close(3 [pid 5983] <... ioctl resumed>) = 0 [pid 5018] getdents64(3, [pid 5986] close(3 [pid 5985] <... close resumed>) = 0 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5986] <... close resumed>) = 0 [pid 5985] symlink("/dev/binderfs", "./binderfs" [pid 5018] umount2("./160/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5986] symlink("/dev/binderfs", "./binderfs" [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5986] <... symlink resumed>) = 0 [pid 5985] <... symlink resumed>) = 0 [pid 5983] ioctl(7, LOOP_SET_FD, 6 [pid 5018] newfstatat(AT_FDCWD, "./160/binderfs", [pid 5986] memfd_create("syzkaller", 0 [pid 5985] memfd_create("syzkaller", 0 [pid 5983] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5986] <... memfd_create resumed>) = 3 [pid 5985] <... memfd_create resumed>) = 3 [pid 5983] close(7 [pid 5018] unlink("./160/binderfs" [pid 5986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5984] <... write resumed>) = 2097152 [pid 5983] <... close resumed>) = 0 [pid 5018] <... unlink resumed>) = 0 [pid 5986] <... mmap resumed>) = 0x7f3634699000 [pid 5980] <... write resumed>) = 2097152 [pid 5018] umount2("\x2e\x2f\x31\x36\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5986] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5985] <... mmap resumed>) = 0x7f3634699000 [pid 5984] munmap(0x7f362c399000, 2097152 [pid 5983] close(6 [pid 5980] munmap(0x7f362c399000, 2097152 [pid 5018] <... umount2 resumed>) = 0 [pid 5985] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5018] umount2("\x2e\x2f\x31\x36\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x30\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] umount2("\x2e\x2f\x31\x36\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5984] <... munmap resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5018] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5018] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] close(4) = 0 [pid 5018] rmdir("\x2e\x2f\x31\x36\x30\x2f\x2e\x02") = 0 [pid 5018] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] close(3) = 0 [pid 5018] rmdir("./160") = 0 [pid 5018] mkdir("./161", 0777 [pid 5984] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5980] <... munmap resumed>) = 0 [pid 5018] <... mkdir resumed>) = 0 [pid 5984] <... openat resumed>) = 7 [pid 5980] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5985] <... write resumed>) = 1048576 [pid 5984] ioctl(7, LOOP_SET_FD, 6 [pid 5980] <... openat resumed>) = 6 [pid 5018] <... openat resumed>) = 3 [pid 5984] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5980] ioctl(6, LOOP_SET_FD, 5 [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5986] <... write resumed>) = 1048576 [pid 5984] ioctl(7, LOOP_CLR_FD [pid 5983] <... close resumed>) = 0 [pid 5980] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5985] munmap(0x7f3634699000, 1048576 [pid 5984] <... ioctl resumed>) = 0 [pid 5983] exit_group(0 [pid 5980] ioctl(6, LOOP_CLR_FD [pid 5018] close(3 [pid 5983] <... exit_group resumed>) = ? [pid 5980] <... ioctl resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5986] munmap(0x7f3634699000, 1048576 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5986] <... munmap resumed>) = 0 [pid 5983] +++ exited with 0 +++ [pid 5984] ioctl(7, LOOP_SET_FD, 6 [pid 5980] ioctl(6, LOOP_SET_FD, 5 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5987 [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5983, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 5986] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5984] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5980] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5986] <... openat resumed>) = 4 [pid 5984] close(7 [pid 5980] close(6./strace-static-x86_64: Process 5987 attached [pid 5986] ioctl(4, LOOP_SET_FD, 3 [pid 5984] <... close resumed>) = 0 [pid 5980] <... close resumed>) = 0 [pid 5016] umount2("./156", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5987] set_robust_list(0x555557506760, 24 [pid 5985] <... munmap resumed>) = 0 [pid 5984] close(6 [pid 5980] close(5 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5987] <... set_robust_list resumed>) = 0 [pid 5016] openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5987] chdir("./161" [pid 5016] <... openat resumed>) = 3 [pid 5987] <... chdir resumed>) = 0 [pid 5016] newfstatat(3, "", [pid 5987] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5987] <... prctl resumed>) = 0 [pid 5016] getdents64(3, [pid 5987] setpgid(0, 0 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5987] <... setpgid resumed>) = 0 [pid 5016] umount2("./156/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5987] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5987] <... openat resumed>) = 3 [pid 5016] newfstatat(AT_FDCWD, "./156/binderfs", [pid 5987] write(3, "1000", 4 [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5987] <... write resumed>) = 4 [pid 5016] unlink("./156/binderfs" [pid 5987] close(3 [pid 5016] <... unlink resumed>) = 0 [pid 5987] <... close resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x35\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5987] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5987] memfd_create("syzkaller", 0) = 3 [pid 5987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5985] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5987] <... mmap resumed>) = 0x7f3634699000 [pid 5985] <... openat resumed>) = 4 [pid 5987] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5985] ioctl(4, LOOP_SET_FD, 3 [pid 5984] <... close resumed>) = 0 [pid 5986] <... ioctl resumed>) = 0 [pid 5986] close(3) = 0 [pid 5986] mkdir("\x2e\x02", 0777) = 0 [pid 5986] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5985] <... ioctl resumed>) = 0 [pid 5985] close(3 [pid 5980] <... close resumed>) = 0 [pid 5985] <... close resumed>) = 0 [pid 5984] exit_group(0 [pid 5980] exit_group(0 [pid 5985] mkdir("\x2e\x02", 0777 [pid 5984] <... exit_group resumed>) = ? [pid 5016] <... umount2 resumed>) = 0 [ 180.509295][ T5986] loop5: detected capacity change from 0 to 2048 [ 180.544509][ T5985] loop3: detected capacity change from 0 to 2048 [pid 5987] <... write resumed>) = 1048576 [pid 5985] <... mkdir resumed>) = 0 [pid 5984] +++ exited with 0 +++ [pid 5980] <... exit_group resumed>) = ? [pid 5016] umount2("\x2e\x2f\x31\x35\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5985] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x36\x2f\x2e\x02", [pid 5980] +++ exited with 0 +++ [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] umount2("\x2e\x2f\x31\x35\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5980, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] restart_syscall(<... resuming interrupted clone ...> [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] <... restart_syscall resumed>) = 0 [pid 5987] munmap(0x7f3634699000, 1048576 [pid 5016] <... openat resumed>) = 4 [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5984, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- [pid 5016] newfstatat(4, "", [pid 5015] umount2("./158", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5987] <... munmap resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] umount2("./154", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5987] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5016] getdents64(4, [pid 5015] openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5987] <... openat resumed>) = 4 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] <... openat resumed>) = 3 [pid 5014] openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5987] ioctl(4, LOOP_SET_FD, 3 [pid 5016] getdents64(4, [pid 5015] newfstatat(3, "", [pid 5014] <... openat resumed>) = 3 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5014] newfstatat(3, "", [pid 5016] close(4 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... close resumed>) = 0 [pid 5014] getdents64(3, [pid 5016] rmdir("\x2e\x2f\x31\x35\x36\x2f\x2e\x02" [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 5 entries */, 32768) = 128 [pid 5016] <... rmdir resumed>) = 0 [pid 5014] umount2("./154/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] close(3) = 0 [pid 5016] rmdir("./156") = 0 [pid 5016] mkdir("./157", 0777) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5015] getdents64(3, [pid 5016] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 180.578900][ T5986] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 180.599283][ T5985] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 180.614137][ T5987] loop4: detected capacity change from 0 to 2048 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] <... umount2 resumed>) = 0 [pid 5016] close(3 [pid 5015] umount2("./158/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] umount2("./154/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... close resumed>) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5014] newfstatat(AT_FDCWD, "./154/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5988 [pid 5014] unlink("./154/bus") = 0 [pid 5014] umount2("./154/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5014] newfstatat(AT_FDCWD, "./154/binderfs", [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] unlink("./154/binderfs") = 0 [pid 5987] <... ioctl resumed>) = 0 [pid 5015] newfstatat(AT_FDCWD, "./158/binderfs", [pid 5014] umount2("\x2e\x2f\x31\x35\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5988 attached ) = -1 EINVAL (Invalid argument) [pid 5988] set_robust_list(0x555557506760, 24 [pid 5014] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x34\x2f\x2e\x02", [pid 5988] <... set_robust_list resumed>) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5988] chdir("./157" [pid 5987] close(3 [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] umount2("\x2e\x2f\x31\x35\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5988] <... chdir resumed>) = 0 [pid 5987] <... close resumed>) = 0 [pid 5985] <... mount resumed>) = 0 [pid 5015] unlink("./158/binderfs" [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5988] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5987] mkdir("\x2e\x02", 0777 [pid 5985] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5014] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5988] <... prctl resumed>) = 0 [pid 5987] <... mkdir resumed>) = 0 [pid 5015] <... unlink resumed>) = 0 [pid 5014] <... openat resumed>) = 4 [pid 5988] setpgid(0, 0 [pid 5987] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5985] <... openat resumed>) = 3 [pid 5015] umount2("\x2e\x2f\x31\x35\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] newfstatat(4, "", [pid 5988] <... setpgid resumed>) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5985] chdir("\x2e\x02" [pid 5014] getdents64(4, [pid 5988] <... openat resumed>) = 3 [pid 5014] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5988] write(3, "1000", 4 [pid 5014] getdents64(4, [pid 5988] <... write resumed>) = 4 [pid 5014] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5988] close(3 [pid 5014] close(4 [pid 5988] <... close resumed>) = 0 [pid 5014] <... close resumed>) = 0 [pid 5988] symlink("/dev/binderfs", "./binderfs" [pid 5014] rmdir("\x2e\x2f\x31\x35\x34\x2f\x2e\x02" [pid 5988] <... symlink resumed>) = 0 [pid 5985] <... chdir resumed>) = 0 [pid 5014] <... rmdir resumed>) = 0 [pid 5988] memfd_create("syzkaller", 0 [pid 5015] <... umount2 resumed>) = 0 [pid 5014] getdents64(3, [pid 5988] <... memfd_create resumed>) = 3 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [ 180.624130][ T5986] UDF-fs: Scanning with blocksize 512 failed [ 180.631088][ T5985] UDF-fs: Scanning with blocksize 512 failed [ 180.642457][ T5985] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 180.660415][ T5987] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [pid 5988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5014] close(3 [pid 5988] <... mmap resumed>) = 0x7f3634699000 [pid 5014] <... close resumed>) = 0 [pid 5985] ioctl(4, LOOP_CLR_FD [pid 5015] umount2("\x2e\x2f\x31\x35\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] rmdir("./154" [pid 5988] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5014] <... rmdir resumed>) = 0 [pid 5014] mkdir("./155", 0777) = 0 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5014] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5014] close(3) = 0 [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5985] <... ioctl resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5989 attached [pid 5985] close(4 [pid 5988] <... write resumed>) = 1048576 [pid 5986] <... mount resumed>) = 0 [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x38\x2f\x2e\x02", [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 5989 [pid 5989] set_robust_list(0x555557506760, 24 [pid 5988] munmap(0x7f3634699000, 1048576 [pid 5986] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5985] <... close resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5989] <... set_robust_list resumed>) = 0 [pid 5988] <... munmap resumed>) = 0 [pid 5986] <... openat resumed>) = 3 [pid 5985] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5015] umount2("\x2e\x2f\x31\x35\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5989] chdir("./155" [pid 5988] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5986] chdir("\x2e\x02" [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5989] <... chdir resumed>) = 0 [pid 5988] <... openat resumed>) = 4 [pid 5986] <... chdir resumed>) = 0 [pid 5985] <... open resumed>) = 4 [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5989] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5988] ioctl(4, LOOP_SET_FD, 3 [pid 5986] ioctl(4, LOOP_CLR_FD [pid 5985] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5015] <... openat resumed>) = 4 [pid 5989] <... prctl resumed>) = 0 [pid 5986] <... ioctl resumed>) = 0 [pid 5015] newfstatat(4, "", [pid 5989] setpgid(0, 0 [pid 5986] close(4 [pid 5985] <... mount resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5989] <... setpgid resumed>) = 0 [pid 5986] <... close resumed>) = 0 [pid 5985] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5015] getdents64(4, [pid 5989] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5986] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5985] <... open resumed>) = 5 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5989] <... openat resumed>) = 3 [pid 5987] <... mount resumed>) = 0 [pid 5986] <... open resumed>) = 4 [pid 5985] openat(AT_FDCWD, NULL, O_RDWR [pid 5015] getdents64(4, [pid 5989] write(3, "1000", 4 [pid 5986] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5985] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5989] <... write resumed>) = 4 [pid 5987] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5986] <... mount resumed>) = 0 [pid 5985] ftruncate(-1, 2 [pid 5015] close(4 [pid 5989] close(3 [pid 5987] <... openat resumed>) = 3 [pid 5986] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5985] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5015] <... close resumed>) = 0 [pid 5989] <... close resumed>) = 0 [pid 5987] chdir("\x2e\x02" [pid 5986] <... open resumed>) = 5 [pid 5985] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5015] rmdir("\x2e\x2f\x31\x35\x38\x2f\x2e\x02" [pid 5989] symlink("/dev/binderfs", "./binderfs" [pid 5986] openat(AT_FDCWD, NULL, O_RDWR [pid 5985] <... mmap resumed>) = 0x20000000 [pid 5987] <... chdir resumed>) = 0 [pid 5015] <... rmdir resumed>) = 0 [pid 5989] <... symlink resumed>) = 0 [pid 5988] <... ioctl resumed>) = 0 [pid 5987] ioctl(4, LOOP_CLR_FD [pid 5986] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5985] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5015] getdents64(3, [pid 5989] memfd_create("syzkaller", 0 [pid 5988] close(3 [pid 5987] <... ioctl resumed>) = 0 [pid 5986] ftruncate(-1, 2 [pid 5985] <... open resumed>) = -1 EFAULT (Bad address) [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5989] <... memfd_create resumed>) = 3 [pid 5988] <... close resumed>) = 0 [pid 5987] close(4 [pid 5986] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5985] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5015] close(3 [pid 5989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5988] mkdir("\x2e\x02", 0777 [pid 5987] <... close resumed>) = 0 [pid 5986] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5985] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5015] <... close resumed>) = 0 [pid 5989] <... mmap resumed>) = 0x7f3634699000 [pid 5988] <... mkdir resumed>) = 0 [pid 5987] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5986] <... mmap resumed>) = 0x20000000 [pid 5985] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5015] rmdir("./158" [pid 5989] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [ 180.677006][ T5987] UDF-fs: Scanning with blocksize 512 failed [ 180.685674][ T5986] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 180.698034][ T5987] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 180.710409][ T5988] loop2: detected capacity change from 0 to 2048 [pid 5988] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5986] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5985] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5015] <... rmdir resumed>) = 0 [pid 5987] <... open resumed>) = 4 [pid 5986] <... open resumed>) = -1 EFAULT (Bad address) [pid 5985] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5015] mkdir("./159", 0777 [pid 5987] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5986] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5985] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5015] <... mkdir resumed>) = 0 [pid 5987] <... mount resumed>) = 0 [pid 5986] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5985] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5987] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5986] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5985] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5015] <... openat resumed>) = 3 [pid 5987] <... open resumed>) = 5 [pid 5986] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5987] openat(AT_FDCWD, NULL, O_RDWR [pid 5986] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5985] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5989] <... write resumed>) = 1048576 [pid 5987] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5986] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5015] close(3 [pid 5989] munmap(0x7f3634699000, 1048576 [pid 5987] ftruncate(-1, 2 [pid 5986] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5985] memfd_create("syzkaller", 0 [pid 5015] <... close resumed>) = 0 [pid 5986] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5989] <... munmap resumed>) = 0 [pid 5987] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5986] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5985] <... memfd_create resumed>) = 6 [pid 5989] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5987] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5986] memfd_create("syzkaller", 0 [pid 5985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5990 ./strace-static-x86_64: Process 5990 attached [pid 5989] <... openat resumed>) = 4 [pid 5987] <... mmap resumed>) = 0x20000000 [pid 5986] <... memfd_create resumed>) = 6 [pid 5985] <... mmap resumed>) = 0x7f362c399000 [pid 5990] set_robust_list(0x555557506760, 24 [ 180.772444][ T5988] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 180.793908][ T5988] UDF-fs: Scanning with blocksize 512 failed [ 180.810099][ T5988] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5989] ioctl(4, LOOP_SET_FD, 3 [pid 5987] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5985] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5990] <... set_robust_list resumed>) = 0 [pid 5986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5990] chdir("./159" [pid 5989] <... ioctl resumed>) = 0 [pid 5987] <... open resumed>) = -1 EFAULT (Bad address) [pid 5985] exit_group(0 [pid 5990] <... chdir resumed>) = 0 [pid 5989] close(3 [pid 5985] <... exit_group resumed>) = ? [pid 5990] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5989] <... close resumed>) = 0 [pid 5985] +++ exited with 0 +++ [pid 5990] <... prctl resumed>) = 0 [pid 5989] mkdir("\x2e\x02", 0777 [pid 5988] <... mount resumed>) = 0 [pid 5990] setpgid(0, 0 [pid 5989] <... mkdir resumed>) = 0 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5985, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5990] <... setpgid resumed>) = 0 [pid 5989] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [pid 5988] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5990] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5988] <... openat resumed>) = 3 [pid 5990] <... openat resumed>) = 3 [pid 5988] chdir("\x2e\x02" [pid 5990] write(3, "1000", 4 [pid 5988] <... chdir resumed>) = 0 [pid 5017] umount2("./157", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5990] <... write resumed>) = 4 [pid 5988] ioctl(4, LOOP_CLR_FD [pid 5987] memfd_create("syzkaller", 0 [pid 5986] munmap(0x7f362c399000, 138412032 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5990] close(3 [pid 5988] <... ioctl resumed>) = 0 [pid 5987] <... memfd_create resumed>) = 6 [pid 5986] <... munmap resumed>) = 0 [pid 5017] openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5990] <... close resumed>) = 0 [pid 5988] close(4 [pid 5987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5986] close(6 [pid 5017] <... openat resumed>) = 3 [pid 5990] symlink("/dev/binderfs", "./binderfs" [pid 5988] <... close resumed>) = 0 [pid 5987] <... mmap resumed>) = 0x7f362c399000 [pid 5986] <... close resumed>) = 0 [pid 5017] newfstatat(3, "", [pid 5990] <... symlink resumed>) = 0 [pid 5988] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5987] munmap(0x7f362c399000, 138412032 [pid 5986] exit_group(0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5990] memfd_create("syzkaller", 0 [pid 5988] <... open resumed>) = 4 [pid 5987] <... munmap resumed>) = 0 [pid 5986] <... exit_group resumed>) = ? [pid 5017] getdents64(3, [pid 5990] <... memfd_create resumed>) = 3 [pid 5988] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5987] close(6 [pid 5986] +++ exited with 0 +++ [ 180.820161][ T5989] loop0: detected capacity change from 0 to 2048 [ 180.821607][ T5986] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5988] <... mount resumed>) = 0 [pid 5987] <... close resumed>) = 0 [pid 5017] umount2("./157/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5988] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5987] exit_group(0 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5986, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5988] <... open resumed>) = 5 [pid 5987] <... exit_group resumed>) = ? [pid 5019] umount2("./162", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] newfstatat(AT_FDCWD, "./157/binderfs", [pid 5988] openat(AT_FDCWD, NULL, O_RDWR [pid 5987] +++ exited with 0 +++ [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5988] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5019] openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] unlink("./157/binderfs" [pid 5988] ftruncate(-1, 2 [pid 5019] <... openat resumed>) = 3 [pid 5017] <... unlink resumed>) = 0 [pid 5988] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] newfstatat(3, "", [pid 5017] umount2("\x2e\x2f\x31\x35\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5988] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5988] <... mmap resumed>) = 0x20000000 [pid 5019] getdents64(3, [pid 5988] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5988] <... open resumed>) = -1 EFAULT (Bad address) [pid 5019] umount2("./162/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5990] <... mmap resumed>) = 0x7f3634699000 [pid 5988] memfd_create("syzkaller", 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... umount2 resumed>) = 0 [pid 5988] <... memfd_create resumed>) = 6 [pid 5019] newfstatat(AT_FDCWD, "./162/binderfs", [pid 5017] umount2("\x2e\x2f\x31\x35\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5988] <... mmap resumed>) = 0x7f362c399000 [pid 5019] unlink("./162/binderfs" [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5987, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x37\x2f\x2e\x02", [pid 5990] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5019] <... unlink resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] umount2("\x2e\x2f\x31\x36\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] umount2("\x2e\x2f\x31\x35\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x37\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] umount2("./161", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... openat resumed>) = 4 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(4, "", [pid 5018] openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] <... openat resumed>) = 3 [pid 5017] getdents64(4, [pid 5018] newfstatat(3, "", [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] getdents64(4, [pid 5018] getdents64(3, [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] close(4 [pid 5018] umount2("./161/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... close resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] rmdir("\x2e\x2f\x31\x35\x37\x2f\x2e\x02" [pid 5018] newfstatat(AT_FDCWD, "./161/binderfs", [pid 5017] <... rmdir resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] getdents64(3, [pid 5018] unlink("./161/binderfs" [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] <... unlink resumed>) = 0 [pid 5017] close(3 [pid 5018] umount2("\x2e\x2f\x31\x36\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... close resumed>) = 0 [pid 5017] rmdir("./157") = 0 [pid 5017] mkdir("./158", 0777) = 0 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5017] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5017] close(3) = 0 [ 180.876801][ T5989] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 5991 ./strace-static-x86_64: Process 5991 attached [pid 5991] set_robust_list(0x555557506760, 24) = 0 [pid 5991] chdir("./158") = 0 [pid 5991] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5991] setpgid(0, 0) = 0 [pid 5991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5991] write(3, "1000", 4) = 4 [pid 5991] close(3) = 0 [pid 5991] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5990] <... write resumed>) = 1048576 [pid 5991] memfd_create("syzkaller", 0 [pid 5990] munmap(0x7f3634699000, 1048576) = 0 [pid 5988] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5991] <... memfd_create resumed>) = 3 [pid 5991] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5990] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5018] <... umount2 resumed>) = 0 [pid 5990] ioctl(4, LOOP_SET_FD, 3 [pid 5019] <... umount2 resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x36\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] umount2("\x2e\x2f\x31\x36\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x32\x2f\x2e\x02", [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x31\x2f\x2e\x02", [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5991] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5019] umount2("\x2e\x2f\x31\x36\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] umount2("\x2e\x2f\x31\x36\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] <... openat resumed>) = 4 [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x31\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5990] <... ioctl resumed>) = 0 [pid 5019] newfstatat(4, "", [pid 5018] <... openat resumed>) = 4 [pid 5990] close(3 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] newfstatat(4, "", [pid 5990] <... close resumed>) = 0 [pid 5019] getdents64(4, [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5990] mkdir("\x2e\x02", 0777 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5018] getdents64(4, [pid 5990] <... mkdir resumed>) = 0 [pid 5990] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5019] getdents64(4, [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] getdents64(4, [pid 5019] close(4 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5019] <... close resumed>) = 0 [pid 5018] close(4 [pid 5019] rmdir("\x2e\x2f\x31\x36\x32\x2f\x2e\x02" [pid 5018] <... close resumed>) = 0 [ 180.944505][ T5989] UDF-fs: Scanning with blocksize 512 failed [ 180.975462][ T5990] loop1: detected capacity change from 0 to 2048 [pid 5991] <... write resumed>) = 1048576 [pid 5019] <... rmdir resumed>) = 0 [pid 5018] rmdir("\x2e\x2f\x31\x36\x31\x2f\x2e\x02" [pid 5019] getdents64(3, [pid 5018] <... rmdir resumed>) = 0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] getdents64(3, [pid 5019] close(3 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5019] <... close resumed>) = 0 [pid 5018] close(3 [pid 5019] rmdir("./162" [pid 5018] <... close resumed>) = 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5018] rmdir("./161" [pid 5019] mkdir("./163", 0777) = 0 [pid 5018] <... rmdir resumed>) = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5018] mkdir("./162", 0777 [pid 5991] munmap(0x7f3634699000, 1048576 [pid 5019] <... openat resumed>) = 3 [pid 5018] <... mkdir resumed>) = 0 [pid 5991] <... munmap resumed>) = 0 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5018] <... openat resumed>) = 3 [pid 5991] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5991] ioctl(4, LOOP_SET_FD, 3 [pid 5019] close(3 [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5988] <... write resumed>) = 2097152 [pid 5019] <... close resumed>) = 0 [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5018] close(3) = 0 [pid 5988] munmap(0x7f362c399000, 2097152 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5992 ./strace-static-x86_64: Process 5992 attached [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5993 [pid 5992] set_robust_list(0x555557506760, 24) = 0 [pid 5992] chdir("./163") = 0 [pid 5988] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 5993 attached [pid 5992] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5993] set_robust_list(0x555557506760, 24) = 0 [pid 5992] <... prctl resumed>) = 0 [pid 5992] setpgid(0, 0 [pid 5993] chdir("./162" [pid 5992] <... setpgid resumed>) = 0 [pid 5993] <... chdir resumed>) = 0 [pid 5992] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [ 181.020876][ T5990] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 181.042725][ T5990] UDF-fs: Scanning with blocksize 512 failed [ 181.045455][ T5991] loop3: detected capacity change from 0 to 2048 [pid 5988] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5993] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5992] <... openat resumed>) = 3 [pid 5988] <... openat resumed>) = 7 [pid 5993] <... prctl resumed>) = 0 [pid 5988] ioctl(7, LOOP_SET_FD, 6 [pid 5993] setpgid(0, 0 [pid 5992] write(3, "1000", 4 [pid 5988] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5993] <... setpgid resumed>) = 0 [pid 5988] ioctl(7, LOOP_CLR_FD [pid 5993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5992] <... write resumed>) = 4 [pid 5988] <... ioctl resumed>) = 0 [pid 5993] <... openat resumed>) = 3 [pid 5993] write(3, "1000", 4) = 4 [pid 5993] close(3) = 0 [pid 5992] close(3 [pid 5993] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5992] <... close resumed>) = 0 [pid 5993] memfd_create("syzkaller", 0 [pid 5991] <... ioctl resumed>) = 0 [pid 5988] ioctl(7, LOOP_SET_FD, 6 [pid 5992] symlink("/dev/binderfs", "./binderfs" [pid 5993] <... memfd_create resumed>) = 3 [pid 5991] close(3 [pid 5988] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5992] <... symlink resumed>) = 0 [pid 5991] <... close resumed>) = 0 [pid 5988] close(7 [pid 5993] <... mmap resumed>) = 0x7f3634699000 [pid 5991] mkdir("\x2e\x02", 0777 [pid 5988] <... close resumed>) = 0 [pid 5992] memfd_create("syzkaller", 0 [pid 5991] <... mkdir resumed>) = 0 [pid 5988] close(6 [pid 5992] <... memfd_create resumed>) = 3 [pid 5991] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5988] <... close resumed>) = 0 [ 181.082801][ T5989] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 181.101893][ T5990] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5993] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5990] <... mount resumed>) = 0 [pid 5988] exit_group(0) = ? [pid 5990] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5990] chdir("\x2e\x02" [pid 5988] +++ exited with 0 +++ [pid 5990] <... chdir resumed>) = 0 [pid 5990] ioctl(4, LOOP_CLR_FD [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5988, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 5990] <... ioctl resumed>) = 0 [pid 5016] umount2("./157", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5992] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [ 181.139327][ T5989] UDF-fs: Scanning with blocksize 1024 failed [ 181.140176][ T5991] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 181.153619][ T5989] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [pid 5990] close(4 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5993] <... write resumed>) = 1048576 [pid 5992] <... write resumed>) = 1048576 [pid 5990] <... close resumed>) = 0 [pid 5016] openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5990] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5016] <... openat resumed>) = 3 [pid 5993] munmap(0x7f3634699000, 1048576 [pid 5992] munmap(0x7f3634699000, 1048576 [pid 5990] <... open resumed>) = 4 [pid 5016] newfstatat(3, "", [pid 5993] <... munmap resumed>) = 0 [pid 5992] <... munmap resumed>) = 0 [pid 5990] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5993] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5992] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5990] <... mount resumed>) = 0 [pid 5016] getdents64(3, [pid 5993] <... openat resumed>) = 4 [pid 5992] <... openat resumed>) = 4 [pid 5990] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5993] ioctl(4, LOOP_SET_FD, 3 [ 181.174394][ T5991] UDF-fs: Scanning with blocksize 512 failed [ 181.186807][ T5989] UDF-fs: Scanning with blocksize 2048 failed [ 181.197771][ T27] kauditd_printk_skb: 30 callbacks suppressed [ 181.197784][ T27] audit: type=1800 audit(1692541384.858:957): pid=5990 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop1" ino=851 res=0 errno=0 [ 181.211430][ T5992] loop5: detected capacity change from 0 to 2048 [pid 5992] ioctl(4, LOOP_SET_FD, 3 [pid 5990] <... open resumed>) = 5 [pid 5016] umount2("./157/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5990] openat(AT_FDCWD, NULL, O_RDWR [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5990] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5016] newfstatat(AT_FDCWD, "./157/binderfs", [pid 5993] <... ioctl resumed>) = 0 [pid 5993] close(3) = 0 [pid 5993] mkdir("\x2e\x02", 0777) = 0 [pid 5990] ftruncate(-1, 2 [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5990] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5016] unlink("./157/binderfs" [pid 5990] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5016] <... unlink resumed>) = 0 [pid 5990] <... mmap resumed>) = 0x20000000 [pid 5016] umount2("\x2e\x2f\x31\x35\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5990] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5993] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5990] <... open resumed>) = -1 EFAULT (Bad address) [pid 5992] <... ioctl resumed>) = 0 [pid 5992] close(3) = 0 [pid 5992] mkdir("\x2e\x02", 0777) = 0 [pid 5992] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5991] <... mount resumed>) = 0 [pid 5991] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [ 181.230914][ T5989] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 181.241678][ T5991] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 181.246829][ T5993] loop4: detected capacity change from 0 to 2048 [ 181.257502][ T5989] UDF-fs: Scanning with blocksize 4096 failed [pid 5991] chdir("\x2e\x02" [pid 5990] memfd_create("syzkaller", 0 [pid 5016] <... umount2 resumed>) = 0 [pid 5991] <... chdir resumed>) = 0 [pid 5991] ioctl(4, LOOP_CLR_FD [pid 5990] <... memfd_create resumed>) = 6 [pid 5016] umount2("\x2e\x2f\x31\x35\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5991] <... ioctl resumed>) = 0 [pid 5990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5991] close(4 [pid 5990] <... mmap resumed>) = 0x7f362c399000 [pid 5989] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5991] <... close resumed>) = 0 [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x37\x2f\x2e\x02", [pid 5991] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5989] ioctl(4, LOOP_CLR_FD [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5989] <... ioctl resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x35\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 181.289404][ T5993] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 181.301059][ T5992] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 181.305382][ T5993] UDF-fs: Scanning with blocksize 512 failed [ 181.310807][ T5992] UDF-fs: Scanning with blocksize 512 failed [pid 5989] close(4 [pid 5991] <... open resumed>) = 4 [pid 5989] <... close resumed>) = 0 [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x37\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5989] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5016] <... openat resumed>) = 4 [pid 5991] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5989] <... open resumed>) = 3 [pid 5016] newfstatat(4, "", [pid 5989] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5991] <... mount resumed>) = 0 [pid 5989] <... mount resumed>) = 0 [pid 5016] getdents64(4, [pid 5991] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5989] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5991] <... open resumed>) = 5 [pid 5991] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5989] <... open resumed>) = 4 [pid 5016] getdents64(4, [pid 5991] ftruncate(-1, 2 [pid 5989] openat(AT_FDCWD, NULL, O_RDWR [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5991] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5989] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5016] close(4 [pid 5991] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5989] ftruncate(-1, 2 [pid 5016] <... close resumed>) = 0 [pid 5991] <... mmap resumed>) = 0x20000000 [pid 5989] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5016] rmdir("\x2e\x2f\x31\x35\x37\x2f\x2e\x02" [pid 5991] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5989] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 5991] <... open resumed>) = -1 EFAULT (Bad address) [pid 5016] <... rmdir resumed>) = 0 [pid 5991] memfd_create("syzkaller", 0 [pid 5989] <... mmap resumed>) = 0x20000000 [pid 5016] getdents64(3, [pid 5991] <... memfd_create resumed>) = 6 [pid 5989] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5991] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5989] <... open resumed>) = -1 EFAULT (Bad address) [pid 5016] close(3 [pid 5991] <... mmap resumed>) = 0x7f362c399000 [pid 5990] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5989] memfd_create("syzkaller", 0 [pid 5016] <... close resumed>) = 0 [pid 5989] <... memfd_create resumed>) = 5 [pid 5016] rmdir("./157" [ 181.326657][ T27] audit: type=1800 audit(1692541384.988:958): pid=5991 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop3" ino=851 res=0 errno=0 [ 181.375447][ T5993] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5016] <... rmdir resumed>) = 0 [pid 5989] <... mmap resumed>) = 0x7f362c399000 [pid 5016] mkdir("./158", 0777) = 0 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5016] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5016] close(3) = 0 [pid 5992] <... mount resumed>) = 0 [pid 5992] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5992] chdir("\x2e\x02" [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5992] <... chdir resumed>) = 0 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 5994 [pid 5993] <... mount resumed>) = 0 [pid 5993] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5993] chdir("\x2e\x02" [pid 5992] ioctl(4, LOOP_CLR_FD [pid 5993] <... chdir resumed>) = 0 [pid 5992] <... ioctl resumed>) = 0 [pid 5991] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152./strace-static-x86_64: Process 5994 attached [pid 5993] ioctl(4, LOOP_CLR_FD [pid 5992] close(4) = 0 [pid 5992] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [ 181.387936][ T5992] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5992] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5994] set_robust_list(0x555557506760, 24 [pid 5993] <... ioctl resumed>) = 0 [pid 5992] <... mount resumed>) = 0 [pid 5989] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5994] <... set_robust_list resumed>) = 0 [pid 5993] close(4 [pid 5992] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5994] chdir("./158" [pid 5993] <... close resumed>) = 0 [pid 5992] <... open resumed>) = 5 [pid 5994] <... chdir resumed>) = 0 [pid 5993] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5992] openat(AT_FDCWD, NULL, O_RDWR [pid 5994] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5992] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5994] <... prctl resumed>) = 0 [pid 5993] <... open resumed>) = 4 [pid 5992] ftruncate(-1, 2 [pid 5990] <... write resumed>) = 2097152 [pid 5994] setpgid(0, 0 [pid 5993] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5992] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5990] munmap(0x7f362c399000, 2097152 [pid 5994] <... setpgid resumed>) = 0 [pid 5993] <... mount resumed>) = 0 [pid 5992] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5993] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5992] <... mmap resumed>) = 0x20000000 [pid 5994] <... openat resumed>) = 3 [pid 5993] <... open resumed>) = 5 [pid 5992] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5994] write(3, "1000", 4 [pid 5993] openat(AT_FDCWD, NULL, O_RDWR [pid 5992] <... open resumed>) = -1 EFAULT (Bad address) [pid 5990] <... munmap resumed>) = 0 [pid 5994] <... write resumed>) = 4 [pid 5993] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5992] memfd_create("syzkaller", 0 [pid 5990] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5994] close(3 [pid 5993] ftruncate(-1, 2 [pid 5992] <... memfd_create resumed>) = 6 [pid 5990] <... openat resumed>) = 7 [pid 5994] <... close resumed>) = 0 [pid 5993] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 181.432974][ T27] audit: type=1800 audit(1692541385.018:959): pid=5989 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="sda1" ino=1950 res=0 errno=0 [pid 5990] ioctl(7, LOOP_SET_FD, 6 [pid 5994] symlink("/dev/binderfs", "./binderfs" [pid 5993] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5992] <... mmap resumed>) = 0x7f362c399000 [pid 5990] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5994] <... symlink resumed>) = 0 [pid 5993] <... mmap resumed>) = 0x20000000 [pid 5990] ioctl(7, LOOP_CLR_FD [pid 5994] memfd_create("syzkaller", 0 [pid 5993] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5990] <... ioctl resumed>) = 0 [pid 5994] <... memfd_create resumed>) = 3 [pid 5993] <... open resumed>) = -1 EFAULT (Bad address) [pid 5994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5993] memfd_create("syzkaller", 0 [pid 5994] <... mmap resumed>) = 0x7f3634699000 [pid 5993] <... memfd_create resumed>) = 6 [pid 5994] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 5990] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5990] close(7) = 0 [pid 5990] close(6 [pid 5991] <... write resumed>) = 2097152 [pid 5991] munmap(0x7f362c399000, 2097152) = 0 [pid 5994] <... write resumed>) = 1048576 [pid 5992] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5990] <... close resumed>) = 0 [pid 5989] <... write resumed>) = 2097152 [pid 5990] exit_group(0 [pid 5994] munmap(0x7f3634699000, 1048576 [pid 5991] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5990] <... exit_group resumed>) = ? [pid 5989] munmap(0x7f362c399000, 2097152 [pid 5994] <... munmap resumed>) = 0 [pid 5991] <... openat resumed>) = 7 [pid 5991] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5991] ioctl(7, LOOP_CLR_FD) = 0 [pid 5991] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5991] close(7) = 0 [pid 5991] close(6 [pid 5990] +++ exited with 0 +++ [pid 5994] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5989] <... munmap resumed>) = 0 [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5990, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5994] <... openat resumed>) = 4 [pid 5989] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5994] ioctl(4, LOOP_SET_FD, 3 [pid 5989] <... openat resumed>) = 6 [pid 5989] ioctl(6, LOOP_SET_FD, 5 [pid 5015] umount2("./159", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5989] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [ 181.542981][ T27] audit: type=1800 audit(1692541385.088:960): pid=5992 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop5" ino=851 res=0 errno=0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5015] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] umount2("./159/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(AT_FDCWD, "./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5989] ioctl(6, LOOP_CLR_FD [pid 5015] unlink("./159/binderfs" [pid 5989] <... ioctl resumed>) = 0 [pid 5015] <... unlink resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x35\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 5994] <... ioctl resumed>) = 0 [pid 5993] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5989] ioctl(6, LOOP_SET_FD, 5 [pid 5015] umount2("\x2e\x2f\x31\x35\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5989] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5994] close(3 [pid 5989] close(6 [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x39\x2f\x2e\x02", [pid 5994] <... close resumed>) = 0 [pid 5989] <... close resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5994] mkdir("\x2e\x02", 0777 [pid 5989] close(5 [pid 5015] umount2("\x2e\x2f\x31\x35\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5991] <... close resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5015] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5994] <... mkdir resumed>) = 0 [pid 5991] exit_group(0 [pid 5015] getdents64(4, [pid 5994] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5991] <... exit_group resumed>) = ? [pid 5989] <... close resumed>) = 0 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5991] +++ exited with 0 +++ [ 181.598225][ T5994] loop2: detected capacity change from 0 to 2048 [pid 5015] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5992] <... write resumed>) = 2097152 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5991, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5015] close(4 [pid 5017] restart_syscall(<... resuming interrupted clone ...> [pid 5015] <... close resumed>) = 0 [pid 5017] <... restart_syscall resumed>) = 0 [pid 5015] rmdir("\x2e\x2f\x31\x35\x39\x2f\x2e\x02") = 0 [pid 5015] getdents64(3, [pid 5017] umount2("./158", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] close(3 [pid 5017] openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] <... close resumed>) = 0 [pid 5017] <... openat resumed>) = 3 [pid 5015] rmdir("./159" [pid 5017] newfstatat(3, "", [pid 5015] <... rmdir resumed>) = 0 [pid 5989] exit_group(0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] mkdir("./160", 0777 [pid 5992] munmap(0x7f362c399000, 2097152 [pid 5989] <... exit_group resumed>) = ? [pid 5017] getdents64(3, [pid 5015] <... mkdir resumed>) = 0 [pid 5992] <... munmap resumed>) = 0 [pid 5989] +++ exited with 0 +++ [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5017] umount2("./158/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... openat resumed>) = 3 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5989, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- [pid 5017] newfstatat(AT_FDCWD, "./158/binderfs", [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5014] restart_syscall(<... resuming interrupted clone ...> [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] close(3 [pid 5014] <... restart_syscall resumed>) = 0 [pid 5017] unlink("./158/binderfs" [pid 5015] <... close resumed>) = 0 [pid 5017] <... unlink resumed>) = 0 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5017] umount2("\x2e\x2f\x31\x35\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] umount2("./155", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5992] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 5995 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5992] <... openat resumed>) = 7 [pid 5014] openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5992] ioctl(7, LOOP_SET_FD, 6 [pid 5014] <... openat resumed>) = 3 [pid 5992] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5014] newfstatat(3, "", ./strace-static-x86_64: Process 5995 attached [pid 5993] <... write resumed>) = 2097152 [pid 5992] ioctl(7, LOOP_CLR_FD [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5995] set_robust_list(0x555557506760, 24 [pid 5993] munmap(0x7f362c399000, 2097152 [pid 5992] <... ioctl resumed>) = 0 [pid 5014] getdents64(3, 0x5555575077f0 /* 5 entries */, 32768) = 128 [pid 5014] umount2("./155/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5992] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5992] close(7) = 0 [pid 5992] close(6 [pid 5995] <... set_robust_list resumed>) = 0 [pid 5993] <... munmap resumed>) = 0 [pid 5017] <... umount2 resumed>) = 0 [pid 5014] <... umount2 resumed>) = 0 [pid 5995] chdir("./160" [pid 5993] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5017] umount2("\x2e\x2f\x31\x35\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] umount2("./155/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5995] <... chdir resumed>) = 0 [pid 5993] <... openat resumed>) = 7 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5995] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5993] ioctl(7, LOOP_SET_FD, 6 [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x38\x2f\x2e\x02", [pid 5014] newfstatat(AT_FDCWD, "./155/bus", [pid 5995] <... prctl resumed>) = 0 [pid 5993] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 181.641403][ T5994] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 181.662124][ T5994] UDF-fs: Scanning with blocksize 512 failed [ 181.669190][ T27] audit: type=1800 audit(1692541385.118:961): pid=5993 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop4" ino=851 res=0 errno=0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] unlink("./155/bus") = 0 [pid 5014] umount2("./155/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5014] newfstatat(AT_FDCWD, "./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] unlink("./155/binderfs") = 0 [pid 5014] umount2("\x2e\x2f\x31\x35\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5014] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x35\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] umount2("\x2e\x2f\x31\x35\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5995] setpgid(0, 0 [pid 5993] ioctl(7, LOOP_CLR_FD [pid 5992] <... close resumed>) = 0 [pid 5017] umount2("\x2e\x2f\x31\x35\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5995] <... setpgid resumed>) = 0 [pid 5993] <... ioctl resumed>) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x35\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5995] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] <... openat resumed>) = 4 [pid 5014] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5014] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5014] close(4) = 0 [pid 5014] rmdir("\x2e\x2f\x31\x35\x35\x2f\x2e\x02") = 0 [pid 5014] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5995] <... openat resumed>) = 3 [pid 5017] <... openat resumed>) = 4 [pid 5014] close(3 [pid 5995] write(3, "1000", 4 [pid 5017] newfstatat(4, "", [pid 5014] <... close resumed>) = 0 [pid 5995] <... write resumed>) = 4 [pid 5993] ioctl(7, LOOP_SET_FD, 6 [pid 5992] exit_group(0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] rmdir("./155" [pid 5995] close(3 [pid 5993] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5992] <... exit_group resumed>) = ? [pid 5017] getdents64(4, [pid 5014] <... rmdir resumed>) = 0 [pid 5995] <... close resumed>) = 0 [pid 5993] close(7 [pid 5992] +++ exited with 0 +++ [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5014] mkdir("./156", 0777 [pid 5995] symlink("/dev/binderfs", "./binderfs" [pid 5993] <... close resumed>) = 0 [pid 5017] getdents64(4, [pid 5014] <... mkdir resumed>) = 0 [pid 5995] <... symlink resumed>) = 0 [pid 5993] close(6 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5992, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5995] memfd_create("syzkaller", 0 [pid 5014] <... openat resumed>) = 3 [pid 5014] ioctl(3, LOOP_CLR_FD) = 0 [pid 5014] close(3) = 0 [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 5996 ./strace-static-x86_64: Process 5996 attached [pid 5996] set_robust_list(0x555557506760, 24) = 0 [pid 5996] chdir("./156") = 0 [pid 5019] restart_syscall(<... resuming interrupted clone ...> [pid 5017] close(4 [pid 5995] <... memfd_create resumed>) = 3 [pid 5019] <... restart_syscall resumed>) = 0 [pid 5017] <... close resumed>) = 0 [pid 5995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] rmdir("\x2e\x2f\x31\x35\x38\x2f\x2e\x02" [pid 5995] <... mmap resumed>) = 0x7f3634699000 [pid 5017] <... rmdir resumed>) = 0 [pid 5019] umount2("./163", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] getdents64(3, [pid 5996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5996] setpgid(0, 0) = 0 [pid 5996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5996] write(3, "1000", 4) = 4 [pid 5996] close(3) = 0 [pid 5996] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5995] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5996] memfd_create("syzkaller", 0 [pid 5019] openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 181.706080][ T5994] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5017] close(3 [pid 5996] <... memfd_create resumed>) = 3 [pid 5019] <... openat resumed>) = 3 [pid 5017] <... close resumed>) = 0 [pid 5996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5995] <... write resumed>) = 1048576 [pid 5993] <... close resumed>) = 0 [pid 5019] newfstatat(3, "", [pid 5017] rmdir("./158" [pid 5996] <... mmap resumed>) = 0x7f3634699000 [pid 5994] <... mount resumed>) = 0 [pid 5993] exit_group(0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5996] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5995] munmap(0x7f3634699000, 1048576 [pid 5994] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5993] <... exit_group resumed>) = ? [pid 5019] getdents64(3, [pid 5017] <... rmdir resumed>) = 0 [pid 5995] <... munmap resumed>) = 0 [pid 5994] <... openat resumed>) = 3 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] mkdir("./159", 0777 [pid 5995] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5994] chdir("\x2e\x02" [pid 5019] umount2("./163/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5995] <... openat resumed>) = 4 [pid 5994] <... chdir resumed>) = 0 [pid 5017] <... mkdir resumed>) = 0 [pid 5995] ioctl(4, LOOP_SET_FD, 3 [pid 5994] ioctl(4, LOOP_CLR_FD [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5019] newfstatat(AT_FDCWD, "./163/binderfs", [pid 5994] <... ioctl resumed>) = 0 [pid 5994] close(4 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] <... openat resumed>) = 3 [pid 5994] <... close resumed>) = 0 [pid 5019] unlink("./163/binderfs" [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5994] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] <... unlink resumed>) = 0 [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5019] umount2("\x2e\x2f\x31\x36\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5995] <... ioctl resumed>) = 0 [pid 5994] <... open resumed>) = 4 [pid 5993] +++ exited with 0 +++ [pid 5017] close(3 [pid 5995] close(3 [pid 5994] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5993, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} --- [pid 5017] <... close resumed>) = 0 [pid 5995] <... close resumed>) = 0 [pid 5995] mkdir("\x2e\x02", 0777 [pid 5994] <... mount resumed>) = 0 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5995] <... mkdir resumed>) = 0 [pid 5994] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5018] umount2("./162", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... umount2 resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5995] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5994] <... open resumed>) = 5 [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 5997 [pid 5994] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5994] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5018] <... openat resumed>) = 3 [pid 5994] ftruncate(-1, 2 [pid 5018] newfstatat(3, "", [pid 5994] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5994] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5018] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5994] <... mmap resumed>) = 0x20000000 [pid 5018] umount2("./162/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5994] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 181.789644][ T5995] loop1: detected capacity change from 0 to 2048 [ 181.799959][ T27] audit: type=1800 audit(1692541385.458:962): pid=5994 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop2" ino=851 res=0 errno=0 [pid 5018] newfstatat(AT_FDCWD, "./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5996] <... write resumed>) = 1048576 [pid 5018] unlink("./162/binderfs" [pid 5996] munmap(0x7f3634699000, 1048576 [pid 5018] <... unlink resumed>) = 0 [pid 5996] <... munmap resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x36\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] umount2("\x2e\x2f\x31\x36\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x33\x2f\x2e\x02", [pid 5996] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5996] <... openat resumed>) = 4 [pid 5994] <... open resumed>) = -1 EFAULT (Bad address) [pid 5019] umount2("\x2e\x2f\x31\x36\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 5997 attached [pid 5996] ioctl(4, LOOP_SET_FD, 3 [pid 5994] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5997] set_robust_list(0x555557506760, 24 [pid 5994] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x33\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5018] umount2("\x2e\x2f\x31\x36\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] newfstatat(4, "", [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x32\x2f\x2e\x02", [pid 5019] getdents64(4, [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5018] umount2("\x2e\x2f\x31\x36\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] getdents64(4, [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5997] <... set_robust_list resumed>) = 0 [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5019] close(4 [pid 5018] <... openat resumed>) = 4 [pid 5019] <... close resumed>) = 0 [pid 5018] newfstatat(4, "", [pid 5019] rmdir("\x2e\x2f\x31\x36\x33\x2f\x2e\x02" [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5018] getdents64(4, [pid 5019] getdents64(3, [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] getdents64(4, [pid 5019] close(3 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5019] <... close resumed>) = 0 [pid 5018] close(4 [pid 5019] rmdir("./163" [pid 5018] <... close resumed>) = 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5018] rmdir("\x2e\x2f\x31\x36\x32\x2f\x2e\x02" [pid 5019] mkdir("./164", 0777 [pid 5018] <... rmdir resumed>) = 0 [pid 5019] <... mkdir resumed>) = 0 [pid 5018] getdents64(3, [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5997] chdir("./159" [pid 5019] <... openat resumed>) = 3 [pid 5018] close(3 [pid 5997] <... chdir resumed>) = 0 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5018] <... close resumed>) = 0 [pid 5997] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5996] <... ioctl resumed>) = 0 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5018] rmdir("./162" [pid 5997] <... prctl resumed>) = 0 [pid 5996] close(3 [pid 5019] close(3 [pid 5018] <... rmdir resumed>) = 0 [pid 5997] setpgid(0, 0 [pid 5996] <... close resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5018] mkdir("./163", 0777 [pid 5997] <... setpgid resumed>) = 0 [ 181.851091][ T5995] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 181.868979][ T5996] loop0: detected capacity change from 0 to 2048 [ 181.874866][ T5995] UDF-fs: Scanning with blocksize 512 failed [ 181.882459][ T5994] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2 [pid 5996] mkdir("\x2e\x02", 0777 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5018] <... mkdir resumed>) = 0 [pid 5997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5996] <... mkdir resumed>) = 0 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5996] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 5998 [pid 5018] <... openat resumed>) = 3 [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5997] <... openat resumed>) = 3 [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5997] write(3, "1000", 4 [pid 5018] close(3./strace-static-x86_64: Process 5998 attached [pid 5997] <... write resumed>) = 4 [pid 5018] <... close resumed>) = 0 [pid 5998] set_robust_list(0x555557506760, 24 [pid 5997] close(3 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5998] <... set_robust_list resumed>) = 0 [pid 5997] <... close resumed>) = 0 [pid 5998] chdir("./164" [pid 5997] symlink("/dev/binderfs", "./binderfs" [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 5999 [pid 5998] <... chdir resumed>) = 0 [pid 5997] <... symlink resumed>) = 0 [pid 5998] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5997] memfd_create("syzkaller", 0 [pid 5998] <... prctl resumed>) = 0 [pid 5997] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 5999 attached [pid 5998] setpgid(0, 0 [pid 5997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5999] set_robust_list(0x555557506760, 24 [pid 5998] <... setpgid resumed>) = 0 [pid 5997] <... mmap resumed>) = 0x7f3634699000 [pid 5999] <... set_robust_list resumed>) = 0 [pid 5998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5999] chdir("./163" [pid 5998] <... openat resumed>) = 3 [pid 5999] <... chdir resumed>) = 0 [pid 5998] write(3, "1000", 4 [pid 5999] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5998] <... write resumed>) = 4 [pid 5999] <... prctl resumed>) = 0 [pid 5998] close(3 [pid 5999] setpgid(0, 0 [pid 5998] <... close resumed>) = 0 [pid 5999] <... setpgid resumed>) = 0 [pid 5998] symlink("/dev/binderfs", "./binderfs" [pid 5997] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5998] <... symlink resumed>) = 0 [pid 5999] <... openat resumed>) = 3 [pid 5998] memfd_create("syzkaller", 0 [pid 5999] write(3, "1000", 4 [pid 5998] <... memfd_create resumed>) = 3 [pid 5999] <... write resumed>) = 4 [pid 5998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5999] close(3 [pid 5998] <... mmap resumed>) = 0x7f3634699000 [ 181.906473][ T5995] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5999] <... close resumed>) = 0 [pid 5998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5999] memfd_create("syzkaller", 0 [pid 5995] <... mount resumed>) = 0 [pid 5994] memfd_create("syzkaller", 0 [pid 5999] <... memfd_create resumed>) = 3 [pid 5997] <... write resumed>) = 1048576 [pid 5995] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5994] <... memfd_create resumed>) = 6 [pid 5999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5997] munmap(0x7f3634699000, 1048576 [pid 5995] <... openat resumed>) = 3 [pid 5994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5999] <... mmap resumed>) = 0x7f3634699000 [pid 5995] chdir("\x2e\x02" [pid 5999] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5997] <... munmap resumed>) = 0 [pid 5995] <... chdir resumed>) = 0 [pid 5994] <... mmap resumed>) = 0x7f362c399000 [pid 5997] openat(AT_FDCWD, "/dev/loop3", O_RDWR [ 181.961794][ T5996] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [pid 5995] ioctl(4, LOOP_CLR_FD [pid 5997] <... openat resumed>) = 4 [pid 5995] <... ioctl resumed>) = 0 [pid 5997] ioctl(4, LOOP_SET_FD, 3 [pid 5995] close(4 [pid 5997] <... ioctl resumed>) = 0 [pid 5995] <... close resumed>) = 0 [pid 5997] close(3 [pid 5995] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5997] <... close resumed>) = 0 [pid 5995] <... open resumed>) = 4 [pid 5998] <... write resumed>) = 1048576 [pid 5997] mkdir("\x2e\x02", 0777 [pid 5995] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5998] munmap(0x7f3634699000, 1048576 [pid 5997] <... mkdir resumed>) = 0 [pid 5995] <... mount resumed>) = 0 [pid 5998] <... munmap resumed>) = 0 [pid 5997] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5995] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5998] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5999] <... write resumed>) = 1048576 [pid 5998] <... openat resumed>) = 4 [pid 5995] <... open resumed>) = 5 [ 182.035135][ T5997] loop3: detected capacity change from 0 to 2048 [ 182.036093][ T5996] UDF-fs: Scanning with blocksize 512 failed [ 182.050717][ T27] audit: type=1800 audit(1692541385.718:963): pid=5995 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop1" ino=851 res=0 errno=0 [pid 5998] ioctl(4, LOOP_SET_FD, 3 [pid 5995] openat(AT_FDCWD, NULL, O_RDWR [pid 5999] munmap(0x7f3634699000, 1048576) = 0 [pid 5999] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5995] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5999] ioctl(4, LOOP_SET_FD, 3 [pid 5995] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5995] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 5995] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5999] <... ioctl resumed>) = 0 [pid 5999] close(3) = 0 [pid 5999] mkdir("\x2e\x02", 0777 [pid 5995] memfd_create("syzkaller", 0 [pid 5999] <... mkdir resumed>) = 0 [pid 5998] <... ioctl resumed>) = 0 [pid 5995] <... memfd_create resumed>) = 6 [pid 5999] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5998] close(3 [pid 5995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5998] <... close resumed>) = 0 [pid 5995] <... mmap resumed>) = 0x7f362c399000 [pid 5998] mkdir("\x2e\x02", 0777) = 0 [ 182.085761][ T5997] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 182.088374][ T5998] loop5: detected capacity change from 0 to 2048 [ 182.093597][ T5997] UDF-fs: Scanning with blocksize 512 failed [ 182.110641][ T5999] loop4: detected capacity change from 0 to 2048 [ 182.166639][ T5999] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 182.181699][ T5998] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [pid 5998] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5997] <... mount resumed>) = 0 [pid 5994] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 3526607 [pid 5997] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [ 182.209150][ T5997] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 182.209644][ T5999] UDF-fs: Scanning with blocksize 512 failed [ 182.229012][ T5998] UDF-fs: Scanning with blocksize 512 failed [pid 5997] chdir("\x2e\x02") = 0 [pid 5999] <... mount resumed>) = 0 [pid 5997] ioctl(4, LOOP_CLR_FD [pid 5999] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5997] <... ioctl resumed>) = 0 [pid 5995] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5999] <... openat resumed>) = 3 [pid 5997] close(4) = 0 [pid 5999] chdir("\x2e\x02" [ 182.256373][ T5999] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 182.257410][ T5996] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 182.285799][ T5998] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5997] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5999] <... chdir resumed>) = 0 [pid 5997] <... open resumed>) = 4 [pid 5994] <... write resumed>) = 3526607 [pid 5999] ioctl(4, LOOP_CLR_FD [pid 5998] <... mount resumed>) = 0 [pid 5997] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5995] <... write resumed>) = 2097152 [pid 5994] munmap(0x7f362c399000, 3526607 [pid 5999] <... ioctl resumed>) = 0 [pid 5998] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5997] <... mount resumed>) = 0 [pid 5999] close(4 [pid 5998] <... openat resumed>) = 3 [pid 5997] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5999] <... close resumed>) = 0 [pid 5998] chdir("\x2e\x02" [ 182.313265][ T27] audit: type=1800 audit(1692541385.968:964): pid=5997 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop3" ino=851 res=0 errno=0 [pid 5997] <... open resumed>) = 5 [pid 5999] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5998] <... chdir resumed>) = 0 [pid 5997] openat(AT_FDCWD, NULL, O_RDWR [pid 5995] munmap(0x7f362c399000, 2097152 [pid 5994] <... munmap resumed>) = 0 [pid 5999] <... open resumed>) = 4 [pid 5998] ioctl(4, LOOP_CLR_FD [pid 5997] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5995] <... munmap resumed>) = 0 [pid 5994] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5998] <... ioctl resumed>) = 0 [pid 5997] ftruncate(-1, 2 [pid 5995] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5994] <... openat resumed>) = 7 [pid 5998] close(4 [pid 5997] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5995] <... openat resumed>) = 7 [pid 5994] ioctl(7, LOOP_SET_FD, 6 [pid 5998] <... close resumed>) = 0 [pid 5997] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5995] ioctl(7, LOOP_SET_FD, 6 [pid 5994] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5998] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5997] <... mmap resumed>) = 0x20000000 [pid 5995] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5994] ioctl(7, LOOP_CLR_FD [pid 5999] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5997] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5995] ioctl(7, LOOP_CLR_FD [pid 5994] <... ioctl resumed>) = 0 [pid 5998] <... open resumed>) = 4 [pid 5997] <... open resumed>) = -1 EFAULT (Bad address) [pid 5995] <... ioctl resumed>) = 0 [pid 5999] <... mount resumed>) = 0 [pid 5998] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5997] memfd_create("syzkaller", 0 [pid 5999] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5998] <... mount resumed>) = 0 [pid 5997] <... memfd_create resumed>) = 6 [pid 5994] ioctl(7, LOOP_SET_FD, 6 [pid 5998] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5994] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5999] <... open resumed>) = 5 [pid 5998] <... open resumed>) = 5 [pid 5997] <... mmap resumed>) = 0x7f362c399000 [ 182.359232][ T5996] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 182.375089][ T27] audit: type=1800 audit(1692541386.038:965): pid=5999 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop4" ino=851 res=0 errno=0 [ 182.384542][ T5996] UDF-fs: Scanning with blocksize 1024 failed [pid 5995] ioctl(7, LOOP_SET_FD, 6 [pid 5994] close(7 [pid 5999] openat(AT_FDCWD, NULL, O_RDWR [pid 5998] openat(AT_FDCWD, NULL, O_RDWR [pid 5995] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5994] <... close resumed>) = 0 [pid 5998] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5995] close(7 [pid 5994] close(6 [pid 5999] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5998] ftruncate(-1, 2 [pid 5995] <... close resumed>) = 0 [pid 5998] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5995] close(6 [pid 5999] ftruncate(-1, 2 [pid 5998] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5999] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5998] <... mmap resumed>) = 0x20000000 [pid 5998] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5999] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5998] <... open resumed>) = -1 EFAULT (Bad address) [pid 5999] <... mmap resumed>) = 0x20000000 [pid 5999] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5995] <... close resumed>) = 0 [pid 5995] exit_group(0 [pid 5998] memfd_create("syzkaller", 0 [pid 5995] <... exit_group resumed>) = ? [pid 5999] memfd_create("syzkaller", 0 [pid 5998] <... memfd_create resumed>) = 6 [ 182.412823][ T27] audit: type=1800 audit(1692541386.068:966): pid=5998 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop5" ino=851 res=0 errno=0 [pid 5999] <... memfd_create resumed>) = 6 [pid 5998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5994] <... close resumed>) = 0 [pid 5999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5998] <... mmap resumed>) = 0x7f362c399000 [pid 5995] +++ exited with 0 +++ [pid 5999] <... mmap resumed>) = 0x7f362c399000 [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5995, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- [pid 5994] exit_group(0) = ? [pid 5015] umount2("./160", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5994] +++ exited with 0 +++ [pid 5015] openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5994, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5015] <... openat resumed>) = 3 [pid 5016] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5015] newfstatat(3, "", [pid 5997] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] umount2("./158", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] getdents64(3, [pid 5016] openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] umount2("./160/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] umount2("./158/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(AT_FDCWD, "./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] newfstatat(AT_FDCWD, "./160/binderfs", [pid 5016] unlink("./158/binderfs") = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] umount2("\x2e\x2f\x31\x35\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] unlink("./160/binderfs") = 0 [ 182.512438][ T5996] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 182.541113][ T5996] UDF-fs: Scanning with blocksize 2048 failed [pid 5015] umount2("\x2e\x2f\x31\x36\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5998] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5997] <... write resumed>) = 2097152 [pid 5016] <... umount2 resumed>) = 0 [pid 5015] <... umount2 resumed>) = 0 [pid 5999] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5997] munmap(0x7f362c399000, 2097152 [pid 5016] umount2("\x2e\x2f\x31\x35\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [ 182.559929][ T5996] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [pid 5015] umount2("\x2e\x2f\x31\x36\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5997] <... munmap resumed>) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5997] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x38\x2f\x2e\x02", [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x30\x2f\x2e\x02", [pid 5997] <... openat resumed>) = 7 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] umount2("\x2e\x2f\x31\x35\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5997] ioctl(7, LOOP_SET_FD, 6 [pid 5015] umount2("\x2e\x2f\x31\x36\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5997] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5997] ioctl(7, LOOP_CLR_FD) = 0 [pid 5016] <... openat resumed>) = 4 [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] newfstatat(4, "", [pid 5015] <... openat resumed>) = 4 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] getdents64(4, [pid 5015] getdents64(4, [pid 5997] ioctl(7, LOOP_SET_FD, 6 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5997] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5016] getdents64(4, [pid 5997] close(7 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] getdents64(4, [pid 5997] <... close resumed>) = 0 [pid 5998] <... write resumed>) = 2097152 [pid 5997] close(6 [pid 5016] close(4 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5998] munmap(0x7f362c399000, 2097152) = 0 [pid 5998] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 7 [pid 5998] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 5997] <... close resumed>) = 0 [pid 5016] <... close resumed>) = 0 [pid 5015] close(4 [pid 5016] rmdir("\x2e\x2f\x31\x35\x38\x2f\x2e\x02" [pid 5015] <... close resumed>) = 0 [pid 5998] ioctl(7, LOOP_CLR_FD [pid 5016] <... rmdir resumed>) = 0 [pid 5015] rmdir("\x2e\x2f\x31\x36\x30\x2f\x2e\x02" [pid 5016] getdents64(3, [pid 5015] <... rmdir resumed>) = 0 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] getdents64(3, [pid 5016] close(3 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] <... close resumed>) = 0 [pid 5015] close(3 [pid 5016] rmdir("./158" [pid 5015] <... close resumed>) = 0 [pid 5016] <... rmdir resumed>) = 0 [pid 5015] rmdir("./160" [pid 5016] mkdir("./159", 0777 [pid 5015] <... rmdir resumed>) = 0 [pid 5998] <... ioctl resumed>) = 0 [pid 5016] <... mkdir resumed>) = 0 [pid 5015] mkdir("./161", 0777 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5996] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... mkdir resumed>) = 0 [pid 5016] <... openat resumed>) = 3 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5015] <... openat resumed>) = 3 [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5015] ioctl(3, LOOP_CLR_FD [pid 5999] <... write resumed>) = 2097152 [pid 5997] exit_group(0 [pid 5996] ioctl(4, LOOP_CLR_FD [pid 5016] close(3 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5997] <... exit_group resumed>) = ? [pid 5016] <... close resumed>) = 0 [pid 5015] close(3 [pid 5997] +++ exited with 0 +++ [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5015] <... close resumed>) = 0 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5997, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6000 attached [pid 5996] <... ioctl resumed>) = 0 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 6000 [pid 5999] munmap(0x7f362c399000, 2097152 [ 182.602904][ T5996] UDF-fs: Scanning with blocksize 4096 failed [pid 5998] ioctl(7, LOOP_SET_FD, 6 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 6001 [pid 6000] set_robust_list(0x555557506760, 24 [pid 5999] <... munmap resumed>) = 0 [pid 5998] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5996] close(4 [pid 6000] <... set_robust_list resumed>) = 0 [pid 5998] close(7 [pid 5996] <... close resumed>) = 0 [pid 5017] umount2("./159", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6000] chdir("./159" [pid 5998] <... close resumed>) = 0 [pid 5996] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6001 attached [pid 6000] <... chdir resumed>) = 0 [pid 5998] close(6 [pid 5996] <... open resumed>) = 3 [pid 5017] openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6001] set_robust_list(0x555557506760, 24 [pid 5017] <... openat resumed>) = 3 [pid 6001] <... set_robust_list resumed>) = 0 [pid 5999] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5017] newfstatat(3, "", [pid 6001] chdir("./161" [pid 5999] <... openat resumed>) = 7 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6001] <... chdir resumed>) = 0 [pid 5999] ioctl(7, LOOP_SET_FD, 6 [pid 5017] getdents64(3, [pid 6001] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5999] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 6001] <... prctl resumed>) = 0 [pid 5999] ioctl(7, LOOP_CLR_FD [pid 5998] <... close resumed>) = 0 [pid 5017] umount2("./159/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6000] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6001] setpgid(0, 0 [pid 5999] <... ioctl resumed>) = 0 [pid 5996] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6001] <... setpgid resumed>) = 0 [pid 6000] <... prctl resumed>) = 0 [pid 5017] newfstatat(AT_FDCWD, "./159/binderfs", [pid 6001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6000] setpgid(0, 0 [pid 5996] <... mount resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6001] <... openat resumed>) = 3 [pid 6000] <... setpgid resumed>) = 0 [pid 5996] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5017] unlink("./159/binderfs" [pid 6001] write(3, "1000", 4 [pid 6000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5999] ioctl(7, LOOP_SET_FD, 6 [pid 5996] <... open resumed>) = 4 [pid 5017] <... unlink resumed>) = 0 [pid 6001] <... write resumed>) = 4 [pid 6000] <... openat resumed>) = 3 [pid 5999] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5996] openat(AT_FDCWD, NULL, O_RDWR [pid 5017] umount2("\x2e\x2f\x31\x35\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6001] close(3 [pid 6000] write(3, "1000", 4 [pid 5999] close(7 [pid 5998] exit_group(0 [pid 5996] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5017] <... umount2 resumed>) = 0 [pid 6001] <... close resumed>) = 0 [pid 5999] <... close resumed>) = 0 [pid 6001] symlink("/dev/binderfs", "./binderfs" [pid 5999] close(6 [pid 5017] umount2("\x2e\x2f\x31\x35\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6000] <... write resumed>) = 4 [pid 5996] ftruncate(-1, 2 [pid 6001] <... symlink resumed>) = 0 [pid 5998] <... exit_group resumed>) = ? [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6001] memfd_create("syzkaller", 0) = 3 [pid 6000] close(3 [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x39\x2f\x2e\x02", [pid 6001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5996] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6001] <... mmap resumed>) = 0x7f3634699000 [pid 6000] <... close resumed>) = 0 [pid 5999] <... close resumed>) = 0 [pid 5998] +++ exited with 0 +++ [pid 5996] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 5017] umount2("\x2e\x2f\x31\x35\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6001] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5998, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6000] symlink("/dev/binderfs", "./binderfs" [pid 5996] <... mmap resumed>) = 0x20000000 [pid 5019] restart_syscall(<... resuming interrupted clone ...> [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5019] <... restart_syscall resumed>) = 0 [pid 5017] <... openat resumed>) = 4 [pid 5017] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6000] <... symlink resumed>) = 0 [pid 5999] exit_group(0 [pid 5996] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] umount2("./164", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] getdents64(4, [pid 5999] <... exit_group resumed>) = ? [pid 5996] <... open resumed>) = -1 EFAULT (Bad address) [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 6000] memfd_create("syzkaller", 0 [pid 5999] +++ exited with 0 +++ [pid 5996] memfd_create("syzkaller", 0 [pid 5019] openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] getdents64(4, [pid 5019] <... openat resumed>) = 3 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5019] newfstatat(3, "", [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5999, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5017] close(4 [pid 6000] <... memfd_create resumed>) = 3 [pid 5996] <... memfd_create resumed>) = 5 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] umount2("./163", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... close resumed>) = 0 [pid 5019] getdents64(3, [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] rmdir("\x2e\x2f\x31\x35\x39\x2f\x2e\x02" [pid 6000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5018] openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] <... rmdir resumed>) = 0 [pid 6000] <... mmap resumed>) = 0x7f3634699000 [pid 5996] <... mmap resumed>) = 0x7f362c399000 [pid 5019] umount2("./164/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... openat resumed>) = 3 [pid 5017] getdents64(3, [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(3, "", [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5019] newfstatat(AT_FDCWD, "./164/binderfs", [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] close(3 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] getdents64(3, [pid 5017] <... close resumed>) = 0 [pid 5019] unlink("./164/binderfs" [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] rmdir("./159" [pid 5019] <... unlink resumed>) = 0 [pid 5018] umount2("./163/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... rmdir resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x36\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] mkdir("./160", 0777 [pid 5018] newfstatat(AT_FDCWD, "./163/binderfs", [pid 5017] <... mkdir resumed>) = 0 [pid 6001] <... write resumed>) = 1048576 [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5018] unlink("./163/binderfs" [pid 5017] <... openat resumed>) = 3 [pid 5018] <... unlink resumed>) = 0 [pid 5017] ioctl(3, LOOP_CLR_FD [pid 6001] munmap(0x7f3634699000, 1048576 [pid 5018] umount2("\x2e\x2f\x31\x36\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5017] close(3) = 0 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6001] <... munmap resumed>) = 0 [pid 6000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5019] <... umount2 resumed>) = 0 [pid 5018] <... umount2 resumed>) = 0 [pid 6001] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5019] umount2("\x2e\x2f\x31\x36\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] umount2("\x2e\x2f\x31\x36\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 6002 [pid 6001] <... openat resumed>) = 4 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6001] ioctl(4, LOOP_SET_FD, 3 [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x34\x2f\x2e\x02", [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x33\x2f\x2e\x02", [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] umount2("\x2e\x2f\x31\x36\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] umount2("\x2e\x2f\x31\x36\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x33\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 6002 attached [pid 5019] <... openat resumed>) = 4 [pid 6002] set_robust_list(0x555557506760, 24 [pid 5019] newfstatat(4, "", [pid 5018] <... openat resumed>) = 4 [pid 6002] <... set_robust_list resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] newfstatat(4, "", [pid 6002] chdir("./160" [pid 5019] getdents64(4, [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6002] <... chdir resumed>) = 0 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5018] getdents64(4, [pid 6002] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5019] getdents64(4, [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 6002] <... prctl resumed>) = 0 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] getdents64(4, [pid 6002] setpgid(0, 0 [pid 5019] close(4 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 6002] <... setpgid resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5018] close(4 [pid 6002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5019] rmdir("\x2e\x2f\x31\x36\x34\x2f\x2e\x02" [pid 5018] <... close resumed>) = 0 [pid 6002] <... openat resumed>) = 3 [pid 5019] <... rmdir resumed>) = 0 [pid 5018] rmdir("\x2e\x2f\x31\x36\x33\x2f\x2e\x02" [pid 6002] write(3, "1000", 4 [pid 5019] getdents64(3, [pid 5018] <... rmdir resumed>) = 0 [pid 6002] <... write resumed>) = 4 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] getdents64(3, [pid 6002] close(3 [pid 5019] close(3 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 6002] <... close resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5018] close(3 [pid 6001] <... ioctl resumed>) = 0 [pid 6002] symlink("/dev/binderfs", "./binderfs" [pid 6001] close(3 [pid 5019] rmdir("./164" [pid 5018] <... close resumed>) = 0 [pid 6002] <... symlink resumed>) = 0 [pid 6001] <... close resumed>) = 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5018] rmdir("./163" [pid 6002] memfd_create("syzkaller", 0 [pid 6001] mkdir("\x2e\x02", 0777 [pid 6000] <... write resumed>) = 1048576 [pid 5019] mkdir("./165", 0777 [pid 5018] <... rmdir resumed>) = 0 [pid 6002] <... memfd_create resumed>) = 3 [pid 6001] <... mkdir resumed>) = 0 [pid 5019] <... mkdir resumed>) = 0 [pid 5018] mkdir("./164", 0777 [pid 6002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6001] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 6000] munmap(0x7f3634699000, 1048576 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5018] <... mkdir resumed>) = 0 [pid 6002] <... mmap resumed>) = 0x7f3634699000 [pid 5019] <... openat resumed>) = 3 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6002] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6000] <... munmap resumed>) = 0 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5018] <... openat resumed>) = 3 [pid 6000] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5996] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5019] close(3 [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5019] <... close resumed>) = 0 [pid 5018] close(3 [pid 6000] <... openat resumed>) = 4 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5018] <... close resumed>) = 0 [pid 6000] ioctl(4, LOOP_SET_FD, 3 [ 182.762270][ T6001] loop1: detected capacity change from 0 to 2048 [ 182.799030][ T6001] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 6003 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 6004 ./strace-static-x86_64: Process 6003 attached [pid 6003] set_robust_list(0x555557506760, 24) = 0 [pid 6003] chdir("./165") = 0 [pid 6003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6003] setpgid(0, 0) = 0 [pid 6003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6003] write(3, "1000", 4) = 4 [pid 6003] close(3) = 0 [pid 6003] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6003] memfd_create("syzkaller", 0) = 3 [pid 6000] <... ioctl resumed>) = 0 [pid 6003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6000] close(3 [pid 6003] <... mmap resumed>) = 0x7f3634699000 [pid 6000] <... close resumed>) = 0 ./strace-static-x86_64: Process 6004 attached [pid 6000] mkdir("\x2e\x02", 0777) = 0 [pid 6004] set_robust_list(0x555557506760, 24 [pid 6002] <... write resumed>) = 1048576 [pid 6000] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 6002] munmap(0x7f3634699000, 1048576) = 0 [pid 6004] <... set_robust_list resumed>) = 0 [pid 6002] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6004] chdir("./164" [pid 6002] <... openat resumed>) = 4 [pid 6004] <... chdir resumed>) = 0 [pid 6002] ioctl(4, LOOP_SET_FD, 3 [pid 6004] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6003] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6004] <... prctl resumed>) = 0 [pid 6004] setpgid(0, 0) = 0 [pid 6004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6004] write(3, "1000", 4) = 4 [pid 6004] close(3) = 0 [pid 6004] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6002] <... ioctl resumed>) = 0 [pid 6002] close(3 [pid 6004] memfd_create("syzkaller", 0 [pid 6002] <... close resumed>) = 0 [ 182.818389][ T6000] loop2: detected capacity change from 0 to 2048 [ 182.836738][ T6001] UDF-fs: Scanning with blocksize 512 failed [ 182.850176][ T6002] loop3: detected capacity change from 0 to 2048 [ 182.851366][ T6000] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [pid 6002] mkdir("\x2e\x02", 0777 [pid 6004] <... memfd_create resumed>) = 3 [pid 6002] <... mkdir resumed>) = 0 [pid 6004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6003] <... write resumed>) = 1048576 [pid 6002] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 6004] <... mmap resumed>) = 0x7f3634699000 [pid 6003] munmap(0x7f3634699000, 1048576) = 0 [pid 6004] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6003] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5996] <... write resumed>) = 2097152 [pid 6003] <... openat resumed>) = 4 [pid 6003] ioctl(4, LOOP_SET_FD, 3 [pid 6004] <... write resumed>) = 1048576 [pid 5996] munmap(0x7f362c399000, 2097152 [pid 6003] <... ioctl resumed>) = 0 [pid 5996] <... munmap resumed>) = 0 [pid 5996] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 5996] ioctl(6, LOOP_SET_FD, 5 [pid 6003] close(3) = 0 [pid 5996] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [ 182.878881][ T6001] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 182.901259][ T6002] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 182.904568][ T6000] UDF-fs: Scanning with blocksize 512 failed [ 182.910687][ T6003] loop5: detected capacity change from 0 to 2048 [pid 6003] mkdir("\x2e\x02", 0777 [pid 6004] munmap(0x7f3634699000, 1048576 [pid 6001] <... mount resumed>) = 0 [pid 5996] ioctl(6, LOOP_CLR_FD [pid 6004] <... munmap resumed>) = 0 [pid 6001] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5996] <... ioctl resumed>) = 0 [pid 6004] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6001] <... openat resumed>) = 3 [pid 6004] <... openat resumed>) = 4 [pid 6001] chdir("\x2e\x02" [pid 6004] ioctl(4, LOOP_SET_FD, 3 [pid 6001] <... chdir resumed>) = 0 [pid 6001] ioctl(4, LOOP_CLR_FD [pid 5996] ioctl(6, LOOP_SET_FD, 5 [pid 6001] <... ioctl resumed>) = 0 [pid 5996] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6001] close(4 [pid 5996] close(6 [pid 6003] <... mkdir resumed>) = 0 [pid 6001] <... close resumed>) = 0 [pid 5996] <... close resumed>) = 0 [ 182.934231][ T6002] UDF-fs: Scanning with blocksize 512 failed [ 182.947743][ T6000] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 182.951978][ T6004] loop4: detected capacity change from 0 to 2048 [pid 6001] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5996] close(5 [pid 6004] <... ioctl resumed>) = 0 [pid 6003] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 6002] <... mount resumed>) = 0 [pid 6001] <... open resumed>) = 4 [pid 6000] <... mount resumed>) = 0 [pid 6004] close(3 [pid 6001] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6004] <... close resumed>) = 0 [pid 6002] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 6001] <... mount resumed>) = 0 [pid 6000] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 6004] mkdir("\x2e\x02", 0777 [pid 6002] <... openat resumed>) = 3 [pid 6001] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6004] <... mkdir resumed>) = 0 [pid 6002] chdir("\x2e\x02" [pid 6001] <... open resumed>) = 5 [pid 6000] <... openat resumed>) = 3 [pid 5996] <... close resumed>) = 0 [pid 6001] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 6004] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 6001] ftruncate(-1, 2 [pid 6002] <... chdir resumed>) = 0 [pid 6001] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6000] chdir("\x2e\x02" [pid 5996] exit_group(0 [ 182.983073][ T6002] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 183.003797][ T6003] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 183.016181][ T6004] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 183.023867][ T6004] UDF-fs: Scanning with blocksize 512 failed [pid 6002] ioctl(4, LOOP_CLR_FD [pid 6001] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 6000] <... chdir resumed>) = 0 [pid 5996] <... exit_group resumed>) = ? [pid 6002] <... ioctl resumed>) = 0 [pid 6001] <... mmap resumed>) = 0x20000000 [pid 6002] close(4 [pid 6001] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6000] ioctl(4, LOOP_CLR_FD [pid 5996] +++ exited with 0 +++ [pid 6002] <... close resumed>) = 0 [pid 6001] <... open resumed>) = -1 EFAULT (Bad address) [pid 6000] <... ioctl resumed>) = 0 [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5996, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 6002] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6001] memfd_create("syzkaller", 0 [pid 6000] close(4 [pid 6002] <... open resumed>) = 4 [pid 6001] <... memfd_create resumed>) = 6 [pid 6000] <... close resumed>) = 0 [pid 6002] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6000] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6002] <... mount resumed>) = 0 [pid 6001] <... mmap resumed>) = 0x7f362c399000 [pid 6002] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6000] <... open resumed>) = 4 [pid 6002] <... open resumed>) = 5 [pid 6000] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [ 183.030860][ T6003] UDF-fs: Scanning with blocksize 512 failed [pid 6002] openat(AT_FDCWD, NULL, O_RDWR [pid 5014] umount2("./156", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6002] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6000] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6002] ftruncate(-1, 2 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6000] <... open resumed>) = 5 [pid 6002] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6000] openat(AT_FDCWD, NULL, O_RDWR [pid 5014] openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6002] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 6000] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5014] <... openat resumed>) = 3 [pid 6002] <... mmap resumed>) = 0x20000000 [pid 6000] ftruncate(-1, 2 [pid 5014] newfstatat(3, "", [pid 6002] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6000] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6002] <... open resumed>) = -1 EFAULT (Bad address) [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6000] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5014] getdents64(3, [pid 6002] memfd_create("syzkaller", 0 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 5 entries */, 32768) = 128 [pid 6000] <... mmap resumed>) = 0x20000000 [pid 5014] umount2("./156/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6002] <... memfd_create resumed>) = 6 [pid 6000] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 6000] memfd_create("syzkaller", 0 [pid 6002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 6000] <... memfd_create resumed>) = 6 [pid 6001] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5014] <... umount2 resumed>) = 0 [pid 6000] <... mmap resumed>) = 0x7f362c399000 [pid 5014] umount2("./156/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5014] newfstatat(AT_FDCWD, "./156/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] unlink("./156/bus") = 0 [pid 5014] umount2("./156/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5014] newfstatat(AT_FDCWD, "./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] unlink("./156/binderfs") = 0 [pid 5014] umount2("\x2e\x2f\x31\x35\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5014] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x36\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] umount2("\x2e\x2f\x31\x35\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5014] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5014] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5014] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5014] close(4) = 0 [pid 5014] rmdir("\x2e\x2f\x31\x35\x36\x2f\x2e\x02") = 0 [pid 5014] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] close(3) = 0 [pid 5014] rmdir("./156") = 0 [pid 5014] mkdir("./157", 0777) = 0 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5014] ioctl(3, LOOP_CLR_FD) = 0 [ 183.078760][ T6003] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 183.117743][ T6004] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5014] close(3 [pid 6003] <... mount resumed>) = 0 [pid 6003] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5014] <... close resumed>) = 0 [pid 6003] <... openat resumed>) = 3 [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6003] chdir("\x2e\x02") = 0 [pid 6003] ioctl(4, LOOP_CLR_FD [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 6005 ./strace-static-x86_64: Process 6005 attached [pid 6003] <... ioctl resumed>) = 0 [pid 6005] set_robust_list(0x555557506760, 24 [pid 6003] close(4 [pid 6004] <... mount resumed>) = 0 [pid 6003] <... close resumed>) = 0 [pid 6005] <... set_robust_list resumed>) = 0 [pid 6003] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6004] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 6005] chdir("./157" [pid 6003] <... open resumed>) = 4 [pid 6002] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6005] <... chdir resumed>) = 0 [pid 6004] <... openat resumed>) = 3 [pid 6003] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6000] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6004] chdir("\x2e\x02" [pid 6003] <... mount resumed>) = 0 [pid 6005] setpgid(0, 0 [pid 6004] <... chdir resumed>) = 0 [pid 6003] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6005] <... setpgid resumed>) = 0 [pid 6004] ioctl(4, LOOP_CLR_FD [pid 6005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6004] <... ioctl resumed>) = 0 [pid 6003] <... open resumed>) = 5 [pid 6005] <... openat resumed>) = 3 [pid 6004] close(4 [pid 6003] openat(AT_FDCWD, NULL, O_RDWR [pid 6005] write(3, "1000", 4 [pid 6004] <... close resumed>) = 0 [pid 6005] <... write resumed>) = 4 [pid 6004] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6003] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6005] close(3 [pid 6004] <... open resumed>) = 4 [pid 6003] ftruncate(-1, 2 [pid 6005] <... close resumed>) = 0 [pid 6004] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6003] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6005] symlink("/dev/binderfs", "./binderfs" [pid 6004] <... mount resumed>) = 0 [pid 6003] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 6001] <... write resumed>) = 2097152 [pid 6005] <... symlink resumed>) = 0 [pid 6004] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 6003] <... mmap resumed>) = 0x20000000 [pid 6005] memfd_create("syzkaller", 0 [pid 6004] openat(AT_FDCWD, NULL, O_RDWR [pid 6003] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6005] <... memfd_create resumed>) = 3 [pid 6004] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6003] <... open resumed>) = -1 EFAULT (Bad address) [pid 6005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6004] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 6004] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 6003] memfd_create("syzkaller", 0 [pid 6005] <... mmap resumed>) = 0x7f3634699000 [pid 6004] <... mmap resumed>) = 0x20000000 [pid 6003] <... memfd_create resumed>) = 6 [pid 6004] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 6004] memfd_create("syzkaller", 0) = 6 [pid 6004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 6005] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 6001] munmap(0x7f362c399000, 2097152) = 0 [pid 6001] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 7 [pid 6001] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 6001] ioctl(7, LOOP_CLR_FD) = 0 [pid 6001] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 6001] close(7) = 0 [pid 6001] close(6 [pid 6002] <... write resumed>) = 2097152 [pid 6001] <... close resumed>) = 0 [pid 6000] <... write resumed>) = 2097152 [pid 6002] munmap(0x7f362c399000, 2097152 [pid 6000] munmap(0x7f362c399000, 2097152 [pid 6004] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6002] <... munmap resumed>) = 0 [pid 6000] <... munmap resumed>) = 0 [pid 6002] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6000] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6002] <... openat resumed>) = 7 [pid 6000] <... openat resumed>) = 7 [pid 6005] <... write resumed>) = 1048576 [pid 6002] ioctl(7, LOOP_SET_FD, 6 [pid 6000] ioctl(7, LOOP_SET_FD, 6 [pid 6005] munmap(0x7f3634699000, 1048576 [pid 6002] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6000] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6002] ioctl(7, LOOP_CLR_FD [pid 6000] ioctl(7, LOOP_CLR_FD [pid 6005] <... munmap resumed>) = 0 [pid 6002] <... ioctl resumed>) = 0 [pid 6000] <... ioctl resumed>) = 0 [pid 6005] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6001] exit_group(0 [pid 6005] <... openat resumed>) = 4 [pid 6005] ioctl(4, LOOP_SET_FD, 3 [pid 6001] <... exit_group resumed>) = ? [pid 6005] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6003] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6001] +++ exited with 0 +++ [pid 6005] ioctl(4, LOOP_CLR_FD) = 0 [pid 6002] ioctl(7, LOOP_SET_FD, 6 [pid 6000] ioctl(7, LOOP_SET_FD, 6 [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6001, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 6002] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6000] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6002] close(7 [pid 6000] close(7 [pid 6002] <... close resumed>) = 0 [pid 6000] <... close resumed>) = 0 [pid 5015] umount2("./161", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6002] close(6 [pid 6000] close(6 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6005] ioctl(4, LOOP_SET_FD, 3 [pid 6000] <... close resumed>) = 0 [pid 5015] openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6005] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5015] <... openat resumed>) = 3 [pid 6005] close(4 [pid 5015] newfstatat(3, "", [pid 6005] <... close resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6005] close(3 [pid 5015] getdents64(3, [pid 6005] <... close resumed>) = 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] umount2("./161/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(AT_FDCWD, "./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] unlink("./161/binderfs") = 0 [pid 5015] umount2("\x2e\x2f\x31\x36\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6005] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6004] <... write resumed>) = 2097152 [pid 6002] <... close resumed>) = 0 [pid 5015] <... umount2 resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x36\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6005] <... open resumed>) = 3 [pid 6002] exit_group(0 [pid 6005] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 6002] <... exit_group resumed>) = ? [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6005] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x31\x2f\x2e\x02", [pid 6005] openat(AT_FDCWD, NULL, O_RDWR [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6005] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6005] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 6005] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 6004] munmap(0x7f362c399000, 2097152 [pid 5015] umount2("\x2e\x2f\x31\x36\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6005] <... mmap resumed>) = 0x20000000 [pid 6005] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6005] <... open resumed>) = -1 EFAULT (Bad address) [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x31\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5015] newfstatat(4, "", [pid 6005] memfd_create("syzkaller", 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6005] <... memfd_create resumed>) = 5 [pid 5015] getdents64(4, [pid 6005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6002] +++ exited with 0 +++ [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 6005] <... mmap resumed>) = 0x7f362c399000 [pid 6004] <... munmap resumed>) = 0 [pid 5015] getdents64(4, [pid 6000] exit_group(0 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] close(4) = 0 [pid 5015] rmdir("\x2e\x2f\x31\x36\x31\x2f\x2e\x02") = 0 [pid 5015] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] close(3 [pid 6004] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6000] <... exit_group resumed>) = ? [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6002, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 5015] <... close resumed>) = 0 [pid 6004] <... openat resumed>) = 7 [pid 5017] umount2("./160", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] rmdir("./161" [pid 6004] ioctl(7, LOOP_SET_FD, 6 [pid 6000] +++ exited with 0 +++ [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... rmdir resumed>) = 0 [pid 6004] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6000, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5015] mkdir("./162", 0777 [pid 6004] ioctl(7, LOOP_CLR_FD [pid 5017] <... openat resumed>) = 3 [pid 5015] <... mkdir resumed>) = 0 [pid 6004] <... ioctl resumed>) = 0 [pid 5017] newfstatat(3, "", [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6003] <... write resumed>) = 2097152 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] umount2("./159", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... openat resumed>) = 3 [pid 6003] munmap(0x7f362c399000, 2097152 [pid 5017] getdents64(3, [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] ioctl(3, LOOP_CLR_FD [pid 6004] ioctl(7, LOOP_SET_FD, 6 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5015] close(3) = 0 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6004] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6003] <... munmap resumed>) = 0 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 6006 attached [pid 6005] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6004] close(7 [pid 6003] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5017] umount2("./160/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... openat resumed>) = 3 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 6006 [pid 6004] <... close resumed>) = 0 [pid 6003] <... openat resumed>) = 7 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(3, "", [pid 6004] close(6 [pid 6003] ioctl(7, LOOP_SET_FD, 6 [pid 5017] newfstatat(AT_FDCWD, "./160/binderfs", [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6004] <... close resumed>) = 0 [pid 6003] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6006] set_robust_list(0x555557506760, 24 [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] getdents64(3, [pid 6006] <... set_robust_list resumed>) = 0 [pid 6003] ioctl(7, LOOP_CLR_FD [pid 5017] unlink("./160/binderfs" [pid 6006] chdir("./162" [pid 6003] <... ioctl resumed>) = 0 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] <... unlink resumed>) = 0 [pid 6006] <... chdir resumed>) = 0 [pid 6005] <... write resumed>) = 2097152 [pid 6004] exit_group(0 [pid 5017] umount2("\x2e\x2f\x31\x36\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] umount2("./159/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6006] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6005] munmap(0x7f362c399000, 2097152 [pid 6004] <... exit_group resumed>) = ? [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6006] <... prctl resumed>) = 0 [pid 6005] <... munmap resumed>) = 0 [pid 6004] +++ exited with 0 +++ [pid 5017] <... umount2 resumed>) = 0 [pid 5016] newfstatat(AT_FDCWD, "./159/binderfs", [pid 6006] setpgid(0, 0 [pid 6005] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6003] ioctl(7, LOOP_SET_FD, 6 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6004, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5017] umount2("\x2e\x2f\x31\x36\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6006] <... setpgid resumed>) = 0 [pid 6005] <... openat resumed>) = 6 [pid 6003] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] unlink("./159/binderfs" [pid 6006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6005] ioctl(6, LOOP_SET_FD, 5 [pid 6003] close(7 [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x30\x2f\x2e\x02", [pid 6006] <... openat resumed>) = 3 [pid 6005] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6003] <... close resumed>) = 0 [pid 5018] umount2("./164", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... unlink resumed>) = 0 [pid 6006] write(3, "1000", 4 [pid 6005] ioctl(6, LOOP_CLR_FD [pid 6003] close(6 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] umount2("\x2e\x2f\x31\x36\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] umount2("\x2e\x2f\x31\x35\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6006] <... write resumed>) = 4 [pid 6005] <... ioctl resumed>) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5017] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5017] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5017] close(4) = 0 [pid 5017] rmdir("\x2e\x2f\x31\x36\x30\x2f\x2e\x02" [pid 6006] close(3 [pid 6003] <... close resumed>) = 0 [pid 5018] openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] <... rmdir resumed>) = 0 [pid 5016] <... umount2 resumed>) = 0 [pid 6006] <... close resumed>) = 0 [pid 6003] exit_group(0 [pid 5018] <... openat resumed>) = 3 [pid 5017] getdents64(3, [pid 5016] umount2("\x2e\x2f\x31\x35\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6006] symlink("/dev/binderfs", "./binderfs" [pid 6005] ioctl(6, LOOP_SET_FD, 5 [pid 6003] <... exit_group resumed>) = ? [pid 5018] newfstatat(3, "", [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6006] <... symlink resumed>) = 0 [pid 6005] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] close(3 [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x39\x2f\x2e\x02", [pid 6005] close(6 [pid 6003] +++ exited with 0 +++ [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] <... close resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6006] memfd_create("syzkaller", 0 [pid 6005] <... close resumed>) = 0 [pid 5018] getdents64(3, [pid 5017] rmdir("./160" [pid 6006] <... memfd_create resumed>) = 3 [pid 6005] close(5 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6003, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=7 /* 0.07 s */} --- [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] <... rmdir resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x35\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] restart_syscall(<... resuming interrupted clone ...> [pid 5017] mkdir("./161", 0777 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] umount2("./164/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6006] <... mmap resumed>) = 0x7f3634699000 [pid 5019] <... restart_syscall resumed>) = 0 [pid 5017] <... mkdir resumed>) = 0 [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5016] <... openat resumed>) = 4 [pid 5016] newfstatat(4, "", [pid 5019] umount2("./165", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] getdents64(4, [pid 5019] openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5019] <... openat resumed>) = 3 [pid 5016] getdents64(4, [pid 6006] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5019] newfstatat(3, "", [pid 5018] newfstatat(AT_FDCWD, "./164/binderfs", [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] close(4 [pid 5019] getdents64(3, [pid 5018] unlink("./164/binderfs" [pid 5016] <... close resumed>) = 0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5018] <... unlink resumed>) = 0 [pid 5016] rmdir("\x2e\x2f\x31\x35\x39\x2f\x2e\x02" [pid 5019] umount2("./165/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] umount2("\x2e\x2f\x31\x36\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... openat resumed>) = 3 [pid 5016] <... rmdir resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5016] getdents64(3, [pid 5019] newfstatat(AT_FDCWD, "./165/binderfs", [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] close(3 [pid 5016] close(3 [pid 5019] unlink("./165/binderfs" [pid 5017] <... close resumed>) = 0 [pid 5016] <... close resumed>) = 0 [pid 5019] <... unlink resumed>) = 0 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5016] rmdir("./159" [pid 5019] umount2("\x2e\x2f\x31\x36\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... umount2 resumed>) = 0 [pid 5016] <... rmdir resumed>) = 0 [pid 6006] <... write resumed>) = 1048576 [pid 6005] <... close resumed>) = 0 [pid 5019] <... umount2 resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x36\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 6007 [pid 5016] mkdir("./160", 0777 [pid 6006] munmap(0x7f3634699000, 1048576 [pid 6005] exit_group(0 [pid 5019] umount2("\x2e\x2f\x31\x36\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... mkdir resumed>) = 0 [pid 6006] <... munmap resumed>) = 0 [pid 6005] <... exit_group resumed>) = ? [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x34\x2f\x2e\x02", [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6006] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x35\x2f\x2e\x02", [pid 5016] <... openat resumed>) = 3 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5019] umount2("\x2e\x2f\x31\x36\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6006] <... openat resumed>) = 4 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] close(3./strace-static-x86_64: Process 6007 attached [pid 6006] ioctl(4, LOOP_SET_FD, 3 [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x35\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] umount2("\x2e\x2f\x31\x36\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... close resumed>) = 0 [pid 6007] set_robust_list(0x555557506760, 24 [pid 5019] <... openat resumed>) = 4 [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6007] <... set_robust_list resumed>) = 0 [pid 5019] newfstatat(4, "", [pid 6007] chdir("./161" [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 6008 [pid 6007] <... chdir resumed>) = 0 [pid 5019] getdents64(4, [pid 6007] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 6007] <... prctl resumed>) = 0 [pid 6006] <... ioctl resumed>) = 0 [pid 5019] getdents64(4, [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6007] setpgid(0, 0 [pid 6006] close(3 [pid 6005] +++ exited with 0 +++ [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 6008 attached [pid 6007] <... setpgid resumed>) = 0 [pid 6006] <... close resumed>) = 0 [pid 5019] close(4 [pid 5018] <... openat resumed>) = 4 [pid 6007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6006] mkdir("\x2e\x02", 0777 [pid 5019] <... close resumed>) = 0 [pid 5018] newfstatat(4, "", [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6005, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [pid 6008] set_robust_list(0x555557506760, 24 [pid 6007] <... openat resumed>) = 3 [pid 6006] <... mkdir resumed>) = 0 [pid 5019] rmdir("\x2e\x2f\x31\x36\x35\x2f\x2e\x02" [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] restart_syscall(<... resuming interrupted clone ...> [pid 6008] <... set_robust_list resumed>) = 0 [pid 6007] write(3, "1000", 4 [pid 6006] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5019] <... rmdir resumed>) = 0 [pid 5018] getdents64(4, [pid 5014] <... restart_syscall resumed>) = 0 [pid 6008] chdir("./160" [pid 6007] <... write resumed>) = 4 [pid 5019] getdents64(3, [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 6008] <... chdir resumed>) = 0 [pid 6007] close(3 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] getdents64(4, [pid 6008] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6007] <... close resumed>) = 0 [pid 5019] close(3 [pid 6007] symlink("/dev/binderfs", "./binderfs" [pid 5019] <... close resumed>) = 0 [pid 6008] <... prctl resumed>) = 0 [pid 6007] <... symlink resumed>) = 0 [pid 5019] rmdir("./165" [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5014] umount2("./157", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6008] setpgid(0, 0 [pid 6007] memfd_create("syzkaller", 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5018] close(4 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6008] <... setpgid resumed>) = 0 [pid 6007] <... memfd_create resumed>) = 3 [pid 5019] mkdir("./166", 0777 [pid 5018] <... close resumed>) = 0 [pid 6007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] <... mkdir resumed>) = 0 [pid 6007] <... mmap resumed>) = 0x7f3634699000 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6007] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5019] <... openat resumed>) = 3 [pid 5018] rmdir("\x2e\x2f\x31\x36\x34\x2f\x2e\x02" [pid 5014] openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6008] <... openat resumed>) = 3 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5018] <... rmdir resumed>) = 0 [pid 6008] write(3, "1000", 4 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [ 183.576986][ T6006] loop1: detected capacity change from 0 to 2048 [ 183.598325][ T6006] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 183.610962][ T6006] UDF-fs: Scanning with blocksize 512 failed [pid 5018] getdents64(3, [pid 5014] <... openat resumed>) = 3 [pid 6008] <... write resumed>) = 4 [pid 6007] <... write resumed>) = 1048576 [pid 5019] close(3) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6008] close(3 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 6009 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] newfstatat(3, "", ./strace-static-x86_64: Process 6009 attached [pid 6009] set_robust_list(0x555557506760, 24) = 0 [pid 6009] chdir("./166") = 0 [pid 6009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6009] setpgid(0, 0) = 0 [pid 6008] <... close resumed>) = 0 [pid 5018] close(3 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6008] symlink("/dev/binderfs", "./binderfs" [pid 5018] <... close resumed>) = 0 [pid 5014] getdents64(3, [pid 6009] <... openat resumed>) = 3 [pid 6008] <... symlink resumed>) = 0 [pid 5018] rmdir("./164" [pid 6009] write(3, "1000", 4 [pid 6008] memfd_create("syzkaller", 0 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 6009] <... write resumed>) = 4 [pid 6008] <... memfd_create resumed>) = 3 [pid 5018] <... rmdir resumed>) = 0 [pid 5014] umount2("./157/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6009] close(3 [pid 6008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] mkdir("./165", 0777 [pid 6009] <... close resumed>) = 0 [pid 6008] <... mmap resumed>) = 0x7f3634699000 [pid 5014] <... umount2 resumed>) = 0 [pid 6009] symlink("/dev/binderfs", "./binderfs" [pid 5018] <... mkdir resumed>) = 0 [pid 6009] <... symlink resumed>) = 0 [pid 6007] munmap(0x7f3634699000, 1048576 [pid 6009] memfd_create("syzkaller", 0 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5014] umount2("./157/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6009] <... memfd_create resumed>) = 3 [pid 6008] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6007] <... munmap resumed>) = 0 [pid 5018] <... openat resumed>) = 3 [pid 6009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6007] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6009] <... mmap resumed>) = 0x7f3634699000 [pid 6007] <... openat resumed>) = 4 [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [ 183.627096][ T6006] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5014] newfstatat(AT_FDCWD, "./157/bus", [pid 6009] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6007] ioctl(4, LOOP_SET_FD, 3 [pid 5018] close(3 [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6008] <... write resumed>) = 1048576 [pid 6006] <... mount resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5014] unlink("./157/bus") = 0 [pid 6006] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 6010 [pid 5014] umount2("./157/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6006] <... openat resumed>) = 3 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6010 attached [pid 6008] munmap(0x7f3634699000, 1048576 [pid 6006] chdir("\x2e\x02" [pid 5014] newfstatat(AT_FDCWD, "./157/binderfs", [pid 6010] set_robust_list(0x555557506760, 24) = 0 [pid 6008] <... munmap resumed>) = 0 [pid 6006] <... chdir resumed>) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6010] chdir("./165" [pid 6008] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6006] ioctl(4, LOOP_CLR_FD [pid 5014] unlink("./157/binderfs" [pid 6010] <... chdir resumed>) = 0 [pid 6008] <... openat resumed>) = 4 [pid 6006] <... ioctl resumed>) = 0 [pid 6010] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6008] ioctl(4, LOOP_SET_FD, 3 [pid 5014] <... unlink resumed>) = 0 [pid 6010] <... prctl resumed>) = 0 [pid 6006] close(4 [pid 6007] <... ioctl resumed>) = 0 [pid 6007] close(3) = 0 [pid 6007] mkdir("\x2e\x02", 0777) = 0 [pid 6007] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 6008] <... ioctl resumed>) = 0 [pid 5014] getdents64(3, [pid 6010] setpgid(0, 0 [pid 6006] <... close resumed>) = 0 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 6010] <... setpgid resumed>) = 0 [pid 6008] close(3 [pid 6006] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6009] <... write resumed>) = 1048576 [pid 5014] close(3 [pid 6010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 183.669274][ T6007] loop3: detected capacity change from 0 to 2048 [ 183.705543][ T6008] loop2: detected capacity change from 0 to 2048 [pid 5014] <... close resumed>) = 0 [pid 6010] write(3, "1000", 4 [pid 6008] <... close resumed>) = 0 [pid 6006] <... open resumed>) = 4 [pid 5014] rmdir("./157" [pid 6010] <... write resumed>) = 4 [pid 6006] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6010] close(3 [pid 5014] <... rmdir resumed>) = 0 [pid 6010] <... close resumed>) = 0 [pid 6009] munmap(0x7f3634699000, 1048576 [pid 6008] mkdir("\x2e\x02", 0777 [pid 6006] <... mount resumed>) = 0 [pid 5014] mkdir("./158", 0777 [pid 6010] symlink("/dev/binderfs", "./binderfs" [pid 6006] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6009] <... munmap resumed>) = 0 [pid 6008] <... mkdir resumed>) = 0 [pid 5014] <... mkdir resumed>) = 0 [pid 6010] <... symlink resumed>) = 0 [pid 6009] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6008] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 6006] <... open resumed>) = 5 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6010] memfd_create("syzkaller", 0 [pid 6009] <... openat resumed>) = 4 [pid 6006] openat(AT_FDCWD, NULL, O_RDWR [pid 6010] <... memfd_create resumed>) = 3 [pid 6009] ioctl(4, LOOP_SET_FD, 3 [pid 6006] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5014] <... openat resumed>) = 3 [pid 6010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6006] ftruncate(-1, 2 [pid 5014] ioctl(3, LOOP_CLR_FD [pid 6010] <... mmap resumed>) = 0x7f3634699000 [pid 6006] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5014] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6010] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6006] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5014] close(3 [pid 6006] <... mmap resumed>) = 0x20000000 [pid 6006] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5014] <... close resumed>) = 0 [pid 6006] <... open resumed>) = -1 EFAULT (Bad address) [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6006] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 6006] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 6011 [pid 6009] <... ioctl resumed>) = 0 [pid 6009] close(3) = 0 [pid 6006] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 6009] mkdir("\x2e\x02", 0777) = 0 [pid 6006] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 6009] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 6006] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 6006] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 6006] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 6006] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 6006] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [ 183.722473][ T6007] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 183.746244][ T6009] loop5: detected capacity change from 0 to 2048 [ 183.753584][ T6008] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 183.755743][ T6007] UDF-fs: Scanning with blocksize 512 failed [pid 6006] memfd_create("syzkaller", 0./strace-static-x86_64: Process 6011 attached ) = 6 [pid 6011] set_robust_list(0x555557506760, 24 [pid 6006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6011] <... set_robust_list resumed>) = 0 [pid 6006] <... mmap resumed>) = 0x7f362c399000 [pid 6011] chdir("./158" [pid 6010] <... write resumed>) = 1048576 [pid 6006] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 6011] <... chdir resumed>) = 0 [pid 6006] exit_group(0 [pid 6011] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6010] munmap(0x7f3634699000, 1048576 [pid 6006] <... exit_group resumed>) = ? [pid 6011] <... prctl resumed>) = 0 [pid 6011] setpgid(0, 0 [pid 6010] <... munmap resumed>) = 0 [pid 6006] +++ exited with 0 +++ [pid 6011] <... setpgid resumed>) = 0 [pid 6010] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6006, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6010] <... openat resumed>) = 4 [pid 5015] restart_syscall(<... resuming interrupted clone ...> [pid 6011] <... openat resumed>) = 3 [pid 6010] ioctl(4, LOOP_SET_FD, 3 [pid 5015] <... restart_syscall resumed>) = 0 [ 183.804072][ T6009] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 183.825768][ T6008] UDF-fs: Scanning with blocksize 512 failed [pid 6011] write(3, "1000", 4 [pid 5015] umount2("./162", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6011] <... write resumed>) = 4 [pid 5015] <... openat resumed>) = 3 [pid 6011] close(3 [pid 5015] newfstatat(3, "", [pid 6011] <... close resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6011] symlink("/dev/binderfs", "./binderfs" [pid 5015] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] umount2("./162/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(AT_FDCWD, "./162/binderfs", [pid 6011] <... symlink resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6011] memfd_create("syzkaller", 0 [pid 5015] unlink("./162/binderfs" [pid 6011] <... memfd_create resumed>) = 3 [pid 5015] <... unlink resumed>) = 0 [ 183.859065][ T6010] loop4: detected capacity change from 0 to 2048 [ 183.869271][ T6009] UDF-fs: Scanning with blocksize 512 failed [ 183.876595][ T6008] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5015] umount2("\x2e\x2f\x31\x36\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6011] <... mmap resumed>) = 0x7f3634699000 [pid 6010] <... ioctl resumed>) = 0 [pid 6010] close(3 [pid 6011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6010] <... close resumed>) = 0 [pid 6010] mkdir("\x2e\x02", 0777) = 0 [ 183.902508][ T6007] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5015] <... umount2 resumed>) = 0 [pid 6010] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 6008] <... mount resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x36\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x32\x2f\x2e\x02", [pid 6007] <... mount resumed>) = 0 [pid 6007] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 6007] chdir("\x2e\x02") = 0 [pid 6007] ioctl(4, LOOP_CLR_FD [pid 6008] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 6007] <... ioctl resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6011] <... write resumed>) = 1048576 [pid 6007] close(4) = 0 [pid 5015] umount2("\x2e\x2f\x31\x36\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6011] munmap(0x7f3634699000, 1048576 [pid 6007] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6008] <... openat resumed>) = 3 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6011] <... munmap resumed>) = 0 [pid 6008] chdir("\x2e\x02" [pid 6007] <... open resumed>) = 4 [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6011] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6008] <... chdir resumed>) = 0 [pid 6007] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6011] <... openat resumed>) = 4 [pid 6008] ioctl(4, LOOP_CLR_FD [pid 6007] <... mount resumed>) = 0 [pid 5015] <... openat resumed>) = 4 [pid 6011] ioctl(4, LOOP_SET_FD, 3 [pid 6008] <... ioctl resumed>) = 0 [ 183.946356][ T6009] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 183.968680][ T6010] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 183.978248][ T6010] UDF-fs: Scanning with blocksize 512 failed [pid 6007] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5015] newfstatat(4, "", [pid 6007] <... open resumed>) = 5 [pid 6008] close(4 [pid 6007] openat(AT_FDCWD, NULL, O_RDWR [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6008] <... close resumed>) = 0 [pid 6007] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5015] getdents64(4, [pid 6008] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6007] ftruncate(-1, 2 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 6007] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6007] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5015] getdents64(4, [pid 6008] <... open resumed>) = 4 [pid 6007] <... mmap resumed>) = 0x20000000 [pid 6008] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 6009] <... mount resumed>) = 0 [pid 6007] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6009] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 6007] <... open resumed>) = -1 EFAULT (Bad address) [pid 6011] <... ioctl resumed>) = 0 [pid 6009] <... openat resumed>) = 3 [pid 6008] <... mount resumed>) = 0 [pid 5015] close(4 [pid 6011] close(3 [pid 6009] chdir("\x2e\x02" [pid 5015] <... close resumed>) = 0 [pid 6011] <... close resumed>) = 0 [pid 6010] <... mount resumed>) = 0 [pid 6009] <... chdir resumed>) = 0 [pid 6008] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5015] rmdir("\x2e\x2f\x31\x36\x32\x2f\x2e\x02" [pid 6011] mkdir("\x2e\x02", 0777 [pid 6010] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 6009] ioctl(4, LOOP_CLR_FD [pid 6008] <... open resumed>) = 5 [pid 6010] <... openat resumed>) = 3 [pid 6009] <... ioctl resumed>) = 0 [pid 6008] openat(AT_FDCWD, NULL, O_RDWR [pid 6010] chdir("\x2e\x02" [pid 6009] close(4) = 0 [pid 6008] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6011] <... mkdir resumed>) = 0 [pid 6009] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5015] <... rmdir resumed>) = 0 [pid 6011] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [pid 6010] <... chdir resumed>) = 0 [pid 6009] <... open resumed>) = 4 [pid 6008] ftruncate(-1, 2 [pid 5015] getdents64(3, [pid 6010] ioctl(4, LOOP_CLR_FD [pid 6009] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6008] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6010] <... ioctl resumed>) = 0 [pid 6009] <... mount resumed>) = 0 [ 184.004248][ T6011] loop0: detected capacity change from 0 to 2048 [ 184.024818][ T6010] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 184.026987][ T6007] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2 [pid 6008] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 6010] close(4 [pid 6009] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6010] <... close resumed>) = 0 [pid 6009] <... open resumed>) = 5 [pid 6008] <... mmap resumed>) = 0x20000000 [pid 5015] close(3 [pid 6010] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6008] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5015] <... close resumed>) = 0 [pid 6008] <... open resumed>) = -1 EFAULT (Bad address) [pid 5015] rmdir("./162" [pid 6010] <... open resumed>) = 4 [pid 5015] <... rmdir resumed>) = 0 [pid 6010] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5015] mkdir("./163", 0777 [pid 6010] <... mount resumed>) = 0 [pid 5015] <... mkdir resumed>) = 0 [pid 6010] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6010] <... open resumed>) = 5 [pid 6009] openat(AT_FDCWD, NULL, O_RDWR [pid 6008] memfd_create("syzkaller", 0 [pid 6007] memfd_create("syzkaller", 0 [pid 5015] <... openat resumed>) = 3 [pid 6010] openat(AT_FDCWD, NULL, O_RDWR [pid 6009] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6008] <... memfd_create resumed>) = 6 [pid 6007] <... memfd_create resumed>) = 6 [pid 5015] ioctl(3, LOOP_CLR_FD [pid 6010] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6009] ftruncate(-1, 2 [pid 6008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6010] ftruncate(-1, 2 [pid 6009] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5015] close(3 [pid 6010] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6009] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 6008] <... mmap resumed>) = 0x7f362c399000 [pid 6007] <... mmap resumed>) = 0x7f362c399000 [pid 5015] <... close resumed>) = 0 [pid 6010] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6010] <... mmap resumed>) = 0x20000000 [pid 6009] <... mmap resumed>) = 0x20000000 [pid 6010] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 6012 [pid 6010] <... open resumed>) = -1 EFAULT (Bad address) [pid 6010] memfd_create("syzkaller", 0 [pid 6009] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6010] <... memfd_create resumed>) = 6 [pid 6009] <... open resumed>) = -1 EFAULT (Bad address) [pid 6010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 6009] memfd_create("syzkaller", 0) = 6 [pid 6009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 6012 attached ) = 0x7f362c399000 [pid 6012] set_robust_list(0x555557506760, 24) = 0 [pid 6012] chdir("./163") = 0 [pid 6012] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6012] setpgid(0, 0) = 0 [pid 6012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6012] write(3, "1000", 4) = 4 [pid 6012] close(3) = 0 [pid 6012] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6012] memfd_create("syzkaller", 0) = 3 [pid 6012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [ 184.088544][ T6011] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 184.101761][ T6011] UDF-fs: Scanning with blocksize 512 failed [pid 6012] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6010] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6012] <... write resumed>) = 1048576 [pid 6008] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6007] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6009] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6012] munmap(0x7f3634699000, 1048576) = 0 [pid 6012] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6012] ioctl(4, LOOP_SET_FD, 3 [pid 6010] <... write resumed>) = 2097152 [pid 6012] <... ioctl resumed>) = 0 [pid 6012] close(3) = 0 [pid 6012] mkdir("\x2e\x02", 0777) = 0 [pid 6008] <... write resumed>) = 2097152 [pid 6007] <... write resumed>) = 2097152 [pid 6012] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 6010] munmap(0x7f362c399000, 2097152 [pid 6009] <... write resumed>) = 2097152 [pid 6008] munmap(0x7f362c399000, 2097152 [ 184.213574][ T6012] loop1: detected capacity change from 0 to 2048 [pid 6007] munmap(0x7f362c399000, 2097152 [pid 6010] <... munmap resumed>) = 0 [pid 6009] munmap(0x7f362c399000, 2097152 [pid 6008] <... munmap resumed>) = 0 [pid 6007] <... munmap resumed>) = 0 [pid 6009] <... munmap resumed>) = 0 [pid 6008] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6007] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6009] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6008] <... openat resumed>) = 7 [pid 6007] <... openat resumed>) = 7 [pid 6009] <... openat resumed>) = 7 [pid 6008] ioctl(7, LOOP_SET_FD, 6 [pid 6007] ioctl(7, LOOP_SET_FD, 6 [pid 6010] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6009] ioctl(7, LOOP_SET_FD, 6 [pid 6008] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6007] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6010] <... openat resumed>) = 7 [pid 6009] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6008] ioctl(7, LOOP_CLR_FD [pid 6007] ioctl(7, LOOP_CLR_FD [pid 6010] ioctl(7, LOOP_SET_FD, 6 [pid 6009] ioctl(7, LOOP_CLR_FD [pid 6008] <... ioctl resumed>) = 0 [pid 6007] <... ioctl resumed>) = 0 [pid 6010] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6009] <... ioctl resumed>) = 0 [pid 6010] ioctl(7, LOOP_CLR_FD) = 0 [pid 6009] ioctl(7, LOOP_SET_FD, 6 [pid 6008] ioctl(7, LOOP_SET_FD, 6 [pid 6007] ioctl(7, LOOP_SET_FD, 6 [pid 6009] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6008] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6007] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [ 184.260970][ T6012] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 184.269047][ T6011] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 184.276749][ T6012] UDF-fs: Scanning with blocksize 512 failed [ 184.284165][ T6011] UDF-fs: Scanning with blocksize 1024 failed [ 184.294019][ T6012] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 184.303722][ T6011] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [pid 6010] ioctl(7, LOOP_SET_FD, 6 [pid 6009] close(7 [pid 6008] close(7 [pid 6007] close(7 [pid 6010] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6009] <... close resumed>) = 0 [pid 6008] <... close resumed>) = 0 [pid 6007] <... close resumed>) = 0 [pid 6010] close(7 [pid 6009] close(6 [pid 6008] close(6 [pid 6007] close(6 [pid 6012] <... mount resumed>) = 0 [pid 6010] <... close resumed>) = 0 [pid 6008] <... close resumed>) = 0 [pid 6007] <... close resumed>) = 0 [pid 6012] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 6010] close(6 [pid 6012] <... openat resumed>) = 3 [pid 6011] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6010] <... close resumed>) = 0 [pid 6009] <... close resumed>) = 0 [pid 6012] chdir("\x2e\x02" [pid 6011] ioctl(4, LOOP_CLR_FD [pid 6012] <... chdir resumed>) = 0 [pid 6011] <... ioctl resumed>) = 0 [pid 6012] ioctl(4, LOOP_CLR_FD [pid 6011] close(4 [pid 6012] <... ioctl resumed>) = 0 [pid 6011] <... close resumed>) = 0 [pid 6008] exit_group(0 [pid 6012] close(4 [pid 6011] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6008] <... exit_group resumed>) = ? [pid 6007] exit_group(0 [pid 6009] exit_group(0) = ? [pid 6008] +++ exited with 0 +++ [pid 6012] <... close resumed>) = 0 [pid 6007] <... exit_group resumed>) = ? [pid 6012] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6011] <... open resumed>) = 3 [pid 6009] +++ exited with 0 +++ [pid 6007] +++ exited with 0 +++ [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6008, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 6012] <... open resumed>) = 4 [pid 6011] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6007, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 6012] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6011] <... mount resumed>) = 0 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6009, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 6012] <... mount resumed>) = 0 [pid 6011] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6010] exit_group(0 [pid 5019] restart_syscall(<... resuming interrupted clone ...> [pid 6012] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6011] <... open resumed>) = 4 [pid 6010] <... exit_group resumed>) = ? [pid 5019] <... restart_syscall resumed>) = 0 [pid 6012] <... open resumed>) = 5 [pid 6011] openat(AT_FDCWD, NULL, O_RDWR [pid 6010] +++ exited with 0 +++ [pid 6012] openat(AT_FDCWD, NULL, O_RDWR [pid 6011] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6010, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5016] umount2("./160", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6012] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6011] ftruncate(-1, 2 [pid 5019] umount2("./166", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6012] ftruncate(-1, 2 [pid 6011] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] umount2("./161", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6012] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6011] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 5019] openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... openat resumed>) = 3 [pid 6012] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 6011] <... mmap resumed>) = 0x20000000 [pid 5019] <... openat resumed>) = 3 [pid 5017] openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] newfstatat(3, "", [pid 6012] <... mmap resumed>) = 0x20000000 [pid 6011] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] newfstatat(3, "", [pid 5017] <... openat resumed>) = 3 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6012] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6011] <... open resumed>) = -1 EFAULT (Bad address) [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] umount2("./165", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] newfstatat(3, "", [pid 5016] getdents64(3, [pid 6012] <... open resumed>) = -1 EFAULT (Bad address) [pid 5019] getdents64(3, [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] getdents64(3, [pid 5016] umount2("./160/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] umount2("./166/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 184.311919][ T6011] UDF-fs: Scanning with blocksize 2048 failed [ 184.324826][ T6011] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 184.332239][ T6011] UDF-fs: Scanning with blocksize 4096 failed [pid 5017] umount2("./161/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] newfstatat(AT_FDCWD, "./160/binderfs", [pid 6012] memfd_create("syzkaller", 0 [pid 6011] memfd_create("syzkaller", 0 [pid 5019] newfstatat(AT_FDCWD, "./166/binderfs", [pid 5018] <... openat resumed>) = 3 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6012] <... memfd_create resumed>) = 6 [pid 6011] <... memfd_create resumed>) = 5 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] newfstatat(3, "", [pid 5017] newfstatat(AT_FDCWD, "./161/binderfs", [pid 5016] unlink("./160/binderfs" [pid 6012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] unlink("./166/binderfs" [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... unlink resumed>) = 0 [pid 6012] <... mmap resumed>) = 0x7f362c399000 [pid 6011] <... mmap resumed>) = 0x7f362c399000 [pid 5019] <... unlink resumed>) = 0 [pid 5018] getdents64(3, [pid 5017] unlink("./161/binderfs" [pid 5016] umount2("\x2e\x2f\x31\x36\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] umount2("\x2e\x2f\x31\x36\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... unlink resumed>) = 0 [pid 5016] <... umount2 resumed>) = 0 [pid 5019] <... umount2 resumed>) = 0 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] umount2("\x2e\x2f\x31\x36\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] umount2("\x2e\x2f\x31\x36\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] umount2("\x2e\x2f\x31\x36\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] umount2("./165/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... umount2 resumed>) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x30\x2f\x2e\x02", [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x36\x2f\x2e\x02", [pid 5018] newfstatat(AT_FDCWD, "./165/binderfs", [pid 5017] umount2("\x2e\x2f\x31\x36\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] umount2("\x2e\x2f\x31\x36\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] umount2("\x2e\x2f\x31\x36\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] unlink("./165/binderfs" [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x31\x2f\x2e\x02", [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... unlink resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] umount2("\x2e\x2f\x31\x36\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] umount2("\x2e\x2f\x31\x36\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... openat resumed>) = 4 [pid 5019] <... openat resumed>) = 4 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(4, "", [pid 5019] newfstatat(4, "", [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x31\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] <... openat resumed>) = 4 [pid 5016] getdents64(4, [pid 5019] getdents64(4, [pid 5017] newfstatat(4, "", [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] getdents64(4, [pid 5019] getdents64(4, [pid 5017] getdents64(4, [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5016] close(4 [pid 5019] close(4 [pid 5017] getdents64(4, [pid 5016] <... close resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5016] rmdir("\x2e\x2f\x31\x36\x30\x2f\x2e\x02" [pid 5019] rmdir("\x2e\x2f\x31\x36\x36\x2f\x2e\x02" [pid 5017] close(4 [pid 5016] <... rmdir resumed>) = 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5017] <... close resumed>) = 0 [pid 5016] getdents64(3, [pid 5019] getdents64(3, [pid 5017] rmdir("\x2e\x2f\x31\x36\x31\x2f\x2e\x02" [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 6012] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] <... umount2 resumed>) = 0 [pid 5017] <... rmdir resumed>) = 0 [pid 5016] close(3 [pid 5019] close(3 [pid 5018] umount2("\x2e\x2f\x31\x36\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] getdents64(3, [pid 5016] <... close resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] rmdir("./160" [pid 5019] rmdir("./166" [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x35\x2f\x2e\x02", [pid 5017] close(3 [pid 5016] <... rmdir resumed>) = 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] <... close resumed>) = 0 [pid 5016] mkdir("./161", 0777 [pid 5019] mkdir("./167", 0777 [pid 5018] umount2("\x2e\x2f\x31\x36\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] rmdir("./161" [pid 5016] <... mkdir resumed>) = 0 [pid 6011] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5019] <... mkdir resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... rmdir resumed>) = 0 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x35\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] mkdir("./162", 0777 [pid 5016] <... openat resumed>) = 3 [pid 5019] <... openat resumed>) = 3 [pid 5018] <... openat resumed>) = 4 [pid 5017] <... mkdir resumed>) = 0 [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5018] newfstatat(4, "", [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] <... openat resumed>) = 3 [pid 5016] close(3 [pid 5019] close(3 [pid 5018] getdents64(4, [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5016] <... close resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5018] getdents64(4, [pid 5017] close(3 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5017] <... close resumed>) = 0 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 6013 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 6014 [pid 5018] close(4 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5018] <... close resumed>) = 0 [pid 5018] rmdir("\x2e\x2f\x31\x36\x35\x2f\x2e\x02" [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 6015 [pid 5018] <... rmdir resumed>) = 0 [pid 5018] getdents64(3, ./strace-static-x86_64: Process 6014 attached 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] close(3 [pid 6014] set_robust_list(0x555557506760, 24 [pid 5018] <... close resumed>) = 0 [pid 6014] <... set_robust_list resumed>) = 0 [pid 5018] rmdir("./165"./strace-static-x86_64: Process 6013 attached [pid 6014] chdir("./167" [pid 5018] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6015 attached [pid 6014] <... chdir resumed>) = 0 [pid 6013] set_robust_list(0x555557506760, 24 [pid 5018] mkdir("./166", 0777 [pid 6015] set_robust_list(0x555557506760, 24 [pid 6014] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6013] <... set_robust_list resumed>) = 0 [pid 5018] <... mkdir resumed>) = 0 [pid 6015] <... set_robust_list resumed>) = 0 [pid 6014] <... prctl resumed>) = 0 [pid 6013] chdir("./161" [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6015] chdir("./162" [pid 6014] setpgid(0, 0 [pid 6013] <... chdir resumed>) = 0 [pid 5018] <... openat resumed>) = 3 [pid 6015] <... chdir resumed>) = 0 [pid 6014] <... setpgid resumed>) = 0 [pid 6013] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5018] ioctl(3, LOOP_CLR_FD [pid 6015] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6013] <... prctl resumed>) = 0 [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6015] <... prctl resumed>) = 0 [pid 6014] <... openat resumed>) = 3 [pid 6013] setpgid(0, 0 [pid 5018] close(3 [pid 6015] setpgid(0, 0 [pid 6014] write(3, "1000", 4 [pid 6013] <... setpgid resumed>) = 0 [pid 5018] <... close resumed>) = 0 [pid 6015] <... setpgid resumed>) = 0 [pid 6014] <... write resumed>) = 4 [pid 6013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6014] close(3 [pid 6013] <... openat resumed>) = 3 [pid 6015] <... openat resumed>) = 3 [pid 6014] <... close resumed>) = 0 [pid 6013] write(3, "1000", 4 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 6016 [pid 6015] write(3, "1000", 4 [pid 6014] symlink("/dev/binderfs", "./binderfs" [pid 6013] <... write resumed>) = 4 [pid 6015] <... write resumed>) = 4 [pid 6014] <... symlink resumed>) = 0 [pid 6013] close(3 [pid 6015] close(3 [pid 6014] memfd_create("syzkaller", 0 [pid 6013] <... close resumed>) = 0 [pid 6015] <... close resumed>) = 0 [pid 6014] <... memfd_create resumed>) = 3 [pid 6013] symlink("/dev/binderfs", "./binderfs" [pid 6015] symlink("/dev/binderfs", "./binderfs" [pid 6013] <... symlink resumed>) = 0 [pid 6015] <... symlink resumed>) = 0 [pid 6013] memfd_create("syzkaller", 0 [pid 6015] memfd_create("syzkaller", 0 [pid 6013] <... memfd_create resumed>) = 3 [pid 6015] <... memfd_create resumed>) = 3 [pid 6013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6013] <... mmap resumed>) = 0x7f3634699000 [pid 6015] <... mmap resumed>) = 0x7f3634699000 [pid 6014] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6013] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 6016 attached [pid 6015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6014] <... mmap resumed>) = 0x7f3634699000 [pid 6012] <... write resumed>) = 2097152 [pid 6011] <... write resumed>) = 2097152 [pid 6016] set_robust_list(0x555557506760, 24) = 0 [pid 6011] munmap(0x7f362c399000, 2097152 [pid 6016] chdir("./166" [pid 6014] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6016] <... chdir resumed>) = 0 [pid 6013] <... write resumed>) = 1048576 [pid 6012] munmap(0x7f362c399000, 2097152 [pid 6011] <... munmap resumed>) = 0 [pid 6016] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6016] setpgid(0, 0) = 0 [pid 6016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6011] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6016] write(3, "1000", 4) = 4 [pid 6011] <... openat resumed>) = 6 [pid 6016] close(3 [pid 6015] <... write resumed>) = 1048576 [pid 6011] ioctl(6, LOOP_SET_FD, 5 [pid 6016] <... close resumed>) = 0 [pid 6012] <... munmap resumed>) = 0 [pid 6011] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6016] symlink("/dev/binderfs", "./binderfs" [pid 6012] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6011] ioctl(6, LOOP_CLR_FD [pid 6016] <... symlink resumed>) = 0 [pid 6012] <... openat resumed>) = 7 [pid 6011] <... ioctl resumed>) = 0 [pid 6016] memfd_create("syzkaller", 0 [pid 6012] ioctl(7, LOOP_SET_FD, 6 [pid 6016] <... memfd_create resumed>) = 3 [pid 6012] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6012] ioctl(7, LOOP_CLR_FD [pid 6016] <... mmap resumed>) = 0x7f3634699000 [pid 6012] <... ioctl resumed>) = 0 [pid 6011] ioctl(6, LOOP_SET_FD, 5 [pid 6015] munmap(0x7f3634699000, 1048576 [pid 6013] munmap(0x7f3634699000, 1048576 [pid 6015] <... munmap resumed>) = 0 [pid 6013] <... munmap resumed>) = 0 [pid 6015] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6013] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6015] <... openat resumed>) = 4 [pid 6011] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6016] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6015] ioctl(4, LOOP_SET_FD, 3 [pid 6013] <... openat resumed>) = 4 [pid 6011] close(6 [pid 6015] <... ioctl resumed>) = 0 [pid 6013] ioctl(4, LOOP_SET_FD, 3 [pid 6011] <... close resumed>) = 0 [pid 6016] <... write resumed>) = 1048576 [pid 6014] <... write resumed>) = 1048576 [pid 6013] <... ioctl resumed>) = 0 [pid 6012] ioctl(7, LOOP_SET_FD, 6 [pid 6011] close(5 [pid 6016] munmap(0x7f3634699000, 1048576 [pid 6014] munmap(0x7f3634699000, 1048576 [pid 6012] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6016] <... munmap resumed>) = 0 [pid 6016] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6016] ioctl(4, LOOP_SET_FD, 3 [pid 6014] <... munmap resumed>) = 0 [pid 6012] close(7 [pid 6011] <... close resumed>) = 0 [pid 6014] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6012] <... close resumed>) = 0 [pid 6011] exit_group(0 [pid 6014] <... openat resumed>) = 4 [pid 6012] close(6 [pid 6011] <... exit_group resumed>) = ? [pid 6014] ioctl(4, LOOP_SET_FD, 3 [pid 6015] close(3 [pid 6013] close(3 [pid 6015] <... close resumed>) = 0 [pid 6013] <... close resumed>) = 0 [pid 6015] mkdir("\x2e\x02", 0777 [pid 6013] mkdir("\x2e\x02", 0777 [pid 6015] <... mkdir resumed>) = 0 [pid 6013] <... mkdir resumed>) = 0 [pid 6015] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 6013] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 6014] <... ioctl resumed>) = 0 [pid 6011] +++ exited with 0 +++ [pid 6014] close(3 [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6011, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [pid 6014] <... close resumed>) = 0 [pid 6012] <... close resumed>) = 0 [pid 6014] mkdir("\x2e\x02", 0777 [pid 5014] umount2("./158", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6016] <... ioctl resumed>) = 0 [pid 6014] <... mkdir resumed>) = 0 [ 184.567391][ T6015] loop3: detected capacity change from 0 to 2048 [ 184.575811][ T6013] loop2: detected capacity change from 0 to 2048 [ 184.588759][ T6016] loop4: detected capacity change from 0 to 2048 [ 184.604815][ T6014] loop5: detected capacity change from 0 to 2048 [pid 6012] exit_group(0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6016] close(3 [pid 6014] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 6012] <... exit_group resumed>) = ? [pid 5014] openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6016] <... close resumed>) = 0 [pid 6016] mkdir("\x2e\x02", 0777) = 0 [pid 6016] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 5014] <... openat resumed>) = 3 [pid 5014] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] getdents64(3, 0x5555575077f0 /* 5 entries */, 32768) = 128 [pid 5014] umount2("./158/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 184.622764][ T6013] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 184.640534][ T6015] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 184.642357][ T6014] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 184.650196][ T6013] UDF-fs: Scanning with blocksize 512 failed [pid 5014] umount2("./158/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6012] +++ exited with 0 +++ [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] newfstatat(AT_FDCWD, "./158/bus", [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6012, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=9 /* 0.09 s */} --- [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] umount2("./163", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] unlink("./158/bus" [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] <... unlink resumed>) = 0 [pid 5015] <... openat resumed>) = 3 [pid 5014] umount2("./158/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] newfstatat(3, "", [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] newfstatat(AT_FDCWD, "./158/binderfs", [pid 5015] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] umount2("./163/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] unlink("./158/binderfs" [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(AT_FDCWD, "./163/binderfs", [pid 5014] <... unlink resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] umount2("\x2e\x2f\x31\x35\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] unlink("./163/binderfs" [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... unlink resumed>) = 0 [pid 5014] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x38\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] umount2("\x2e\x2f\x31\x36\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] umount2("\x2e\x2f\x31\x35\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5014] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5014] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5014] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5014] close(4) = 0 [pid 5014] rmdir("\x2e\x2f\x31\x35\x38\x2f\x2e\x02") = 0 [pid 5014] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] close(3) = 0 [pid 5014] rmdir("./158") = 0 [pid 5014] mkdir("./159", 0777) = 0 [ 184.668478][ T6016] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 184.685136][ T6015] UDF-fs: Scanning with blocksize 512 failed [ 184.686642][ T6016] UDF-fs: Scanning with blocksize 512 failed [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6015] <... mount resumed>) = 0 [pid 5015] <... umount2 resumed>) = 0 [pid 6015] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5015] umount2("\x2e\x2f\x31\x36\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... openat resumed>) = 3 [pid 6015] <... openat resumed>) = 3 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6015] chdir("\x2e\x02" [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x33\x2f\x2e\x02", [pid 5014] ioctl(3, LOOP_CLR_FD [pid 6015] <... chdir resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6015] ioctl(4, LOOP_CLR_FD [pid 5014] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6015] <... ioctl resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x36\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] close(3 [pid 6015] close(4 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6015] <... close resumed>) = 0 [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x33\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6015] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5014] <... close resumed>) = 0 [pid 6015] <... open resumed>) = 4 [pid 5015] <... openat resumed>) = 4 [pid 6015] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5015] newfstatat(4, "", [pid 6015] <... mount resumed>) = 0 [pid 6015] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6015] <... open resumed>) = 5 [pid 5015] getdents64(4, [pid 6015] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 6017 [pid 6015] ftruncate(-1, 2 [pid 5015] getdents64(4, [pid 6015] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 6015] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5015] close(4./strace-static-x86_64: Process 6017 attached [pid 6015] <... mmap resumed>) = 0x20000000 [pid 5015] <... close resumed>) = 0 [pid 6017] set_robust_list(0x555557506760, 24 [pid 6015] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5015] rmdir("\x2e\x2f\x31\x36\x33\x2f\x2e\x02" [pid 6017] <... set_robust_list resumed>) = 0 [pid 6015] <... open resumed>) = -1 EFAULT (Bad address) [pid 5015] <... rmdir resumed>) = 0 [pid 6015] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 6017] chdir("./159" [pid 6015] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5015] getdents64(3, [pid 6017] <... chdir resumed>) = 0 [pid 6015] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 6014] <... mount resumed>) = 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 6017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6015] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 6014] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5015] close(3 [pid 6017] setpgid(0, 0 [pid 6015] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 6014] <... openat resumed>) = 3 [pid 6013] <... mount resumed>) = 0 [ 184.714656][ T6015] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 184.719871][ T6013] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 184.733505][ T6014] UDF-fs: Scanning with blocksize 512 failed [ 184.750824][ T6014] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5015] <... close resumed>) = 0 [pid 6017] <... setpgid resumed>) = 0 [pid 6015] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 6014] chdir("\x2e\x02" [pid 6013] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5015] rmdir("./163" [pid 6017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6015] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 6014] <... chdir resumed>) = 0 [pid 6013] <... openat resumed>) = 3 [pid 6013] chdir("\x2e\x02" [pid 6017] <... openat resumed>) = 3 [pid 5015] <... rmdir resumed>) = 0 [pid 6017] write(3, "1000", 4 [pid 6015] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 6014] ioctl(4, LOOP_CLR_FD [pid 6013] <... chdir resumed>) = 0 [pid 5015] mkdir("./164", 0777 [pid 6017] <... write resumed>) = 4 [pid 6015] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 6014] <... ioctl resumed>) = 0 [pid 6013] ioctl(4, LOOP_CLR_FD [pid 6017] close(3 [pid 6015] memfd_create("syzkaller", 0 [pid 6014] close(4 [pid 6013] <... ioctl resumed>) = 0 [pid 5015] <... mkdir resumed>) = 0 [pid 6017] <... close resumed>) = 0 [pid 6015] <... memfd_create resumed>) = 6 [pid 6014] <... close resumed>) = 0 [pid 6013] close(4 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6017] symlink("/dev/binderfs", "./binderfs" [pid 6015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6014] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6013] <... close resumed>) = 0 [pid 6013] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5015] <... openat resumed>) = 3 [pid 6017] <... symlink resumed>) = 0 [pid 6015] <... mmap resumed>) = 0x7f362c399000 [pid 6017] memfd_create("syzkaller", 0 [pid 6014] <... open resumed>) = 4 [pid 6013] <... open resumed>) = 4 [pid 6015] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5015] ioctl(3, LOOP_CLR_FD [pid 6017] <... memfd_create resumed>) = 3 [pid 6015] exit_group(0 [pid 6014] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6013] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6015] <... exit_group resumed>) = ? [pid 6014] <... mount resumed>) = 0 [pid 6013] <... mount resumed>) = 0 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6017] <... mmap resumed>) = 0x7f3634699000 [pid 6013] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6015] +++ exited with 0 +++ [pid 6014] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6013] <... open resumed>) = 5 [pid 5015] close(3 [pid 6013] openat(AT_FDCWD, NULL, O_RDWR [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6015, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5015] <... close resumed>) = 0 [pid 6014] <... open resumed>) = 5 [pid 6013] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5017] restart_syscall(<... resuming interrupted clone ...> [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6016] <... mount resumed>) = 0 [pid 6014] openat(AT_FDCWD, NULL, O_RDWR [pid 6013] ftruncate(-1, 2 [pid 5017] <... restart_syscall resumed>) = 0 [pid 6016] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 6013] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6014] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6016] <... openat resumed>) = 3 [pid 6014] ftruncate(-1, 2 [pid 6013] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 6018 [pid 6016] chdir("\x2e\x02" [pid 6014] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6013] <... mmap resumed>) = 0x20000000 [pid 5017] umount2("./162", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6016] <... chdir resumed>) = 0 [pid 6014] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 6013] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6016] ioctl(4, LOOP_CLR_FD [pid 6014] <... mmap resumed>) = 0x20000000 [pid 6013] <... open resumed>) = -1 EFAULT (Bad address) [pid 5017] openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6017] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6016] <... ioctl resumed>) = 0 [pid 6014] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6013] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5017] <... openat resumed>) = 3 [pid 6016] close(4 [pid 6014] <... open resumed>) = -1 EFAULT (Bad address) [pid 6013] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5017] newfstatat(3, "", ./strace-static-x86_64: Process 6018 attached [pid 6016] <... close resumed>) = 0 [pid 6014] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 6013] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6018] set_robust_list(0x555557506760, 24 [pid 6016] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6014] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 6013] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5017] getdents64(3, [pid 6018] <... set_robust_list resumed>) = 0 [pid 6016] <... open resumed>) = 4 [pid 6014] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 6013] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 6018] chdir("./164" [pid 6016] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6014] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 6013] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5017] umount2("./162/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6018] <... chdir resumed>) = 0 [pid 6016] <... mount resumed>) = 0 [pid 6014] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 6013] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6018] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6016] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6014] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 6013] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5017] newfstatat(AT_FDCWD, "./162/binderfs", [pid 6018] <... prctl resumed>) = 0 [pid 6016] <... open resumed>) = 5 [pid 6014] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 6013] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6018] setpgid(0, 0 [pid 6016] openat(AT_FDCWD, NULL, O_RDWR [pid 6014] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [ 184.767401][ T6016] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6013] memfd_create("syzkaller", 0 [pid 5017] unlink("./162/binderfs" [pid 6018] <... setpgid resumed>) = 0 [pid 6016] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6014] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 6013] <... memfd_create resumed>) = 6 [pid 5017] <... unlink resumed>) = 0 [pid 6018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6016] ftruncate(-1, 2 [pid 6014] memfd_create("syzkaller", 0 [pid 6013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] umount2("\x2e\x2f\x31\x36\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6018] <... openat resumed>) = 3 [pid 6016] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6014] <... memfd_create resumed>) = 6 [pid 6013] <... mmap resumed>) = 0x7f362c399000 [pid 6018] write(3, "1000", 4 [pid 6016] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 6014] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6013] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 6018] <... write resumed>) = 4 [pid 6017] <... write resumed>) = 1048576 [pid 6016] <... mmap resumed>) = 0x20000000 [pid 6014] <... mmap resumed>) = 0x7f362c399000 [pid 6013] exit_group(0 [pid 6018] close(3 [pid 6017] munmap(0x7f3634699000, 1048576 [pid 6016] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6014] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 6013] <... exit_group resumed>) = ? [pid 5017] <... umount2 resumed>) = 0 [pid 6018] <... close resumed>) = 0 [pid 6017] <... munmap resumed>) = 0 [pid 6016] <... open resumed>) = -1 EFAULT (Bad address) [pid 6014] exit_group(0 [pid 6013] +++ exited with 0 +++ [pid 5017] umount2("\x2e\x2f\x31\x36\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6018] symlink("/dev/binderfs", "./binderfs" [pid 6017] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6016] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 6014] <... exit_group resumed>) = ? [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6013, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6018] <... symlink resumed>) = 0 [pid 6017] <... openat resumed>) = 4 [pid 6016] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x32\x2f\x2e\x02", [pid 5016] restart_syscall(<... resuming interrupted clone ...> [pid 6018] memfd_create("syzkaller", 0 [pid 6017] ioctl(4, LOOP_SET_FD, 3 [pid 6016] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 6014] +++ exited with 0 +++ [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... restart_syscall resumed>) = 0 [pid 6018] <... memfd_create resumed>) = 3 [pid 6016] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5017] umount2("\x2e\x2f\x31\x36\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6014, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6018] <... mmap resumed>) = 0x7f3634699000 [pid 5019] restart_syscall(<... resuming interrupted clone ...> [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] umount2("./161", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... restart_syscall resumed>) = 0 [pid 5017] <... openat resumed>) = 4 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(4, "", [pid 5016] openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... openat resumed>) = 3 [pid 5019] umount2("./167", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] getdents64(4, [pid 5016] newfstatat(3, "", [pid 6018] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6017] <... ioctl resumed>) = 0 [pid 5019] openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] getdents64(4, [pid 5016] getdents64(3, [pid 6017] close(3 [pid 5019] <... openat resumed>) = 3 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5019] newfstatat(3, "", [pid 5017] close(4 [pid 5016] umount2("./161/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6017] <... close resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] <... close resumed>) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6017] mkdir("\x2e\x02", 0777 [pid 5019] getdents64(3, [pid 5017] rmdir("\x2e\x2f\x31\x36\x32\x2f\x2e\x02" [pid 5016] newfstatat(AT_FDCWD, "./161/binderfs", [pid 6017] <... mkdir resumed>) = 0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] <... rmdir resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6017] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [pid 5019] umount2("./167/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] getdents64(3, [pid 5016] unlink("./161/binderfs" [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] <... unlink resumed>) = 0 [pid 5019] newfstatat(AT_FDCWD, "./167/binderfs", [pid 5017] close(3 [pid 5016] umount2("\x2e\x2f\x31\x36\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] <... close resumed>) = 0 [pid 5019] unlink("./167/binderfs" [pid 5017] rmdir("./162" [pid 5019] <... unlink resumed>) = 0 [pid 5017] <... rmdir resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x36\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] mkdir("./163", 0777) = 0 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5017] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 184.853603][ T6017] loop0: detected capacity change from 0 to 2048 [ 184.855889][ T6016] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2 [pid 5017] close(3 [pid 6018] <... write resumed>) = 1048576 [pid 5017] <... close resumed>) = 0 [pid 6018] munmap(0x7f3634699000, 1048576 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5016] <... umount2 resumed>) = 0 [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 6019 [pid 5016] umount2("\x2e\x2f\x31\x36\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6018] <... munmap resumed>) = 0 [pid 5019] <... umount2 resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x36\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x31\x2f\x2e\x02", [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x37\x2f\x2e\x02", [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] umount2("\x2e\x2f\x31\x36\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] umount2("\x2e\x2f\x31\x36\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x37\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] <... openat resumed>) = 4 [pid 5019] newfstatat(4, "", [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x31\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6018] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... openat resumed>) = 4 [pid 6018] <... openat resumed>) = 4 [pid 5019] getdents64(4, [pid 5016] newfstatat(4, "", ./strace-static-x86_64: Process 6019 attached [pid 6018] ioctl(4, LOOP_SET_FD, 3 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6019] set_robust_list(0x555557506760, 24 [pid 6016] memfd_create("syzkaller", 0 [pid 5019] getdents64(4, [pid 5016] getdents64(4, [pid 6019] <... set_robust_list resumed>) = 0 [pid 6016] <... memfd_create resumed>) = 6 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 6019] chdir("./163" [pid 6016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] close(4 [pid 5016] getdents64(4, [pid 6019] <... chdir resumed>) = 0 [pid 6016] <... mmap resumed>) = 0x7f362c399000 [pid 5019] <... close resumed>) = 0 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 6019] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5019] rmdir("\x2e\x2f\x31\x36\x37\x2f\x2e\x02" [pid 5016] close(4 [pid 6019] <... prctl resumed>) = 0 [pid 6018] <... ioctl resumed>) = 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5016] <... close resumed>) = 0 [pid 6019] setpgid(0, 0 [pid 6018] close(3 [pid 5019] getdents64(3, [pid 5016] rmdir("\x2e\x2f\x31\x36\x31\x2f\x2e\x02" [pid 6019] <... setpgid resumed>) = 0 [pid 6018] <... close resumed>) = 0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] <... rmdir resumed>) = 0 [pid 6019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6018] mkdir("\x2e\x02", 0777 [pid 5019] close(3 [pid 5016] getdents64(3, [pid 6019] <... openat resumed>) = 3 [pid 5019] <... close resumed>) = 0 [pid 6018] <... mkdir resumed>) = 0 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 6019] write(3, "1000", 4 [pid 6018] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5019] rmdir("./167" [pid 5016] close(3 [pid 6019] <... write resumed>) = 4 [pid 5019] <... rmdir resumed>) = 0 [pid 5016] <... close resumed>) = 0 [pid 6019] close(3 [ 184.902909][ T6017] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 184.918335][ T6017] UDF-fs: Scanning with blocksize 512 failed [ 184.930712][ T6018] loop1: detected capacity change from 0 to 2048 [pid 5019] mkdir("./168", 0777 [pid 5016] rmdir("./161" [pid 6019] <... close resumed>) = 0 [pid 5019] <... mkdir resumed>) = 0 [pid 5016] <... rmdir resumed>) = 0 [pid 6019] symlink("/dev/binderfs", "./binderfs" [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5016] mkdir("./162", 0777 [pid 6019] <... symlink resumed>) = 0 [pid 5019] <... openat resumed>) = 3 [pid 5016] <... mkdir resumed>) = 0 [pid 6019] memfd_create("syzkaller", 0 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6019] <... memfd_create resumed>) = 3 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5016] <... openat resumed>) = 3 [pid 6019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] close(3 [pid 5016] ioctl(3, LOOP_CLR_FD [pid 6019] <... mmap resumed>) = 0x7f3634699000 [pid 5019] <... close resumed>) = 0 [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5016] close(3) = 0 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 6020 [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 6021 ./strace-static-x86_64: Process 6020 attached [pid 6020] set_robust_list(0x555557506760, 24) = 0 [pid 6020] chdir("./168") = 0 [pid 6020] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 6021 attached ) = 0 [pid 6020] setpgid(0, 0 [pid 6021] set_robust_list(0x555557506760, 24 [pid 6020] <... setpgid resumed>) = 0 [pid 6020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6020] write(3, "1000", 4) = 4 [pid 6020] close(3 [pid 6021] <... set_robust_list resumed>) = 0 [pid 6020] <... close resumed>) = 0 [pid 6017] <... mount resumed>) = 0 [pid 6021] chdir("./162" [pid 6020] symlink("/dev/binderfs", "./binderfs" [pid 6017] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 6021] <... chdir resumed>) = 0 [pid 6020] <... symlink resumed>) = 0 [pid 6017] <... openat resumed>) = 3 [pid 6021] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6020] memfd_create("syzkaller", 0 [pid 6017] chdir("\x2e\x02" [pid 6021] <... prctl resumed>) = 0 [pid 6020] <... memfd_create resumed>) = 3 [pid 6017] <... chdir resumed>) = 0 [ 184.957850][ T6018] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 184.984583][ T6017] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 184.998166][ T6018] UDF-fs: Scanning with blocksize 512 failed [pid 6016] munmap(0x7f362c399000, 138412032 [pid 6021] setpgid(0, 0 [pid 6020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6017] ioctl(4, LOOP_CLR_FD [pid 6016] <... munmap resumed>) = 0 [pid 6020] <... mmap resumed>) = 0x7f3634699000 [pid 6019] <... write resumed>) = 1048576 [pid 6020] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6019] munmap(0x7f3634699000, 1048576 [pid 6021] <... setpgid resumed>) = 0 [pid 6017] <... ioctl resumed>) = 0 [pid 6021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6019] <... munmap resumed>) = 0 [pid 6017] close(4 [pid 6016] close(6 [pid 6019] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6016] <... close resumed>) = 0 [pid 6019] <... openat resumed>) = 4 [pid 6016] exit_group(0 [pid 6021] <... openat resumed>) = 3 [pid 6019] ioctl(4, LOOP_SET_FD, 3 [pid 6017] <... close resumed>) = 0 [pid 6016] <... exit_group resumed>) = ? [pid 6021] write(3, "1000", 4 [pid 6017] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6016] +++ exited with 0 +++ [pid 6021] <... write resumed>) = 4 [pid 6017] <... open resumed>) = 4 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6016, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 6021] close(3 [pid 6017] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6021] <... close resumed>) = 0 [pid 6018] <... mount resumed>) = 0 [pid 6017] <... mount resumed>) = 0 [pid 6021] symlink("/dev/binderfs", "./binderfs" [pid 6020] <... write resumed>) = 1048576 [pid 6018] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 6017] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5018] umount2("./166", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6021] <... symlink resumed>) = 0 [pid 6018] <... openat resumed>) = 3 [pid 6017] <... open resumed>) = 5 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6021] memfd_create("syzkaller", 0 [pid 6018] chdir("\x2e\x02" [pid 6017] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6021] <... memfd_create resumed>) = 3 [pid 6018] <... chdir resumed>) = 0 [pid 6017] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5018] <... openat resumed>) = 3 [pid 6021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6018] ioctl(4, LOOP_CLR_FD [pid 6017] ftruncate(-1, 2 [pid 5018] newfstatat(3, "", [pid 6021] <... mmap resumed>) = 0x7f3634699000 [pid 6018] <... ioctl resumed>) = 0 [pid 6017] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5018] umount2("./166/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(AT_FDCWD, "./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6019] <... ioctl resumed>) = 0 [pid 6018] close(4 [pid 6017] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5018] unlink("./166/binderfs" [pid 6019] close(3 [pid 6018] <... close resumed>) = 0 [pid 6017] <... mmap resumed>) = 0x20000000 [pid 5018] <... unlink resumed>) = 0 [pid 6021] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6019] <... close resumed>) = 0 [pid 6018] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6017] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [ 185.015174][ T6018] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 185.031823][ T6019] loop3: detected capacity change from 0 to 2048 [pid 5018] umount2("\x2e\x2f\x31\x36\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6019] mkdir("\x2e\x02", 0777 [pid 6018] <... open resumed>) = 4 [pid 6017] <... open resumed>) = -1 EFAULT (Bad address) [pid 5018] <... umount2 resumed>) = 0 [pid 6019] <... mkdir resumed>) = 0 [pid 6018] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6017] memfd_create("syzkaller", 0 [pid 6020] munmap(0x7f3634699000, 1048576 [pid 6019] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 6018] <... mount resumed>) = 0 [pid 6017] <... memfd_create resumed>) = 6 [pid 5018] umount2("\x2e\x2f\x31\x36\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6020] <... munmap resumed>) = 0 [pid 6018] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6020] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6018] <... open resumed>) = 5 [pid 6017] <... mmap resumed>) = 0x7f362c399000 [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x36\x2f\x2e\x02", [pid 6020] <... openat resumed>) = 4 [pid 6018] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6020] ioctl(4, LOOP_SET_FD, 3 [pid 5018] umount2("\x2e\x2f\x31\x36\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6021] <... write resumed>) = 1048576 [pid 6018] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6021] munmap(0x7f3634699000, 1048576 [pid 6018] ftruncate(-1, 2 [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6021] <... munmap resumed>) = 0 [pid 6018] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5018] <... openat resumed>) = 4 [pid 6021] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6018] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5018] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5018] getdents64(4, [pid 6018] <... mmap resumed>) = 0x20000000 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 6021] <... openat resumed>) = 4 [pid 6018] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5018] close(4 [pid 6021] ioctl(4, LOOP_SET_FD, 3 [pid 6018] <... open resumed>) = -1 EFAULT (Bad address) [pid 5018] <... close resumed>) = 0 [ 185.084626][ T6019] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 185.107392][ T6019] UDF-fs: Scanning with blocksize 512 failed [ 185.117236][ T6020] loop5: detected capacity change from 0 to 2048 [pid 5018] rmdir("\x2e\x2f\x31\x36\x36\x2f\x2e\x02" [pid 6018] memfd_create("syzkaller", 0 [pid 5018] <... rmdir resumed>) = 0 [pid 5018] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] close(3) = 0 [pid 5018] rmdir("./166") = 0 [pid 5018] mkdir("./167", 0777 [pid 6018] <... memfd_create resumed>) = 6 [pid 5018] <... mkdir resumed>) = 0 [pid 6020] <... ioctl resumed>) = 0 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6020] close(3 [pid 5018] <... openat resumed>) = 3 [pid 6020] <... close resumed>) = 0 [pid 6018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] ioctl(3, LOOP_CLR_FD [pid 6020] mkdir("\x2e\x02", 0777 [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6020] <... mkdir resumed>) = 0 [pid 5018] close(3 [pid 6020] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5018] <... close resumed>) = 0 [pid 6021] <... ioctl resumed>) = 0 [pid 6018] <... mmap resumed>) = 0x7f362c399000 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6021] close(3) = 0 [pid 6017] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6021] mkdir("\x2e\x02", 0777 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 6022 [pid 6021] <... mkdir resumed>) = 0 [ 185.135759][ T6021] loop2: detected capacity change from 0 to 2048 [ 185.159107][ T6019] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6021] mount("/dev/loop2", "\x2e\x02", "udf", 0, ""./strace-static-x86_64: Process 6022 attached [pid 6022] set_robust_list(0x555557506760, 24) = 0 [pid 6022] chdir("./167") = 0 [pid 6022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6022] setpgid(0, 0) = 0 [pid 6022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6022] write(3, "1000", 4) = 4 [pid 6022] close(3) = 0 [pid 6022] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6022] memfd_create("syzkaller", 0) = 3 [pid 6022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 6022] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6019] <... mount resumed>) = 0 [pid 6019] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 6019] chdir("\x2e\x02") = 0 [ 185.180511][ T6020] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 185.194996][ T6021] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 185.216527][ T6020] UDF-fs: Scanning with blocksize 512 failed [pid 6019] ioctl(4, LOOP_CLR_FD) = 0 [pid 6019] close(4) = 0 [pid 6019] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6019] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 6019] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 6019] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 6019] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 6019] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 6019] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 6019] memfd_create("syzkaller", 0) = 6 [pid 6019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 6018] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6022] <... write resumed>) = 1048576 [pid 6022] munmap(0x7f3634699000, 1048576 [pid 6017] <... write resumed>) = 2097152 [pid 6022] <... munmap resumed>) = 0 [ 185.249241][ T6021] UDF-fs: Scanning with blocksize 512 failed [ 185.288157][ T6020] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6022] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6017] munmap(0x7f362c399000, 2097152 [pid 6022] ioctl(4, LOOP_SET_FD, 3 [pid 6017] <... munmap resumed>) = 0 [pid 6017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 7 [pid 6017] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 6017] ioctl(7, LOOP_CLR_FD) = 0 [pid 6021] <... mount resumed>) = 0 [pid 6021] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [ 185.320606][ T6021] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 185.336967][ T6022] loop4: detected capacity change from 0 to 2048 [pid 6017] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 6021] <... openat resumed>) = 3 [pid 6017] close(7 [pid 6021] chdir("\x2e\x02" [pid 6017] <... close resumed>) = 0 [pid 6022] <... ioctl resumed>) = 0 [pid 6021] <... chdir resumed>) = 0 [pid 6017] close(6 [pid 6022] close(3 [pid 6020] <... mount resumed>) = 0 [pid 6022] <... close resumed>) = 0 [pid 6020] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 6022] mkdir("\x2e\x02", 0777 [pid 6020] <... openat resumed>) = 3 [pid 6022] <... mkdir resumed>) = 0 [pid 6020] chdir("\x2e\x02" [pid 6022] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 6020] <... chdir resumed>) = 0 [pid 6020] ioctl(4, LOOP_CLR_FD [pid 6021] ioctl(4, LOOP_CLR_FD [pid 6020] <... ioctl resumed>) = 0 [pid 6021] <... ioctl resumed>) = 0 [pid 6020] close(4 [pid 6021] close(4 [pid 6020] <... close resumed>) = 0 [pid 6021] <... close resumed>) = 0 [pid 6020] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6021] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6020] <... open resumed>) = 4 [pid 6018] <... write resumed>) = 2097152 [pid 6021] <... open resumed>) = 4 [pid 6020] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6018] munmap(0x7f362c399000, 2097152 [pid 6021] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6020] <... mount resumed>) = 0 [pid 6018] <... munmap resumed>) = 0 [pid 6021] <... mount resumed>) = 0 [pid 6020] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6019] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6021] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6020] <... open resumed>) = 5 [pid 6017] <... close resumed>) = 0 [pid 6021] <... open resumed>) = 5 [pid 6020] openat(AT_FDCWD, NULL, O_RDWR [pid 6021] openat(AT_FDCWD, NULL, O_RDWR [pid 6020] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6017] exit_group(0 [pid 6021] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6020] ftruncate(-1, 2 [pid 6018] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6021] ftruncate(-1, 2 [pid 6020] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6018] <... openat resumed>) = 7 [pid 6017] <... exit_group resumed>) = ? [pid 6021] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6020] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 6018] ioctl(7, LOOP_SET_FD, 6 [pid 6021] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 6020] <... mmap resumed>) = 0x20000000 [pid 6018] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6017] +++ exited with 0 +++ [pid 6021] <... mmap resumed>) = 0x20000000 [pid 6020] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6018] ioctl(7, LOOP_CLR_FD [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6017, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 6021] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6020] <... open resumed>) = -1 EFAULT (Bad address) [pid 6018] <... ioctl resumed>) = 0 [pid 6021] <... open resumed>) = -1 EFAULT (Bad address) [pid 6020] memfd_create("syzkaller", 0) = 6 [pid 6021] memfd_create("syzkaller", 0 [ 185.403603][ T6022] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [pid 6020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6021] <... memfd_create resumed>) = 6 [pid 6020] <... mmap resumed>) = 0x7f362c399000 [pid 6018] ioctl(7, LOOP_SET_FD, 6 [pid 6021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6018] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6021] <... mmap resumed>) = 0x7f362c399000 [pid 6018] close(7) = 0 [pid 6018] close(6) = 0 [pid 5014] umount2("./159", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5014] openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5014] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] umount2("./159/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5014] newfstatat(AT_FDCWD, "./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] unlink("./159/binderfs") = 0 [pid 6018] exit_group(0 [ 185.454483][ T6022] UDF-fs: Scanning with blocksize 512 failed [pid 5014] umount2("\x2e\x2f\x31\x35\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6018] <... exit_group resumed>) = ? [pid 6018] +++ exited with 0 +++ [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6018, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=7 /* 0.07 s */} --- [pid 5015] umount2("./164", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6019] <... write resumed>) = 2097152 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... umount2 resumed>) = 0 [pid 6021] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2081160 [pid 6020] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2090960 [pid 5015] openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] umount2("\x2e\x2f\x31\x35\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... openat resumed>) = 3 [pid 5015] newfstatat(3, "", [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x35\x39\x2f\x2e\x02", [pid 5015] getdents64(3, [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6019] munmap(0x7f362c399000, 2097152 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] umount2("\x2e\x2f\x31\x35\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] umount2("./164/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6019] <... munmap resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] openat(AT_FDCWD, "\x2e\x2f\x31\x35\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] newfstatat(AT_FDCWD, "./164/binderfs", [pid 5014] <... openat resumed>) = 4 [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] newfstatat(4, "", [pid 5015] unlink("./164/binderfs" [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... unlink resumed>) = 0 [pid 5014] getdents64(4, [pid 5015] umount2("\x2e\x2f\x31\x36\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5014] getdents64(4, [pid 6019] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5014] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 6019] <... openat resumed>) = 7 [pid 5014] close(4 [pid 6019] ioctl(7, LOOP_SET_FD, 6 [pid 5014] <... close resumed>) = 0 [pid 6019] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6019] ioctl(7, LOOP_CLR_FD) = 0 [pid 6019] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [ 185.532204][ T6022] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5014] rmdir("\x2e\x2f\x31\x35\x39\x2f\x2e\x02" [pid 6019] close(7) = 0 [pid 5015] <... umount2 resumed>) = 0 [pid 5014] <... rmdir resumed>) = 0 [pid 6019] close(6 [pid 5015] umount2("\x2e\x2f\x31\x36\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] getdents64(3, [pid 6022] <... mount resumed>) = 0 [pid 6019] <... close resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6022] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x34\x2f\x2e\x02", [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 6022] <... openat resumed>) = 3 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] close(3 [pid 6022] chdir("\x2e\x02" [pid 5015] umount2("\x2e\x2f\x31\x36\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... close resumed>) = 0 [pid 6022] <... chdir resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] rmdir("./159" [pid 6022] ioctl(4, LOOP_CLR_FD [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6022] <... ioctl resumed>) = 0 [pid 5014] <... rmdir resumed>) = 0 [pid 6022] close(4 [pid 5015] <... openat resumed>) = 4 [pid 5014] mkdir("./160", 0777 [pid 6022] <... close resumed>) = 0 [pid 5015] newfstatat(4, "", [pid 6022] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5014] <... mkdir resumed>) = 0 [pid 6022] <... open resumed>) = 4 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6022] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5015] getdents64(4, [pid 6022] <... mount resumed>) = 0 [pid 5014] <... openat resumed>) = 3 [pid 6022] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5014] ioctl(3, LOOP_CLR_FD [pid 6022] <... open resumed>) = 5 [pid 5015] getdents64(4, [pid 6022] openat(AT_FDCWD, NULL, O_RDWR [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5014] <... ioctl resumed>) = 0 [pid 6022] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5015] close(4 [pid 5014] close(3 [pid 6022] ftruncate(-1, 2 [pid 6019] exit_group(0 [pid 5015] <... close resumed>) = 0 [pid 5014] <... close resumed>) = 0 [pid 6022] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6019] <... exit_group resumed>) = ? [pid 6022] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 6019] +++ exited with 0 +++ [pid 6022] <... mmap resumed>) = 0x20000000 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6019, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 6022] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 6022] memfd_create("syzkaller", 0 [pid 5015] rmdir("\x2e\x2f\x31\x36\x34\x2f\x2e\x02" [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6022] <... memfd_create resumed>) = 6 [pid 6022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5015] <... rmdir resumed>) = 0 [pid 6022] <... mmap resumed>) = 0x7f362c399000 [pid 5017] umount2("./163", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] getdents64(3, [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 6023 [pid 5017] <... openat resumed>) = 3 [pid 5015] close(3 [pid 6021] <... write resumed>) = 2081160 [pid 6020] <... write resumed>) = 2090960 [pid 5017] newfstatat(3, "", [pid 5015] <... close resumed>) = 0 ./strace-static-x86_64: Process 6023 attached [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6021] munmap(0x7f362c399000, 2081160 [pid 5015] rmdir("./164" [pid 6023] set_robust_list(0x555557506760, 24 [pid 5017] getdents64(3, [pid 6023] <... set_robust_list resumed>) = 0 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] <... rmdir resumed>) = 0 [pid 6023] chdir("./160" [pid 5017] umount2("./163/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] mkdir("./165", 0777 [pid 6023] <... chdir resumed>) = 0 [pid 6021] <... munmap resumed>) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6023] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6020] munmap(0x7f362c399000, 2090960 [pid 5017] newfstatat(AT_FDCWD, "./163/binderfs", [pid 5015] <... mkdir resumed>) = 0 [pid 6023] <... prctl resumed>) = 0 [pid 6020] <... munmap resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6021] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6023] setpgid(0, 0 [pid 5017] unlink("./163/binderfs" [pid 6023] <... setpgid resumed>) = 0 [pid 6021] <... openat resumed>) = 7 [pid 5017] <... unlink resumed>) = 0 [pid 5015] <... openat resumed>) = 3 [pid 6023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6021] ioctl(7, LOOP_SET_FD, 6 [pid 5017] umount2("\x2e\x2f\x31\x36\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] ioctl(3, LOOP_CLR_FD [pid 6023] <... openat resumed>) = 3 [pid 6021] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6023] write(3, "1000", 4 [pid 6021] ioctl(7, LOOP_CLR_FD [pid 5015] close(3 [pid 6023] <... write resumed>) = 4 [pid 6022] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6021] <... ioctl resumed>) = 0 [pid 5017] <... umount2 resumed>) = 0 [pid 5015] <... close resumed>) = 0 [pid 6023] close(3 [pid 6020] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6023] <... close resumed>) = 0 [pid 6023] symlink("/dev/binderfs", "./binderfs" [pid 6020] <... openat resumed>) = 7 [pid 6023] <... symlink resumed>) = 0 [pid 6020] ioctl(7, LOOP_SET_FD, 6 [pid 6023] memfd_create("syzkaller", 0 [pid 6020] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6023] <... memfd_create resumed>) = 3 [pid 6020] ioctl(7, LOOP_CLR_FD [pid 6023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6020] <... ioctl resumed>) = 0 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6023] <... mmap resumed>) = 0x7f3634699000 [pid 6023] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5017] umount2("\x2e\x2f\x31\x36\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6021] ioctl(7, LOOP_SET_FD, 6 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 6024 [pid 6021] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6020] ioctl(7, LOOP_SET_FD, 6 [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x33\x2f\x2e\x02", ./strace-static-x86_64: Process 6024 attached [pid 6023] <... write resumed>) = 1048576 [pid 6021] close(7 [pid 6020] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6024] set_robust_list(0x555557506760, 24 [pid 6021] <... close resumed>) = 0 [pid 6020] close(7 [pid 6024] <... set_robust_list resumed>) = 0 [pid 6021] close(6 [pid 6020] <... close resumed>) = 0 [pid 5017] umount2("\x2e\x2f\x31\x36\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6020] close(6 [pid 6024] chdir("./165" [pid 6021] <... close resumed>) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6024] <... chdir resumed>) = 0 [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x33\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6024] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5017] newfstatat(4, "", [pid 6024] <... prctl resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6024] setpgid(0, 0 [pid 5017] getdents64(4, [pid 6024] <... setpgid resumed>) = 0 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 6024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5017] getdents64(4, [pid 6024] <... openat resumed>) = 3 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 6024] write(3, "1000", 4 [pid 5017] close(4 [pid 6024] <... write resumed>) = 4 [pid 5017] <... close resumed>) = 0 [pid 6024] close(3 [pid 5017] rmdir("\x2e\x2f\x31\x36\x33\x2f\x2e\x02" [pid 6024] <... close resumed>) = 0 [pid 6024] symlink("/dev/binderfs", "./binderfs" [pid 6020] <... close resumed>) = 0 [pid 5017] <... rmdir resumed>) = 0 [pid 6024] <... symlink resumed>) = 0 [pid 5017] getdents64(3, [pid 6024] memfd_create("syzkaller", 0 [pid 6020] exit_group(0 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 6024] <... memfd_create resumed>) = 3 [pid 6020] <... exit_group resumed>) = ? [pid 5017] close(3 [pid 6024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6021] exit_group(0 [pid 6020] +++ exited with 0 +++ [pid 5017] <... close resumed>) = 0 [pid 6024] <... mmap resumed>) = 0x7f3634699000 [pid 6021] <... exit_group resumed>) = ? [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6020, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=3 /* 0.03 s */} --- [pid 5017] rmdir("./163" [pid 6021] +++ exited with 0 +++ [pid 6023] munmap(0x7f3634699000, 1048576 [pid 5017] <... rmdir resumed>) = 0 [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6021, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 5019] umount2("./168", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] mkdir("./164", 0777 [pid 6023] <... munmap resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6023] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5019] openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] <... mkdir resumed>) = 0 [pid 6024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6023] <... openat resumed>) = 4 [pid 5019] <... openat resumed>) = 3 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5016] umount2("./162", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6023] ioctl(4, LOOP_SET_FD, 3 [pid 5019] newfstatat(3, "", [pid 6023] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] <... openat resumed>) = 3 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6024] <... write resumed>) = 1048576 [pid 6023] ioctl(4, LOOP_CLR_FD [pid 5019] getdents64(3, [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5016] openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6023] <... ioctl resumed>) = 0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5019] umount2("./168/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] close(3 [pid 5016] <... openat resumed>) = 3 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... close resumed>) = 0 [pid 5016] newfstatat(3, "", [pid 5019] newfstatat(AT_FDCWD, "./168/binderfs", [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6023] ioctl(4, LOOP_SET_FD, 3 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6023] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] unlink("./168/binderfs" [pid 6023] close(4 [pid 5019] <... unlink resumed>) = 0 [pid 6023] <... close resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x36\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6023] close(3 [pid 6024] munmap(0x7f3634699000, 1048576 [pid 6023] <... close resumed>) = 0 [pid 5019] <... umount2 resumed>) = 0 [pid 5016] getdents64(3, [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 6025 [pid 5019] umount2("\x2e\x2f\x31\x36\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 ./strace-static-x86_64: Process 6025 attached [pid 6024] <... munmap resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] umount2("./162/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6025] set_robust_list(0x555557506760, 24 [pid 6024] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6023] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x38\x2f\x2e\x02", [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6025] <... set_robust_list resumed>) = 0 [pid 6024] <... openat resumed>) = 4 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] newfstatat(AT_FDCWD, "./162/binderfs", [pid 6025] chdir("./164" [pid 6024] ioctl(4, LOOP_SET_FD, 3 [pid 6023] <... open resumed>) = 3 [pid 5019] umount2("\x2e\x2f\x31\x36\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6025] <... chdir resumed>) = 0 [pid 6023] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6025] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6023] <... mount resumed>) = 0 [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] unlink("./162/binderfs" [pid 6024] <... ioctl resumed>) = 0 [pid 6025] <... prctl resumed>) = 0 [pid 6023] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5019] <... openat resumed>) = 4 [pid 6025] setpgid(0, 0 [pid 6024] close(3 [pid 6023] <... open resumed>) = 4 [pid 5019] newfstatat(4, "", [pid 5016] <... unlink resumed>) = 0 [pid 6025] <... setpgid resumed>) = 0 [pid 6024] <... close resumed>) = 0 [pid 6023] openat(AT_FDCWD, NULL, O_RDWR [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6023] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5019] getdents64(4, [pid 6025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6024] mkdir("\x2e\x02", 0777 [pid 6023] ftruncate(-1, 2 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5016] umount2("\x2e\x2f\x31\x36\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6025] <... openat resumed>) = 3 [pid 6024] <... mkdir resumed>) = 0 [pid 6023] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] getdents64(4, [pid 6025] write(3, "1000", 4 [pid 6024] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 6023] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 6025] <... write resumed>) = 4 [pid 6023] <... mmap resumed>) = 0x20000000 [pid 6022] <... write resumed>) = 2097152 [pid 5019] close(4 [pid 6025] close(3 [pid 6023] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6022] munmap(0x7f362c399000, 2097152 [pid 5019] <... close resumed>) = 0 [pid 6025] <... close resumed>) = 0 [pid 6023] <... open resumed>) = -1 EFAULT (Bad address) [pid 6022] <... munmap resumed>) = 0 [pid 5019] rmdir("\x2e\x2f\x31\x36\x38\x2f\x2e\x02" [pid 6023] memfd_create("syzkaller", 0 [pid 5019] <... rmdir resumed>) = 0 [pid 6023] <... memfd_create resumed>) = 5 [pid 5019] getdents64(3, [pid 6023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 6025] symlink("/dev/binderfs", "./binderfs" [pid 6023] <... mmap resumed>) = 0x7f362c399000 [pid 5019] close(3 [pid 6025] <... symlink resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5019] rmdir("./168") = 0 [pid 5019] mkdir("./169", 0777 [pid 6025] memfd_create("syzkaller", 0 [pid 5019] <... mkdir resumed>) = 0 [pid 6022] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6025] <... memfd_create resumed>) = 3 [pid 6022] <... openat resumed>) = 7 [pid 5019] <... openat resumed>) = 3 [pid 6025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6022] ioctl(7, LOOP_SET_FD, 6 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 6025] <... mmap resumed>) = 0x7f3634699000 [pid 6022] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6022] ioctl(7, LOOP_CLR_FD [pid 5019] close(3 [pid 6022] <... ioctl resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 6026 [pid 5016] <... umount2 resumed>) = 0 [pid 6022] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 6022] close(7) = 0 [pid 6022] close(6./strace-static-x86_64: Process 6026 attached [pid 6026] set_robust_list(0x555557506760, 24) = 0 [pid 6026] chdir("./169") = 0 [pid 6026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6026] setpgid(0, 0) = 0 [pid 6026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6026] write(3, "1000", 4) = 4 [pid 6026] close(3) = 0 [ 185.828838][ T6024] loop1: detected capacity change from 0 to 2048 [ 185.855747][ T6024] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [pid 6026] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6022] <... close resumed>) = 0 [pid 6026] memfd_create("syzkaller", 0 [pid 5016] umount2("\x2e\x2f\x31\x36\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6026] <... memfd_create resumed>) = 3 [pid 6026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6026] <... mmap resumed>) = 0x7f3634699000 [pid 6025] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x32\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] umount2("\x2e\x2f\x31\x36\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5016] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5016] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5016] close(4) = 0 [pid 5016] rmdir("\x2e\x2f\x31\x36\x32\x2f\x2e\x02" [pid 6022] exit_group(0 [pid 5016] <... rmdir resumed>) = 0 [pid 6026] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6022] <... exit_group resumed>) = ? [pid 5016] getdents64(3, [pid 6022] +++ exited with 0 +++ [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6022, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=7 /* 0.07 s */} --- [pid 5016] close(3) = 0 [pid 5016] rmdir("./162") = 0 [pid 6023] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5016] mkdir("./163", 0777 [pid 6025] <... write resumed>) = 1048576 [pid 5016] <... mkdir resumed>) = 0 [pid 6025] munmap(0x7f3634699000, 1048576 [pid 5018] umount2("./167", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6025] <... munmap resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... openat resumed>) = 3 [pid 6025] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5018] openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] ioctl(3, LOOP_CLR_FD [pid 6025] <... openat resumed>) = 4 [pid 5018] <... openat resumed>) = 3 [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [ 185.922091][ T6024] UDF-fs: Scanning with blocksize 512 failed [pid 6025] ioctl(4, LOOP_SET_FD, 3 [pid 5018] newfstatat(3, "", [pid 5016] close(3 [pid 6025] <... ioctl resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... close resumed>) = 0 [pid 6026] <... write resumed>) = 1048576 [pid 5018] getdents64(3, [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5018] umount2("./167/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 6027 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(AT_FDCWD, "./167/binderfs", [pid 6025] close(3 [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6025] <... close resumed>) = 0 [pid 5018] unlink("./167/binderfs" [pid 6025] mkdir("\x2e\x02", 0777 [pid 5018] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 6027 attached [pid 5018] umount2("\x2e\x2f\x31\x36\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6027] set_robust_list(0x555557506760, 24 [pid 6025] <... mkdir resumed>) = 0 [pid 6027] <... set_robust_list resumed>) = 0 [pid 6025] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 6027] chdir("./163") = 0 [pid 6027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6027] setpgid(0, 0) = 0 [pid 6027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6027] write(3, "1000", 4 [pid 6026] munmap(0x7f3634699000, 1048576 [pid 6027] <... write resumed>) = 4 [pid 6026] <... munmap resumed>) = 0 [pid 6027] close(3) = 0 [pid 6027] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6027] memfd_create("syzkaller", 0) = 3 [pid 6026] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6026] <... openat resumed>) = 4 [ 185.966725][ T6025] loop3: detected capacity change from 0 to 2048 [ 185.975691][ T6024] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 185.998704][ T6025] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [pid 6027] <... mmap resumed>) = 0x7f3634699000 [pid 6026] ioctl(4, LOOP_SET_FD, 3 [pid 6024] <... mount resumed>) = 0 [pid 6026] <... ioctl resumed>) = 0 [pid 6024] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 6024] chdir("\x2e\x02") = 0 [pid 6027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6026] close(3) = 0 [pid 6026] mkdir("\x2e\x02", 0777 [pid 6024] ioctl(4, LOOP_CLR_FD [pid 5018] <... umount2 resumed>) = 0 [pid 6024] <... ioctl resumed>) = 0 [pid 5018] umount2("\x2e\x2f\x31\x36\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6026] <... mkdir resumed>) = 0 [pid 6024] close(4 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6026] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 6024] <... close resumed>) = 0 [pid 6024] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x37\x2f\x2e\x02", [pid 6024] <... open resumed>) = 4 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6024] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5018] umount2("\x2e\x2f\x31\x36\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6024] <... mount resumed>) = 0 [pid 6023] <... write resumed>) = 2097152 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6027] <... write resumed>) = 1048576 [pid 6024] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6023] munmap(0x7f362c399000, 2097152 [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x37\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6024] <... open resumed>) = 5 [pid 6023] <... munmap resumed>) = 0 [ 186.014711][ T6026] loop5: detected capacity change from 0 to 2048 [ 186.016088][ T6025] UDF-fs: Scanning with blocksize 512 failed [pid 5018] <... openat resumed>) = 4 [pid 6024] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] newfstatat(4, "", [pid 6024] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6024] ftruncate(-1, 2 [pid 5018] getdents64(4, [pid 6024] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 6024] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5018] getdents64(4, [pid 6024] <... mmap resumed>) = 0x20000000 [pid 6023] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 6024] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6023] <... openat resumed>) = 6 [pid 5018] close(4 [pid 6024] <... open resumed>) = -1 EFAULT (Bad address) [pid 6023] ioctl(6, LOOP_SET_FD, 5 [pid 5018] <... close resumed>) = 0 [pid 6027] munmap(0x7f3634699000, 1048576 [pid 6023] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6027] <... munmap resumed>) = 0 [pid 6024] memfd_create("syzkaller", 0 [pid 6023] ioctl(6, LOOP_CLR_FD [pid 5018] rmdir("\x2e\x2f\x31\x36\x37\x2f\x2e\x02" [pid 6027] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6025] <... mount resumed>) = 0 [pid 6024] <... memfd_create resumed>) = 6 [pid 6023] <... ioctl resumed>) = 0 [pid 6027] <... openat resumed>) = 4 [pid 6027] ioctl(4, LOOP_SET_FD, 3 [pid 6025] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 6024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] <... rmdir resumed>) = 0 [pid 6025] <... openat resumed>) = 3 [pid 6024] <... mmap resumed>) = 0x7f362c399000 [pid 6023] ioctl(6, LOOP_SET_FD, 5 [pid 5018] getdents64(3, [pid 6025] chdir("\x2e\x02" [pid 6023] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6023] close(6) = 0 [pid 6023] close(5) = 0 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 6023] exit_group(0) = ? [pid 6023] +++ exited with 0 +++ [ 186.070940][ T6025] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 186.071136][ T6026] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 186.098126][ T6026] UDF-fs: Scanning with blocksize 512 failed [ 186.100396][ T6027] loop2: detected capacity change from 0 to 2048 [pid 6027] <... ioctl resumed>) = 0 [pid 6025] <... chdir resumed>) = 0 [pid 5018] close(3 [pid 6025] ioctl(4, LOOP_CLR_FD [pid 5018] <... close resumed>) = 0 [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6023, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=4 /* 0.04 s */} --- [pid 6025] <... ioctl resumed>) = 0 [pid 6025] close(4 [pid 5018] rmdir("./167" [pid 5014] restart_syscall(<... resuming interrupted clone ...> [pid 6025] <... close resumed>) = 0 [pid 6025] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5018] <... rmdir resumed>) = 0 [pid 5014] <... restart_syscall resumed>) = 0 [pid 5018] mkdir("./168", 0777 [pid 6027] close(3 [pid 6025] <... open resumed>) = 4 [pid 5018] <... mkdir resumed>) = 0 [pid 5014] umount2("./160", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6025] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6025] <... mount resumed>) = 0 [pid 5018] <... openat resumed>) = 3 [pid 5014] openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6027] <... close resumed>) = 0 [pid 6025] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5018] ioctl(3, LOOP_CLR_FD [pid 6027] mkdir("\x2e\x02", 0777 [pid 6025] <... open resumed>) = 5 [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5014] <... openat resumed>) = 3 [pid 6027] <... mkdir resumed>) = 0 [pid 6025] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] close(3 [pid 5014] newfstatat(3, "", [pid 6027] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 6025] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5018] <... close resumed>) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6025] ftruncate(-1, 2 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5014] getdents64(3, [pid 6025] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6025] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 6025] <... mmap resumed>) = 0x20000000 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 6028 [pid 5014] umount2("./160/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6025] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000./strace-static-x86_64: Process 6028 attached ) = -1 EFAULT (Bad address) [pid 6024] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5014] <... umount2 resumed>) = 0 [pid 6028] set_robust_list(0x555557506760, 24 [ 186.132161][ T6026] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 186.161206][ T6027] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [pid 6025] memfd_create("syzkaller", 0 [pid 6028] <... set_robust_list resumed>) = 0 [pid 6025] <... memfd_create resumed>) = 6 [pid 5014] umount2("./160/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6028] chdir("./168" [pid 6025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6028] <... chdir resumed>) = 0 [pid 6025] <... mmap resumed>) = 0x7f362c399000 [pid 6028] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5014] newfstatat(AT_FDCWD, "./160/bus", [pid 6028] <... prctl resumed>) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6028] setpgid(0, 0 [pid 6026] <... mount resumed>) = 0 [pid 5014] unlink("./160/bus" [pid 6028] <... setpgid resumed>) = 0 [pid 6026] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5014] <... unlink resumed>) = 0 [pid 6028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5014] umount2("./160/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6028] <... openat resumed>) = 3 [pid 6026] <... openat resumed>) = 3 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6028] write(3, "1000", 4 [pid 5014] newfstatat(AT_FDCWD, "./160/binderfs", [pid 6028] <... write resumed>) = 4 [pid 6026] chdir("\x2e\x02" [pid 6028] close(3 [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6028] <... close resumed>) = 0 [pid 6026] <... chdir resumed>) = 0 [pid 5014] unlink("./160/binderfs" [pid 6028] symlink("/dev/binderfs", "./binderfs" [pid 6026] ioctl(4, LOOP_CLR_FD) = 0 [pid 6028] <... symlink resumed>) = 0 [pid 5014] <... unlink resumed>) = 0 [pid 6028] memfd_create("syzkaller", 0 [pid 6026] close(4 [pid 5014] getdents64(3, [pid 6028] <... memfd_create resumed>) = 3 [pid 6026] <... close resumed>) = 0 [pid 6028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6026] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 6028] <... mmap resumed>) = 0x7f3634699000 [pid 6026] <... open resumed>) = 4 [pid 6025] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6024] <... write resumed>) = 2097152 [pid 5014] close(3 [pid 6026] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 6026] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 6026] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 6028] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6026] ftruncate(-1, 2 [pid 6024] munmap(0x7f362c399000, 2097152 [pid 6026] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5014] <... close resumed>) = 0 [pid 6026] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 6026] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6024] <... munmap resumed>) = 0 [pid 5014] rmdir("./160" [pid 6026] <... open resumed>) = -1 EFAULT (Bad address) [pid 6024] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6026] memfd_create("syzkaller", 0 [pid 6024] <... openat resumed>) = 7 [pid 5014] <... rmdir resumed>) = 0 [pid 6026] <... memfd_create resumed>) = 6 [ 186.184216][ T6027] UDF-fs: Scanning with blocksize 512 failed [ 186.205521][ T27] kauditd_printk_skb: 27 callbacks suppressed [ 186.205536][ T27] audit: type=1800 audit(1692541389.868:994): pid=6026 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop5" ino=851 res=0 errno=0 [pid 6026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 6024] ioctl(7, LOOP_SET_FD, 6 [pid 5014] mkdir("./161", 0777 [pid 6028] <... write resumed>) = 1048576 [pid 6024] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5014] <... mkdir resumed>) = 0 [pid 6028] munmap(0x7f3634699000, 1048576 [pid 6024] ioctl(7, LOOP_CLR_FD [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6024] <... ioctl resumed>) = 0 [pid 5014] <... openat resumed>) = 3 [pid 5014] ioctl(3, LOOP_CLR_FD [pid 6028] <... munmap resumed>) = 0 [pid 6028] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5014] <... ioctl resumed>) = 0 [pid 6028] <... openat resumed>) = 4 [pid 6024] ioctl(7, LOOP_SET_FD, 6 [pid 5014] close(3 [pid 6028] ioctl(4, LOOP_SET_FD, 3 [pid 6024] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6024] close(7 [pid 5014] <... close resumed>) = 0 [pid 6024] <... close resumed>) = 0 [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6028] <... ioctl resumed>) = 0 [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 6029 [pid 6028] close(3 [pid 6024] close(6 [pid 6028] <... close resumed>) = 0 [pid 6028] mkdir("\x2e\x02", 0777) = 0 [pid 6027] <... mount resumed>) = 0 [pid 6028] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 6027] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 6027] chdir("\x2e\x02") = 0 [pid 6027] ioctl(4, LOOP_CLR_FD) = 0 [pid 6027] close(4) = 0 [pid 6027] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000./strace-static-x86_64: Process 6029 attached [pid 6029] set_robust_list(0x555557506760, 24 [pid 6027] <... open resumed>) = 4 [pid 6029] <... set_robust_list resumed>) = 0 [pid 6027] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6025] <... write resumed>) = 2097152 [ 186.258416][ T6027] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 186.287905][ T6028] loop4: detected capacity change from 0 to 2048 [pid 6029] chdir("./161" [pid 6027] <... mount resumed>) = 0 [pid 6026] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6029] <... chdir resumed>) = 0 [pid 6027] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6029] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6025] munmap(0x7f362c399000, 2097152 [pid 6027] <... open resumed>) = 5 [pid 6029] <... prctl resumed>) = 0 [pid 6027] openat(AT_FDCWD, NULL, O_RDWR [pid 6029] setpgid(0, 0 [pid 6027] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6029] <... setpgid resumed>) = 0 [pid 6027] ftruncate(-1, 2 [pid 6029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6027] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6025] <... munmap resumed>) = 0 [pid 6029] <... openat resumed>) = 3 [pid 6027] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 6029] write(3, "1000", 4 [pid 6025] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6029] <... write resumed>) = 4 [pid 6027] <... mmap resumed>) = 0x20000000 [pid 6025] <... openat resumed>) = 7 [pid 6024] <... close resumed>) = 0 [ 186.320669][ T6028] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 186.345936][ T6028] UDF-fs: Scanning with blocksize 512 failed [pid 6029] close(3 [pid 6027] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6025] ioctl(7, LOOP_SET_FD, 6 [pid 6024] exit_group(0 [pid 6029] <... close resumed>) = 0 [pid 6027] <... open resumed>) = -1 EFAULT (Bad address) [pid 6025] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6024] <... exit_group resumed>) = ? [pid 6029] symlink("/dev/binderfs", "./binderfs" [pid 6027] memfd_create("syzkaller", 0 [pid 6025] ioctl(7, LOOP_CLR_FD [pid 6024] +++ exited with 0 +++ [pid 6029] <... symlink resumed>) = 0 [pid 6027] <... memfd_create resumed>) = 6 [pid 6025] <... ioctl resumed>) = 0 [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6024, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 6029] memfd_create("syzkaller", 0 [pid 6027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5015] restart_syscall(<... resuming interrupted clone ...> [pid 6029] <... memfd_create resumed>) = 3 [pid 6027] <... mmap resumed>) = 0x7f362c399000 [pid 5015] <... restart_syscall resumed>) = 0 [pid 6029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5015] umount2("./165", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6025] ioctl(7, LOOP_SET_FD, 6 [pid 6029] <... mmap resumed>) = 0x7f3634699000 [pid 5015] newfstatat(3, "", [pid 6025] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] getdents64(3, [pid 6025] close(7 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 6029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6025] <... close resumed>) = 0 [pid 5015] umount2("./165/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6025] close(6 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(AT_FDCWD, "./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] unlink("./165/binderfs") = 0 [pid 5015] umount2("\x2e\x2f\x31\x36\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6026] <... write resumed>) = 2097152 [ 186.347718][ T27] audit: type=1800 audit(1692541389.968:995): pid=6027 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop2" ino=851 res=0 errno=0 [pid 6026] munmap(0x7f362c399000, 2097152 [pid 5015] <... umount2 resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x36\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x35\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] umount2("\x2e\x2f\x31\x36\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x35\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6029] <... write resumed>) = 1048576 [pid 6025] <... close resumed>) = 0 [pid 5015] <... openat resumed>) = 4 [pid 6025] exit_group(0 [pid 5015] newfstatat(4, "", [pid 6026] <... munmap resumed>) = 0 [pid 6025] <... exit_group resumed>) = ? [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6026] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5015] getdents64(4, [pid 6029] munmap(0x7f3634699000, 1048576 [pid 6026] <... openat resumed>) = 7 [pid 6025] +++ exited with 0 +++ [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 6029] <... munmap resumed>) = 0 [pid 6026] ioctl(7, LOOP_SET_FD, 6 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6025, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- [pid 5015] getdents64(4, [pid 6029] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6026] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 6029] <... openat resumed>) = 4 [pid 6026] ioctl(7, LOOP_CLR_FD [pid 5015] close(4 [pid 6029] ioctl(4, LOOP_SET_FD, 3 [pid 6026] <... ioctl resumed>) = 0 [pid 5015] <... close resumed>) = 0 [pid 6029] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5015] rmdir("\x2e\x2f\x31\x36\x35\x2f\x2e\x02" [pid 6029] ioctl(4, LOOP_CLR_FD [pid 5015] <... rmdir resumed>) = 0 [pid 6029] <... ioctl resumed>) = 0 [pid 6027] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6026] ioctl(7, LOOP_SET_FD, 6 [pid 5017] umount2("./164", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] getdents64(3, [pid 6026] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 6026] close(7 [pid 5017] openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] close(3 [pid 6026] <... close resumed>) = 0 [pid 6029] ioctl(4, LOOP_SET_FD, 3 [pid 6026] close(6 [pid 5017] <... openat resumed>) = 3 [pid 5015] <... close resumed>) = 0 [pid 6029] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5017] newfstatat(3, "", [pid 5015] rmdir("./165" [pid 6029] close(4 [pid 6026] <... close resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6026] exit_group(0) = ? [pid 5015] <... rmdir resumed>) = 0 [pid 6029] <... close resumed>) = 0 [pid 5017] getdents64(3, [pid 5015] mkdir("./166", 0777 [pid 6029] close(3 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] <... mkdir resumed>) = 0 [pid 6026] +++ exited with 0 +++ [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6026, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5019] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6029] <... close resumed>) = 0 [pid 5019] umount2("./169", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6029] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] umount2("./164/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6029] <... open resumed>) = 3 [pid 6028] <... mount resumed>) = 0 [pid 6027] <... write resumed>) = 2097152 [pid 5019] openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... openat resumed>) = 3 [pid 6029] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6028] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 6027] munmap(0x7f362c399000, 2097152 [pid 5019] <... openat resumed>) = 3 [pid 5017] newfstatat(AT_FDCWD, "./164/binderfs", [pid 5015] ioctl(3, LOOP_CLR_FD [pid 6029] <... mount resumed>) = 0 [pid 6028] <... openat resumed>) = 3 [pid 5019] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 6029] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6028] chdir("\x2e\x02" [pid 6027] <... munmap resumed>) = 0 [pid 5019] umount2("./169/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6029] <... open resumed>) = 4 [pid 6028] <... chdir resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] newfstatat(AT_FDCWD, "./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] unlink("./169/binderfs") = 0 [pid 5019] umount2("\x2e\x2f\x31\x36\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6029] openat(AT_FDCWD, NULL, O_RDWR [pid 6028] ioctl(4, LOOP_CLR_FD [pid 6027] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5017] unlink("./164/binderfs" [pid 5015] close(3 [pid 6029] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6028] <... ioctl resumed>) = 0 [pid 6027] <... openat resumed>) = 7 [pid 5019] <... umount2 resumed>) = 0 [pid 5017] <... unlink resumed>) = 0 [pid 5015] <... close resumed>) = 0 [pid 6029] ftruncate(-1, 2 [pid 6028] close(4 [pid 6027] ioctl(7, LOOP_SET_FD, 6 [pid 5017] umount2("\x2e\x2f\x31\x36\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6029] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6028] <... close resumed>) = 0 [pid 6027] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] umount2("\x2e\x2f\x31\x36\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [ 186.472881][ T6028] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 186.492511][ T27] audit: type=1800 audit(1692541390.148:996): pid=6029 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="sda1" ino=1939 res=0 errno=0 [pid 6029] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 6028] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6027] ioctl(7, LOOP_CLR_FD [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x39\x2f\x2e\x02", [pid 5017] <... umount2 resumed>) = 0 [pid 6029] <... mmap resumed>) = 0x20000000 [pid 6028] <... open resumed>) = 4 [pid 6027] <... ioctl resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] umount2("\x2e\x2f\x31\x36\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 6030 [pid 6029] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6028] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] umount2("\x2e\x2f\x31\x36\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6029] <... open resumed>) = -1 EFAULT (Bad address) [pid 6028] <... mount resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x34\x2f\x2e\x02", [pid 6029] memfd_create("syzkaller", 0 [pid 6028] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6027] ioctl(7, LOOP_SET_FD, 6 [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 6030 attached [pid 6029] <... memfd_create resumed>) = 5 [pid 6028] <... open resumed>) = 5 [pid 6027] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] <... openat resumed>) = 4 [pid 5017] umount2("\x2e\x2f\x31\x36\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6030] set_robust_list(0x555557506760, 24 [pid 6029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6028] openat(AT_FDCWD, NULL, O_RDWR [pid 6027] close(7 [pid 5019] newfstatat(4, "", [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6030] <... set_robust_list resumed>) = 0 [pid 6029] <... mmap resumed>) = 0x7f362c399000 [pid 6028] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6027] <... close resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6028] ftruncate(-1, 2 [pid 5019] getdents64(4, [pid 6028] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 6028] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] getdents64(4, [pid 6028] <... mmap resumed>) = 0x20000000 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 6028] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] close(4 [pid 6030] chdir("./166" [pid 6028] <... open resumed>) = -1 EFAULT (Bad address) [pid 6027] close(6 [pid 5019] <... close resumed>) = 0 [pid 5017] <... openat resumed>) = 4 [pid 6030] <... chdir resumed>) = 0 [pid 6028] memfd_create("syzkaller", 0 [pid 5019] rmdir("\x2e\x2f\x31\x36\x39\x2f\x2e\x02" [pid 6028] <... memfd_create resumed>) = 6 [pid 5019] <... rmdir resumed>) = 0 [pid 6028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] getdents64(3, [pid 6028] <... mmap resumed>) = 0x7f362c399000 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 6030] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5019] close(3 [pid 5017] newfstatat(4, "", [pid 6030] <... prctl resumed>) = 0 [pid 6027] <... close resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6030] setpgid(0, 0 [pid 5019] rmdir("./169" [pid 5017] getdents64(4, [pid 6030] <... setpgid resumed>) = 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 6030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5019] mkdir("./170", 0777 [pid 5017] getdents64(4, [pid 6030] <... openat resumed>) = 3 [pid 6027] exit_group(0 [pid 5019] <... mkdir resumed>) = 0 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 6030] write(3, "1000", 4 [pid 6027] <... exit_group resumed>) = ? [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5017] close(4 [pid 6030] <... write resumed>) = 4 [pid 5019] <... openat resumed>) = 3 [pid 5017] <... close resumed>) = 0 [pid 6030] close(3 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5017] rmdir("\x2e\x2f\x31\x36\x34\x2f\x2e\x02" [pid 6030] <... close resumed>) = 0 [pid 6027] +++ exited with 0 +++ [pid 6029] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5017] <... rmdir resumed>) = 0 [pid 6030] symlink("/dev/binderfs", "./binderfs" [pid 5019] close(3 [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6027, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=11 /* 0.11 s */} --- [pid 5019] <... close resumed>) = 0 [pid 5016] restart_syscall(<... resuming interrupted clone ...> [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5016] <... restart_syscall resumed>) = 0 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 6031 [pid 5017] getdents64(3, [pid 5016] umount2("./163", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6030] <... symlink resumed>) = 0 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6030] memfd_create("syzkaller", 0 [pid 5017] close(3 [pid 5016] openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6030] <... memfd_create resumed>) = 3 [pid 5017] <... close resumed>) = 0 [pid 5016] <... openat resumed>) = 3 [pid 6030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] rmdir("./164" [pid 5016] newfstatat(3, "", [pid 6030] <... mmap resumed>) = 0x7f3634699000 [pid 5017] <... rmdir resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] umount2("./163/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(AT_FDCWD, "./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] unlink("./163/binderfs") = 0 [pid 5016] umount2("\x2e\x2f\x31\x36\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5017] mkdir("./165", 0777) = 0 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6028] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5016] <... umount2 resumed>) = 0 [pid 5017] <... openat resumed>) = 3 [pid 5017] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5017] close(3./strace-static-x86_64: Process 6031 attached [ 186.618151][ T27] audit: type=1800 audit(1692541390.218:997): pid=6028 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop4" ino=851 res=0 errno=0 [pid 6029] <... write resumed>) = 2097152 [pid 5017] <... close resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x36\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6031] set_robust_list(0x555557506760, 24 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6031] <... set_robust_list resumed>) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 6032 [pid 6031] chdir("./170" [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x33\x2f\x2e\x02", [pid 6031] <... chdir resumed>) = 0 [pid 6031] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6031] <... prctl resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x36\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6031] setpgid(0, 0) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x33\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5016] newfstatat(4, "", [pid 6031] <... openat resumed>) = 3 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6031] write(3, "1000", 4 [pid 5016] getdents64(4, [pid 6031] <... write resumed>) = 4 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 6031] close(3 [pid 5016] getdents64(4, [pid 6031] <... close resumed>) = 0 [pid 6031] symlink("/dev/binderfs", "./binderfs" [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5016] close(4 [pid 6031] <... symlink resumed>) = 0 [pid 5016] <... close resumed>) = 0 [pid 6031] memfd_create("syzkaller", 0 [pid 5016] rmdir("\x2e\x2f\x31\x36\x33\x2f\x2e\x02" [pid 6031] <... memfd_create resumed>) = 3 [pid 6031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5016] <... rmdir resumed>) = 0 [pid 6031] <... mmap resumed>) = 0x7f3634699000 [pid 5016] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] close(3) = 0 [pid 5016] rmdir("./163" [pid 6031] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6028] <... write resumed>) = 2097152 [pid 5016] <... rmdir resumed>) = 0 [pid 5016] mkdir("./164", 0777./strace-static-x86_64: Process 6032 attached [pid 6032] set_robust_list(0x555557506760, 24 [pid 5016] <... mkdir resumed>) = 0 [pid 6032] <... set_robust_list resumed>) = 0 [pid 6030] <... write resumed>) = 1048576 [pid 6029] munmap(0x7f362c399000, 2097152 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6032] chdir("./165" [pid 6030] munmap(0x7f3634699000, 1048576 [pid 6032] <... chdir resumed>) = 0 [pid 5016] <... openat resumed>) = 3 [pid 6032] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6030] <... munmap resumed>) = 0 [pid 5016] ioctl(3, LOOP_CLR_FD [pid 6032] <... prctl resumed>) = 0 [pid 6030] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6032] setpgid(0, 0 [pid 6030] <... openat resumed>) = 4 [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6032] <... setpgid resumed>) = 0 [pid 6030] ioctl(4, LOOP_SET_FD, 3 [pid 6029] <... munmap resumed>) = 0 [pid 5016] close(3 [pid 6032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6028] munmap(0x7f362c399000, 2097152 [pid 6032] <... openat resumed>) = 3 [pid 6028] <... munmap resumed>) = 0 [pid 6032] write(3, "1000", 4) = 4 [pid 6032] close(3) = 0 [pid 6032] symlink("/dev/binderfs", "./binderfs" [pid 5016] <... close resumed>) = 0 [pid 6032] <... symlink resumed>) = 0 [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6029] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6032] memfd_create("syzkaller", 0) = 3 [pid 6032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 6029] <... openat resumed>) = 6 [pid 6029] ioctl(6, LOOP_SET_FD, 5 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 6033 ./strace-static-x86_64: Process 6033 attached [pid 6029] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6033] set_robust_list(0x555557506760, 24 [pid 6029] ioctl(6, LOOP_CLR_FD [pid 6028] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6033] <... set_robust_list resumed>) = 0 [pid 6029] <... ioctl resumed>) = 0 [pid 6028] <... openat resumed>) = 7 [pid 6033] chdir("./164" [pid 6030] <... ioctl resumed>) = 0 [pid 6028] ioctl(7, LOOP_SET_FD, 6 [pid 6033] <... chdir resumed>) = 0 [pid 6030] close(3 [pid 6028] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6033] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6032] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6030] <... close resumed>) = 0 [pid 6028] ioctl(7, LOOP_CLR_FD [pid 6031] <... write resumed>) = 1048576 [pid 6033] <... prctl resumed>) = 0 [pid 6031] munmap(0x7f3634699000, 1048576 [pid 6030] mkdir("\x2e\x02", 0777 [pid 6029] ioctl(6, LOOP_SET_FD, 5 [pid 6028] <... ioctl resumed>) = 0 [pid 6033] setpgid(0, 0 [pid 6031] <... munmap resumed>) = 0 [pid 6033] <... setpgid resumed>) = 0 [pid 6031] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6030] <... mkdir resumed>) = 0 [pid 6029] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6028] ioctl(7, LOOP_SET_FD, 6 [pid 6033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6031] <... openat resumed>) = 4 [pid 6030] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 6029] close(6 [pid 6028] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6028] close(7 [pid 6033] <... openat resumed>) = 3 [pid 6031] ioctl(4, LOOP_SET_FD, 3 [pid 6028] <... close resumed>) = 0 [ 186.719070][ T6030] loop1: detected capacity change from 0 to 2048 [pid 6033] write(3, "1000", 4 [pid 6029] <... close resumed>) = 0 [pid 6028] close(6 [pid 6033] <... write resumed>) = 4 [pid 6032] <... write resumed>) = 1048576 [pid 6029] close(5 [pid 6033] close(3 [pid 6028] <... close resumed>) = 0 [pid 6028] exit_group(0 [pid 6033] <... close resumed>) = 0 [pid 6028] <... exit_group resumed>) = ? [pid 6033] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6031] <... ioctl resumed>) = 0 [pid 6033] memfd_create("syzkaller", 0 [pid 6031] close(3 [pid 6033] <... memfd_create resumed>) = 3 [pid 6031] <... close resumed>) = 0 [pid 6029] <... close resumed>) = 0 [pid 6028] +++ exited with 0 +++ [pid 6033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6031] mkdir("\x2e\x02", 0777 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6028, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 6032] munmap(0x7f3634699000, 1048576 [pid 6029] exit_group(0 [pid 6032] <... munmap resumed>) = 0 [pid 5018] umount2("./168", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 186.770734][ T6031] loop5: detected capacity change from 0 to 2048 [ 186.789982][ T6030] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [pid 5018] openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6032] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5018] <... openat resumed>) = 3 [pid 6033] <... mmap resumed>) = 0x7f3634699000 [pid 6032] <... openat resumed>) = 4 [pid 5018] newfstatat(3, "", [pid 6033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6032] ioctl(4, LOOP_SET_FD, 3 [pid 6031] <... mkdir resumed>) = 0 [pid 6029] <... exit_group resumed>) = ? [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6031] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5018] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5018] umount2("./168/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(AT_FDCWD, "./168/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] unlink("./168/binderfs") = 0 [pid 5018] umount2("\x2e\x2f\x31\x36\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6032] <... ioctl resumed>) = 0 [pid 6032] close(3) = 0 [pid 6032] mkdir("\x2e\x02", 0777) = 0 [pid 6032] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 6033] <... write resumed>) = 1048576 [pid 6033] munmap(0x7f3634699000, 1048576) = 0 [pid 6033] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 186.816767][ T6030] UDF-fs: Scanning with blocksize 512 failed [ 186.832019][ T6032] loop3: detected capacity change from 0 to 2048 [ 186.843536][ T6031] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 186.863482][ T6031] UDF-fs: Scanning with blocksize 512 failed [pid 6033] ioctl(4, LOOP_SET_FD, 3 [pid 6029] +++ exited with 0 +++ [pid 5018] <... umount2 resumed>) = 0 [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6029, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=3 /* 0.03 s */} --- [pid 5018] umount2("\x2e\x2f\x31\x36\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] umount2("./161", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5014] openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5014] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] umount2("./161/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6033] <... ioctl resumed>) = 0 [pid 6033] close(3) = 0 [pid 6033] mkdir("\x2e\x02", 0777) = 0 [pid 6033] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x38\x2f\x2e\x02", [pid 5014] <... umount2 resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] umount2("./161/bus", MNT_DETACH|UMOUNT_NOFOLLOW [ 186.881694][ T6033] loop2: detected capacity change from 0 to 2048 [ 186.884234][ T6032] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 186.897165][ T6031] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 186.907281][ T6030] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5018] umount2("\x2e\x2f\x31\x36\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6031] <... mount resumed>) = 0 [pid 6030] <... mount resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] newfstatat(AT_FDCWD, "./161/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] unlink("./161/bus") = 0 [pid 5014] umount2("./161/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5014] newfstatat(AT_FDCWD, "./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] unlink("./161/binderfs") = 0 [pid 5014] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] close(3) = 0 [pid 5014] rmdir("./161") = 0 [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6031] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 6030] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5014] mkdir("./162", 0777 [pid 6031] <... openat resumed>) = 3 [pid 6030] <... openat resumed>) = 3 [pid 5018] <... openat resumed>) = 4 [pid 5014] <... mkdir resumed>) = 0 [pid 6031] chdir("\x2e\x02" [pid 6030] chdir("\x2e\x02" [pid 5018] newfstatat(4, "", [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5014] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5014] close(3) = 0 [pid 6031] <... chdir resumed>) = 0 [pid 6030] <... chdir resumed>) = 0 [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6031] ioctl(4, LOOP_CLR_FD [pid 6030] ioctl(4, LOOP_CLR_FD [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 6034 [pid 6031] <... ioctl resumed>) = 0 [pid 6030] <... ioctl resumed>) = 0 [pid 5018] getdents64(4, [pid 6031] close(4 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 6031] <... close resumed>) = 0 [pid 6030] close(4./strace-static-x86_64: Process 6034 attached [pid 6034] set_robust_list(0x555557506760, 24) = 0 [pid 6034] chdir("./162") = 0 [pid 6034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6034] setpgid(0, 0) = 0 [pid 6034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 186.951426][ T6032] UDF-fs: Scanning with blocksize 512 failed [ 186.960380][ T6033] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 186.990007][ T6032] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6034] write(3, "1000", 4 [pid 6031] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6030] <... close resumed>) = 0 [pid 5018] getdents64(4, [pid 6034] <... write resumed>) = 4 [pid 6034] close(3 [pid 6030] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 6034] <... close resumed>) = 0 [pid 6031] <... open resumed>) = 4 [pid 6034] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6034] memfd_create("syzkaller", 0) = 3 [pid 6034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 6034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5018] close(4) = 0 [pid 6030] <... open resumed>) = 4 [ 187.000929][ T6033] UDF-fs: Scanning with blocksize 512 failed [ 187.010007][ T27] audit: type=1800 audit(1692541390.668:998): pid=6031 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop5" ino=851 res=0 errno=0 [pid 5018] rmdir("\x2e\x2f\x31\x36\x38\x2f\x2e\x02" [pid 6032] <... mount resumed>) = 0 [pid 6031] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6030] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5018] <... rmdir resumed>) = 0 [pid 6032] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 6031] <... mount resumed>) = 0 [pid 6030] <... mount resumed>) = 0 [pid 6034] <... write resumed>) = 1048576 [pid 6032] <... openat resumed>) = 3 [pid 6031] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6030] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5018] getdents64(3, [pid 6034] munmap(0x7f3634699000, 1048576 [pid 6032] chdir("\x2e\x02" [pid 6031] <... open resumed>) = 5 [pid 6030] <... open resumed>) = 5 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 6034] <... munmap resumed>) = 0 [pid 6032] <... chdir resumed>) = 0 [pid 6031] openat(AT_FDCWD, NULL, O_RDWR [pid 6030] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] close(3 [pid 6034] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6032] ioctl(4, LOOP_CLR_FD [pid 6031] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6030] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5018] <... close resumed>) = 0 [pid 6034] <... openat resumed>) = 4 [pid 6032] <... ioctl resumed>) = 0 [pid 6031] ftruncate(-1, 2 [pid 6030] ftruncate(-1, 2 [pid 5018] rmdir("./168" [pid 6034] ioctl(4, LOOP_SET_FD, 3 [pid 6032] close(4 [pid 6031] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6030] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5018] <... rmdir resumed>) = 0 [pid 6032] <... close resumed>) = 0 [pid 6031] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 6030] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [ 187.042381][ T27] audit: type=1800 audit(1692541390.698:999): pid=6030 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop1" ino=851 res=0 errno=0 [ 187.066688][ T6033] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 187.091368][ T6034] loop0: detected capacity change from 0 to 2048 [pid 5018] mkdir("./169", 0777 [pid 6034] <... ioctl resumed>) = 0 [pid 6032] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6031] <... mmap resumed>) = 0x20000000 [pid 6030] <... mmap resumed>) = 0x20000000 [pid 5018] <... mkdir resumed>) = 0 [pid 6033] <... mount resumed>) = 0 [pid 6032] <... open resumed>) = 4 [pid 6033] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 6033] chdir("\x2e\x02") = 0 [pid 6033] ioctl(4, LOOP_CLR_FD) = 0 [pid 6033] close(4) = 0 [pid 6033] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6033] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6032] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6031] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6030] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6034] close(3 [pid 6033] <... mount resumed>) = 0 [pid 6032] <... mount resumed>) = 0 [pid 6031] <... open resumed>) = -1 EFAULT (Bad address) [pid 6030] <... open resumed>) = -1 EFAULT (Bad address) [pid 5018] <... openat resumed>) = 3 [pid 6034] <... close resumed>) = 0 [ 187.105287][ T27] audit: type=1800 audit(1692541390.768:1000): pid=6032 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop3" ino=851 res=0 errno=0 [pid 6033] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6032] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6031] memfd_create("syzkaller", 0 [pid 5018] ioctl(3, LOOP_CLR_FD [pid 6034] mkdir("\x2e\x02", 0777 [pid 6031] <... memfd_create resumed>) = 6 [pid 6030] memfd_create("syzkaller", 0 [pid 6034] <... mkdir resumed>) = 0 [pid 6031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6030] <... memfd_create resumed>) = 6 [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6031] <... mmap resumed>) = 0x7f362c399000 [pid 6034] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [pid 6030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] close(3 [pid 6030] <... mmap resumed>) = 0x7f362c399000 [pid 5018] <... close resumed>) = 0 [ 187.137103][ T27] audit: type=1800 audit(1692541390.798:1001): pid=6033 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop2" ino=851 res=0 errno=0 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6032] <... open resumed>) = 5 [pid 6032] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 6035 [pid 6032] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 6032] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 6032] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6033] <... open resumed>) = 5 [pid 6032] <... open resumed>) = -1 EFAULT (Bad address) [pid 6033] openat(AT_FDCWD, NULL, O_RDWR./strace-static-x86_64: Process 6035 attached [pid 6035] set_robust_list(0x555557506760, 24) = 0 [pid 6035] chdir("./169") = 0 [pid 6035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6035] setpgid(0, 0) = 0 [pid 6035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6033] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6032] memfd_create("syzkaller", 0 [pid 6035] <... openat resumed>) = 3 [pid 6033] ftruncate(-1, 2 [pid 6032] <... memfd_create resumed>) = 6 [pid 6035] write(3, "1000", 4 [pid 6033] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6031] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6035] <... write resumed>) = 4 [pid 6035] close(3) = 0 [pid 6035] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6035] memfd_create("syzkaller", 0 [pid 6033] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 6035] <... memfd_create resumed>) = 3 [pid 6032] <... mmap resumed>) = 0x7f362c399000 [pid 6035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 6033] <... mmap resumed>) = 0x20000000 [pid 6033] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 6033] memfd_create("syzkaller", 0) = 6 [pid 6033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [ 187.188169][ T6034] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 187.219726][ T6034] UDF-fs: Scanning with blocksize 512 failed [pid 6035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6030] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6035] <... write resumed>) = 1048576 [pid 6032] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6035] munmap(0x7f3634699000, 1048576) = 0 [pid 6031] <... write resumed>) = 2097152 [pid 6035] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6035] ioctl(4, LOOP_SET_FD, 3 [pid 6033] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6031] munmap(0x7f362c399000, 2097152) = 0 [pid 6035] <... ioctl resumed>) = 0 [pid 6031] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6035] close(3 [pid 6031] <... openat resumed>) = 7 [pid 6035] <... close resumed>) = 0 [pid 6031] ioctl(7, LOOP_SET_FD, 6 [pid 6035] mkdir("\x2e\x02", 0777 [pid 6031] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6035] <... mkdir resumed>) = 0 [pid 6031] ioctl(7, LOOP_CLR_FD [pid 6030] <... write resumed>) = 2097152 [pid 6035] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 6031] <... ioctl resumed>) = 0 [pid 6031] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 6031] close(7) = 0 [pid 6031] close(6 [ 187.301780][ T6035] loop4: detected capacity change from 0 to 2048 [pid 6030] munmap(0x7f362c399000, 2097152 [pid 6032] <... write resumed>) = 2097152 [pid 6030] <... munmap resumed>) = 0 [pid 6032] munmap(0x7f362c399000, 2097152 [pid 6030] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 7 [pid 6030] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 6030] ioctl(7, LOOP_CLR_FD [pid 6032] <... munmap resumed>) = 0 [pid 6030] <... ioctl resumed>) = 0 [pid 6031] <... close resumed>) = 0 [pid 6031] exit_group(0) = ? [pid 6030] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 6030] close(7) = 0 [pid 6030] close(6 [pid 6031] +++ exited with 0 +++ [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6031, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [ 187.345719][ T6035] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 187.378172][ T6034] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [pid 6033] <... write resumed>) = 2097152 [pid 6032] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6033] munmap(0x7f362c399000, 2097152 [pid 6032] <... openat resumed>) = 7 [pid 6030] <... close resumed>) = 0 [pid 6032] ioctl(7, LOOP_SET_FD, 6 [pid 5019] umount2("./170", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6032] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6032] ioctl(7, LOOP_CLR_FD [pid 5019] openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6032] <... ioctl resumed>) = 0 [pid 5019] <... openat resumed>) = 3 [pid 5019] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] getdents64(3, [pid 6032] ioctl(7, LOOP_SET_FD, 6 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 6032] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] umount2("./170/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6032] close(7 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6032] <... close resumed>) = 0 [pid 6030] exit_group(0 [pid 5019] newfstatat(AT_FDCWD, "./170/binderfs", [pid 6032] close(6 [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6030] <... exit_group resumed>) = ? [pid 6030] +++ exited with 0 +++ [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6030, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 5015] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5015] umount2("./166", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5015] openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5015] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5019] unlink("./170/binderfs" [pid 5015] umount2("./166/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... unlink resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(AT_FDCWD, "./166/binderfs", [pid 5019] umount2("\x2e\x2f\x31\x37\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] unlink("./166/binderfs") = 0 [ 187.390910][ T6035] UDF-fs: Scanning with blocksize 512 failed [pid 5015] umount2("\x2e\x2f\x31\x36\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6033] <... munmap resumed>) = 0 [pid 6033] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 7 [pid 6033] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 6033] ioctl(7, LOOP_CLR_FD) = 0 [pid 6035] <... mount resumed>) = 0 [pid 6035] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 6033] ioctl(7, LOOP_SET_FD, 6 [pid 6035] chdir("\x2e\x02" [pid 6033] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6033] close(7) = 0 [pid 6035] <... chdir resumed>) = 0 [pid 6033] close(6 [pid 6035] ioctl(4, LOOP_CLR_FD) = 0 [pid 6035] close(4) = 0 [pid 6035] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6035] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 6035] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 6035] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 6035] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 6035] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 6035] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 5019] <... umount2 resumed>) = 0 [pid 6035] memfd_create("syzkaller", 0 [pid 6033] <... close resumed>) = 0 [pid 6032] <... close resumed>) = 0 [pid 5019] umount2("\x2e\x2f\x31\x37\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6033] exit_group(0 [pid 6032] exit_group(0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... umount2 resumed>) = 0 [pid 6035] <... memfd_create resumed>) = 6 [pid 6035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 6032] <... exit_group resumed>) = ? [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x37\x30\x2f\x2e\x02", [pid 6033] <... exit_group resumed>) = ? [ 187.428803][ T6035] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 187.429889][ T6034] UDF-fs: Scanning with blocksize 1024 failed [ 187.453962][ T27] audit: type=1800 audit(1692541391.108:1002): pid=6035 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop4" ino=851 res=0 errno=0 [pid 6033] +++ exited with 0 +++ [pid 6032] +++ exited with 0 +++ [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] umount2("\x2e\x2f\x31\x36\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] umount2("\x2e\x2f\x31\x37\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6032, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6033, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=6 /* 0.06 s */} --- [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x36\x2f\x2e\x02", [pid 5017] umount2("./165", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] umount2("./164", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] umount2("\x2e\x2f\x31\x36\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... openat resumed>) = 3 [pid 5016] <... openat resumed>) = 3 [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x37\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] newfstatat(3, "", [pid 5016] newfstatat(3, "", [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5019] <... openat resumed>) = 4 [pid 5017] getdents64(3, [pid 5016] getdents64(3, [pid 5015] <... openat resumed>) = 4 [pid 5019] newfstatat(4, "", [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] newfstatat(4, "", [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] umount2("./165/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] umount2("./164/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] getdents64(4, [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] getdents64(4, [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5017] newfstatat(AT_FDCWD, "./165/binderfs", [pid 5016] newfstatat(AT_FDCWD, "./164/binderfs", [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5019] getdents64(4, [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] getdents64(4, [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5017] unlink("./165/binderfs" [pid 5016] unlink("./164/binderfs" [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5019] close(4 [pid 5017] <... unlink resumed>) = 0 [pid 5016] <... unlink resumed>) = 0 [pid 5015] close(4 [pid 5019] <... close resumed>) = 0 [pid 5017] umount2("\x2e\x2f\x31\x36\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] umount2("\x2e\x2f\x31\x36\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... close resumed>) = 0 [pid 5019] rmdir("\x2e\x2f\x31\x37\x30\x2f\x2e\x02" [pid 5015] rmdir("\x2e\x2f\x31\x36\x36\x2f\x2e\x02") = 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5015] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] close(3) = 0 [pid 5015] rmdir("./166" [pid 5019] getdents64(3, [pid 5015] <... rmdir resumed>) = 0 [pid 5015] mkdir("./167", 0777) = 0 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5015] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5015] close(3) = 0 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 6036 [pid 5016] <... umount2 resumed>) = 0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6036 attached [pid 6036] set_robust_list(0x555557506760, 24) = 0 [pid 6036] chdir("./167") = 0 [pid 6036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6036] setpgid(0, 0 [pid 5019] close(3 [pid 6036] <... setpgid resumed>) = 0 [pid 5019] <... close resumed>) = 0 [pid 5019] rmdir("./170" [pid 6036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5019] <... rmdir resumed>) = 0 [pid 5019] mkdir("./171", 0777 [pid 6036] <... openat resumed>) = 3 [pid 5019] <... mkdir resumed>) = 0 [pid 6036] write(3, "1000", 4 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6036] <... write resumed>) = 4 [pid 5019] <... openat resumed>) = 3 [pid 6036] close(3 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 6036] <... close resumed>) = 0 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5017] <... umount2 resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x36\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6036] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6036] memfd_create("syzkaller", 0 [pid 5019] close(3 [pid 6036] <... memfd_create resumed>) = 3 [pid 5017] umount2("\x2e\x2f\x31\x36\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5019] <... close resumed>) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x34\x2f\x2e\x02", [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x35\x2f\x2e\x02", [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] umount2("\x2e\x2f\x31\x36\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 6037 [pid 6036] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5017] umount2("\x2e\x2f\x31\x36\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x35\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] <... openat resumed>) = 4 [pid 5017] <... openat resumed>) = 4 [pid 5016] newfstatat(4, "", [pid 5017] newfstatat(4, "", [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 6037 attached [pid 6037] set_robust_list(0x555557506760, 24) = 0 [pid 6037] chdir("./171" [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] getdents64(4, [pid 5017] getdents64(4, [pid 6037] <... chdir resumed>) = 0 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 6037] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6036] <... write resumed>) = 1048576 [pid 5017] getdents64(4, [pid 5016] getdents64(4, [pid 6037] <... prctl resumed>) = 0 [pid 6037] setpgid(0, 0) = 0 [pid 6037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 6037] <... openat resumed>) = 3 [pid 6035] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5017] close(4 [pid 5016] close(4 [pid 6037] write(3, "1000", 4) = 4 [pid 6037] close(3) = 0 [pid 5017] <... close resumed>) = 0 [pid 5016] <... close resumed>) = 0 [pid 6037] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5017] rmdir("\x2e\x2f\x31\x36\x35\x2f\x2e\x02" [pid 5016] rmdir("\x2e\x2f\x31\x36\x34\x2f\x2e\x02" [pid 6037] memfd_create("syzkaller", 0) = 3 [pid 6037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] <... rmdir resumed>) = 0 [ 187.550205][ T6034] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 187.578182][ T6034] UDF-fs: Scanning with blocksize 2048 failed [pid 6037] <... mmap resumed>) = 0x7f3634699000 [pid 5017] getdents64(3, [pid 5016] <... rmdir resumed>) = 0 [pid 5016] getdents64(3, [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5017] close(3) = 0 [pid 5016] close(3 [pid 5017] rmdir("./165" [pid 5016] <... close resumed>) = 0 [pid 5016] rmdir("./164" [pid 6036] munmap(0x7f3634699000, 1048576 [pid 5017] <... rmdir resumed>) = 0 [pid 5016] <... rmdir resumed>) = 0 [pid 5017] mkdir("./166", 0777 [pid 5016] mkdir("./165", 0777 [pid 5017] <... mkdir resumed>) = 0 [pid 6036] <... munmap resumed>) = 0 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5016] <... mkdir resumed>) = 0 [pid 6036] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5017] <... openat resumed>) = 3 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6036] <... openat resumed>) = 4 [pid 6037] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6036] ioctl(4, LOOP_SET_FD, 3 [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5016] <... openat resumed>) = 3 [pid 6036] <... ioctl resumed>) = 0 [pid 6035] <... write resumed>) = 2097152 [pid 6034] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5016] ioctl(3, LOOP_CLR_FD [pid 6035] munmap(0x7f362c399000, 2097152 [pid 6034] ioctl(4, LOOP_CLR_FD [pid 5017] close(3 [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6037] <... write resumed>) = 1048576 [pid 6035] <... munmap resumed>) = 0 [pid 6034] <... ioctl resumed>) = 0 [pid 5017] <... close resumed>) = 0 [pid 5016] close(3 [pid 6034] close(4 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5016] <... close resumed>) = 0 [pid 6036] close(3) = 0 [pid 6034] <... close resumed>) = 0 [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6037] munmap(0x7f3634699000, 1048576./strace-static-x86_64: Process 6038 attached [pid 6036] mkdir("\x2e\x02", 0777 [pid 6034] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 6038 [pid 6036] <... mkdir resumed>) = 0 [pid 6035] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6034] <... open resumed>) = 3 [ 187.599450][ T6034] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 187.617746][ T6036] loop1: detected capacity change from 0 to 2048 [ 187.624838][ T6034] UDF-fs: Scanning with blocksize 4096 failed [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 6039 [pid 6035] <... openat resumed>) = 7 [pid 6034] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6035] ioctl(7, LOOP_SET_FD, 6 [pid 6034] <... mount resumed>) = 0 [pid 6035] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6034] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6035] ioctl(7, LOOP_CLR_FD [pid 6034] <... open resumed>) = 4 [pid 6035] <... ioctl resumed>) = 0 [pid 6034] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 6034] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) ./strace-static-x86_64: Process 6039 attached [pid 6034] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 6039] set_robust_list(0x555557506760, 24 [pid 6035] ioctl(7, LOOP_SET_FD, 6 [pid 6034] <... mmap resumed>) = 0x20000000 [pid 6039] <... set_robust_list resumed>) = 0 [pid 6035] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6034] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6039] chdir("./165" [pid 6035] close(7 [pid 6034] <... open resumed>) = -1 EFAULT (Bad address) [pid 6039] <... chdir resumed>) = 0 [pid 6035] <... close resumed>) = 0 [pid 6034] memfd_create("syzkaller", 0 [pid 6039] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6036] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 6035] close(6 [pid 6034] <... memfd_create resumed>) = 5 [pid 6039] <... prctl resumed>) = 0 [pid 6037] <... munmap resumed>) = 0 [pid 6034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6039] setpgid(0, 0 [pid 6034] <... mmap resumed>) = 0x7f362c399000 [pid 6039] <... setpgid resumed>) = 0 [pid 6038] set_robust_list(0x555557506760, 24 [pid 6037] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6035] <... close resumed>) = 0 [pid 6039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6038] <... set_robust_list resumed>) = 0 [pid 6037] <... openat resumed>) = 4 [pid 6039] <... openat resumed>) = 3 [pid 6038] chdir("./166" [pid 6037] ioctl(4, LOOP_SET_FD, 3 [pid 6039] write(3, "1000", 4 [pid 6038] <... chdir resumed>) = 0 [pid 6039] <... write resumed>) = 4 [pid 6039] close(3) = 0 [ 187.658290][ T27] audit: type=1800 audit(1692541391.318:1003): pid=6034 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="sda1" ino=1944 res=0 errno=0 [ 187.684782][ T6036] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 187.693904][ T6036] UDF-fs: Scanning with blocksize 512 failed [pid 6039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6039] memfd_create("syzkaller", 0) = 3 [pid 6039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6037] <... ioctl resumed>) = 0 [pid 6039] <... mmap resumed>) = 0x7f3634699000 [pid 6038] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6037] close(3 [pid 6039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6038] <... prctl resumed>) = 0 [pid 6037] <... close resumed>) = 0 [pid 6035] exit_group(0 [pid 6038] setpgid(0, 0 [pid 6037] mkdir("\x2e\x02", 0777 [pid 6035] <... exit_group resumed>) = ? [pid 6035] +++ exited with 0 +++ [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6035, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 6038] <... setpgid resumed>) = 0 [pid 6038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6037] <... mkdir resumed>) = 0 [pid 5018] umount2("./169", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6038] write(3, "1000", 4 [pid 6037] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6038] <... write resumed>) = 4 [pid 6034] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5018] openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5018] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6038] close(3 [pid 5018] getdents64(3, [pid 6038] <... close resumed>) = 0 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 6039] <... write resumed>) = 1048576 [pid 6038] symlink("/dev/binderfs", "./binderfs" [pid 5018] umount2("./169/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(AT_FDCWD, "./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] unlink("./169/binderfs") = 0 [pid 5018] umount2("\x2e\x2f\x31\x36\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6039] munmap(0x7f3634699000, 1048576 [pid 6038] <... symlink resumed>) = 0 [pid 6038] memfd_create("syzkaller", 0 [pid 6036] <... mount resumed>) = 0 [pid 5018] <... umount2 resumed>) = 0 [pid 6038] <... memfd_create resumed>) = 3 [pid 6036] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 6038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6036] <... openat resumed>) = 3 [pid 6038] <... mmap resumed>) = 0x7f3634699000 [pid 6036] chdir("\x2e\x02" [pid 5018] umount2("\x2e\x2f\x31\x36\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6039] <... munmap resumed>) = 0 [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x39\x2f\x2e\x02", [pid 6039] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6036] <... chdir resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6039] <... openat resumed>) = 4 [pid 6038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6036] ioctl(4, LOOP_CLR_FD [pid 5018] umount2("\x2e\x2f\x31\x36\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6039] ioctl(4, LOOP_SET_FD, 3 [pid 6036] <... ioctl resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6036] close(4 [ 187.705195][ T6037] loop5: detected capacity change from 0 to 2048 [ 187.721456][ T6036] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 187.738025][ T6037] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 187.752790][ T6037] UDF-fs: Scanning with blocksize 512 failed [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5018] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5018] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] close(4) = 0 [pid 5018] rmdir("\x2e\x2f\x31\x36\x39\x2f\x2e\x02") = 0 [pid 5018] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 6036] <... close resumed>) = 0 [pid 5018] close(3 [pid 6036] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5018] <... close resumed>) = 0 [pid 5018] rmdir("./169" [pid 6036] <... open resumed>) = 4 [pid 5018] <... rmdir resumed>) = 0 [pid 6036] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5018] mkdir("./170", 0777 [pid 6036] <... mount resumed>) = 0 [pid 5018] <... mkdir resumed>) = 0 [pid 6036] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6036] <... open resumed>) = 5 [pid 5018] <... openat resumed>) = 3 [pid 6036] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] ioctl(3, LOOP_CLR_FD [pid 6038] <... write resumed>) = 1048576 [pid 6036] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6039] <... ioctl resumed>) = 0 [pid 6036] ftruncate(-1, 2 [pid 5018] close(3 [pid 6039] close(3 [pid 6038] munmap(0x7f3634699000, 1048576 [pid 6036] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6034] <... write resumed>) = 2097152 [pid 5018] <... close resumed>) = 0 [pid 6039] <... close resumed>) = 0 [pid 6038] <... munmap resumed>) = 0 [pid 6036] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6039] mkdir("\x2e\x02", 0777 [pid 6038] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6037] <... mount resumed>) = 0 [pid 6036] <... mmap resumed>) = 0x20000000 [pid 6039] <... mkdir resumed>) = 0 [pid 6038] <... openat resumed>) = 4 [pid 6037] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 6036] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 6040 [pid 6039] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 6038] ioctl(4, LOOP_SET_FD, 3 [pid 6037] <... openat resumed>) = 3 [pid 6036] <... open resumed>) = -1 EFAULT (Bad address) [ 187.787337][ T6037] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 187.806003][ T6039] loop2: detected capacity change from 0 to 2048 ./strace-static-x86_64: Process 6040 attached [pid 6040] set_robust_list(0x555557506760, 24) = 0 [pid 6040] chdir("./170") = 0 [pid 6040] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6040] setpgid(0, 0) = 0 [pid 6040] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6037] chdir("\x2e\x02" [pid 6036] memfd_create("syzkaller", 0 [pid 6038] <... ioctl resumed>) = 0 [pid 6040] write(3, "1000", 4 [pid 6037] <... chdir resumed>) = 0 [pid 6038] close(3 [pid 6036] <... memfd_create resumed>) = 6 [pid 6040] <... write resumed>) = 4 [pid 6038] <... close resumed>) = 0 [pid 6037] ioctl(4, LOOP_CLR_FD [pid 6036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6040] close(3 [pid 6038] mkdir("\x2e\x02", 0777 [pid 6037] <... ioctl resumed>) = 0 [pid 6036] <... mmap resumed>) = 0x7f362c399000 [pid 6040] <... close resumed>) = 0 [pid 6040] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6040] memfd_create("syzkaller", 0) = 3 [pid 6040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 6038] <... mkdir resumed>) = 0 [pid 6037] close(4 [pid 6034] munmap(0x7f362c399000, 2097152 [ 187.831775][ T6038] loop3: detected capacity change from 0 to 2048 [ 187.842674][ T6039] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [pid 6040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6038] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 6037] <... close resumed>) = 0 [pid 6034] <... munmap resumed>) = 0 [pid 6037] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6034] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6037] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6034] <... openat resumed>) = 6 [pid 6037] <... mount resumed>) = 0 [pid 6034] ioctl(6, LOOP_SET_FD, 5 [pid 6037] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6034] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6037] <... open resumed>) = 5 [pid 6037] openat(AT_FDCWD, NULL, O_RDWR [pid 6034] ioctl(6, LOOP_CLR_FD [pid 6037] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6034] <... ioctl resumed>) = 0 [pid 6037] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 6034] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6034] close(6) = 0 [pid 6034] close(5 [pid 6037] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 6037] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 6037] memfd_create("syzkaller", 0) = 6 [pid 6037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6040] <... write resumed>) = 1048576 [pid 6037] <... mmap resumed>) = 0x7f362c399000 [pid 6040] munmap(0x7f3634699000, 1048576) = 0 [ 187.875608][ T6039] UDF-fs: Scanning with blocksize 512 failed [ 187.908773][ T6038] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [pid 6040] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6040] ioctl(4, LOOP_SET_FD, 3 [pid 6036] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6034] <... close resumed>) = 0 [pid 6034] exit_group(0) = ? [pid 6034] +++ exited with 0 +++ [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6034, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 5014] umount2("./162", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5014] openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5014] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] getdents64(3, 0x5555575077f0 /* 5 entries */, 32768) = 128 [ 187.963010][ T6038] UDF-fs: Scanning with blocksize 512 failed [ 187.963507][ T6040] loop4: detected capacity change from 0 to 2048 [ 187.989117][ T6039] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5014] umount2("./162/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6039] <... mount resumed>) = 0 [pid 6039] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 6039] chdir("\x2e\x02") = 0 [pid 6039] ioctl(4, LOOP_CLR_FD) = 0 [pid 6039] close(4) = 0 [pid 6039] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5014] <... umount2 resumed>) = 0 [pid 6037] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5014] umount2("./162/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6040] <... ioctl resumed>) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6040] close(3) = 0 [pid 6039] <... open resumed>) = 4 [pid 5014] newfstatat(AT_FDCWD, "./162/bus", [pid 6040] mkdir("\x2e\x02", 0777 [pid 6039] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6040] <... mkdir resumed>) = 0 [pid 6039] <... mount resumed>) = 0 [pid 6036] <... write resumed>) = 2097152 [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6040] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 6039] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 6036] munmap(0x7f362c399000, 2097152 [pid 5014] unlink("./162/bus" [pid 6039] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5014] <... unlink resumed>) = 0 [pid 6039] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5014] umount2("./162/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [ 188.028376][ T6038] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6039] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 6038] <... mount resumed>) = 0 [pid 6037] <... write resumed>) = 2097152 [pid 6036] <... munmap resumed>) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6039] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 6038] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 6037] munmap(0x7f362c399000, 2097152 [pid 6036] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5014] newfstatat(AT_FDCWD, "./162/binderfs", [pid 6039] memfd_create("syzkaller", 0) = 6 [pid 6038] <... openat resumed>) = 3 [pid 6039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 6038] chdir("\x2e\x02" [pid 6037] <... munmap resumed>) = 0 [pid 6036] <... openat resumed>) = 7 [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6038] <... chdir resumed>) = 0 [pid 6037] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6036] ioctl(7, LOOP_SET_FD, 6 [pid 5014] unlink("./162/binderfs" [pid 6038] ioctl(4, LOOP_CLR_FD [pid 6037] <... openat resumed>) = 7 [pid 6036] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [ 188.084628][ T6040] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [pid 5014] <... unlink resumed>) = 0 [pid 6038] <... ioctl resumed>) = 0 [pid 6037] ioctl(7, LOOP_SET_FD, 6 [pid 6038] close(4 [pid 6036] ioctl(7, LOOP_CLR_FD [pid 6037] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6038] <... close resumed>) = 0 [pid 6038] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6037] ioctl(7, LOOP_CLR_FD [pid 6036] <... ioctl resumed>) = 0 [pid 5014] umount2("\x2e\x2f\x31\x36\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6037] <... ioctl resumed>) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6038] <... open resumed>) = 4 [pid 6038] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5014] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x32\x2f\x2e\x02", [pid 6037] ioctl(7, LOOP_SET_FD, 6 [pid 6036] ioctl(7, LOOP_SET_FD, 6 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6038] <... mount resumed>) = 0 [pid 6037] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6036] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6038] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6037] close(7 [pid 6036] close(7 [pid 5014] umount2("\x2e\x2f\x31\x36\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6038] <... open resumed>) = 5 [pid 6037] <... close resumed>) = 0 [pid 6036] <... close resumed>) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6038] openat(AT_FDCWD, NULL, O_RDWR [pid 6037] close(6 [pid 6036] close(6 [pid 5014] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5014] newfstatat(4, "", [pid 6038] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6039] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6038] ftruncate(-1, 2 [pid 6036] <... close resumed>) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6038] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5014] getdents64(4, [pid 6038] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5014] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 6038] <... mmap resumed>) = 0x20000000 [pid 6038] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5014] getdents64(4, [pid 6038] <... open resumed>) = -1 EFAULT (Bad address) [pid 5014] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 6038] memfd_create("syzkaller", 0 [pid 5014] close(4 [pid 6038] <... memfd_create resumed>) = 6 [pid 5014] <... close resumed>) = 0 [pid 6038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5014] rmdir("\x2e\x2f\x31\x36\x32\x2f\x2e\x02" [pid 6038] <... mmap resumed>) = 0x7f362c399000 [pid 5014] <... rmdir resumed>) = 0 [pid 5014] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] close(3) = 0 [ 188.129101][ T6040] UDF-fs: Scanning with blocksize 512 failed [pid 5014] rmdir("./162" [pid 6037] <... close resumed>) = 0 [pid 6036] exit_group(0) = ? [pid 6037] exit_group(0 [pid 5014] <... rmdir resumed>) = 0 [pid 5014] mkdir("./163", 0777 [pid 6037] <... exit_group resumed>) = ? [pid 5014] <... mkdir resumed>) = 0 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5014] ioctl(3, LOOP_CLR_FD) = 0 [pid 5014] close(3) = 0 [pid 6037] +++ exited with 0 +++ [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6037, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- [pid 6036] +++ exited with 0 +++ [pid 5019] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6036, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=5 /* 0.05 s */} --- [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 6041 [pid 5015] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5019] umount2("./171", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] openat(AT_FDCWD, "./171", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 6041 attached ) = 3 [pid 5015] umount2("./167", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] newfstatat(3, "", [pid 6041] set_robust_list(0x555557506760, 24 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] getdents64(3, [pid 5015] openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6041] <... set_robust_list resumed>) = 0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5019] umount2("./171/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... openat resumed>) = 3 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] newfstatat(3, "", [pid 5019] newfstatat(AT_FDCWD, "./171/binderfs", [pid 6041] chdir("./163" [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6041] <... chdir resumed>) = 0 [pid 6040] <... mount resumed>) = 0 [pid 5019] unlink("./171/binderfs" [pid 5015] getdents64(3, [pid 6041] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6040] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5019] <... unlink resumed>) = 0 [pid 6041] <... prctl resumed>) = 0 [pid 6040] <... openat resumed>) = 3 [pid 5019] umount2("\x2e\x2f\x31\x37\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 6041] setpgid(0, 0 [pid 6040] chdir("\x2e\x02" [pid 5015] umount2("./167/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6041] <... setpgid resumed>) = 0 [pid 6040] <... chdir resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [ 188.185727][ T6040] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6040] ioctl(4, LOOP_CLR_FD [pid 5015] newfstatat(AT_FDCWD, "./167/binderfs", [pid 6041] <... openat resumed>) = 3 [pid 6040] <... ioctl resumed>) = 0 [pid 6039] <... write resumed>) = 2097152 [pid 5019] <... umount2 resumed>) = 0 [pid 6041] write(3, "1000", 4 [pid 6040] close(4 [pid 5019] umount2("\x2e\x2f\x31\x37\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6041] <... write resumed>) = 4 [pid 6040] <... close resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] unlink("./167/binderfs" [pid 6041] close(3 [pid 6040] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x37\x31\x2f\x2e\x02", [pid 6041] <... close resumed>) = 0 [pid 6040] <... open resumed>) = 4 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... unlink resumed>) = 0 [pid 6041] symlink("/dev/binderfs", "./binderfs" [pid 6040] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] umount2("\x2e\x2f\x31\x37\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] umount2("\x2e\x2f\x31\x36\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6041] <... symlink resumed>) = 0 [pid 6040] <... mount resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6041] memfd_create("syzkaller", 0 [pid 6040] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x37\x31\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6041] <... memfd_create resumed>) = 3 [pid 6040] <... open resumed>) = 5 [pid 5019] <... openat resumed>) = 4 [pid 6041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6040] openat(AT_FDCWD, NULL, O_RDWR [pid 5019] newfstatat(4, "", [pid 6041] <... mmap resumed>) = 0x7f3634699000 [pid 6040] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6040] ftruncate(-1, 2 [pid 5019] getdents64(4, [pid 6040] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 6040] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] getdents64(4, [pid 6040] <... mmap resumed>) = 0x20000000 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 6040] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] close(4 [pid 6040] <... open resumed>) = -1 EFAULT (Bad address) [pid 5019] <... close resumed>) = 0 [pid 6040] memfd_create("syzkaller", 0 [pid 5019] rmdir("\x2e\x2f\x31\x37\x31\x2f\x2e\x02" [pid 6040] <... memfd_create resumed>) = 6 [pid 6039] munmap(0x7f362c399000, 2097152 [pid 5019] <... rmdir resumed>) = 0 [pid 6041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6038] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5019] getdents64(3, [pid 5015] <... umount2 resumed>) = 0 [pid 6040] <... mmap resumed>) = 0x7f362c399000 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 6041] <... write resumed>) = 1048576 [pid 5019] close(3 [pid 5015] umount2("\x2e\x2f\x31\x36\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... close resumed>) = 0 [pid 5019] rmdir("./171" [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] <... rmdir resumed>) = 0 [pid 5019] mkdir("./172", 0777 [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x37\x2f\x2e\x02", [pid 5019] <... mkdir resumed>) = 0 [pid 6039] <... munmap resumed>) = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6039] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5019] <... openat resumed>) = 3 [pid 5015] umount2("\x2e\x2f\x31\x36\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6039] <... openat resumed>) = 7 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6039] ioctl(7, LOOP_SET_FD, 6 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x37\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6039] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] close(3 [pid 5015] <... openat resumed>) = 4 [pid 6039] ioctl(7, LOOP_CLR_FD [pid 5019] <... close resumed>) = 0 [pid 5015] newfstatat(4, "", [pid 6039] <... ioctl resumed>) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] getdents64(4, [pid 6041] munmap(0x7f3634699000, 1048576 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 6042 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] getdents64(4, [pid 6039] ioctl(7, LOOP_SET_FD, 6 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6042 attached [pid 6041] <... munmap resumed>) = 0 [pid 6039] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5015] close(4 [pid 6042] set_robust_list(0x555557506760, 24 [pid 6039] close(7 [pid 5015] <... close resumed>) = 0 [pid 6042] <... set_robust_list resumed>) = 0 [pid 6039] <... close resumed>) = 0 [pid 5015] rmdir("\x2e\x2f\x31\x36\x37\x2f\x2e\x02" [pid 6042] chdir("./172" [pid 6039] close(6 [pid 6041] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5015] <... rmdir resumed>) = 0 [pid 6042] <... chdir resumed>) = 0 [pid 6041] <... openat resumed>) = 4 [pid 6039] <... close resumed>) = 0 [pid 5015] getdents64(3, [pid 6042] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6041] ioctl(4, LOOP_SET_FD, 3 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 6042] <... prctl resumed>) = 0 [pid 6041] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5015] close(3 [pid 6042] setpgid(0, 0 [pid 5015] <... close resumed>) = 0 [pid 6042] <... setpgid resumed>) = 0 [pid 6041] ioctl(4, LOOP_CLR_FD [pid 5015] rmdir("./167" [pid 6042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6041] <... ioctl resumed>) = 0 [pid 6038] <... write resumed>) = 2097152 [pid 5015] <... rmdir resumed>) = 0 [pid 6042] <... openat resumed>) = 3 [pid 5015] mkdir("./168", 0777 [pid 6042] write(3, "1000", 4 [pid 5015] <... mkdir resumed>) = 0 [pid 6042] <... write resumed>) = 4 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6042] close(3 [pid 5015] <... openat resumed>) = 3 [pid 6042] <... close resumed>) = 0 [pid 5015] ioctl(3, LOOP_CLR_FD [pid 6042] symlink("/dev/binderfs", "./binderfs" [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6042] <... symlink resumed>) = 0 [pid 5015] close(3 [pid 6042] memfd_create("syzkaller", 0 [pid 5015] <... close resumed>) = 0 [pid 6042] <... memfd_create resumed>) = 3 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6039] exit_group(0 [pid 6042] <... mmap resumed>) = 0x7f3634699000 [pid 6039] <... exit_group resumed>) = ? [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 6043 [pid 6038] munmap(0x7f362c399000, 2097152 [pid 6039] +++ exited with 0 +++ [pid 6041] ioctl(4, LOOP_SET_FD, 3 [pid 6040] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152./strace-static-x86_64: Process 6043 attached [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6039, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 6043] set_robust_list(0x555557506760, 24 [pid 6041] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5016] restart_syscall(<... resuming interrupted clone ...> [pid 6043] <... set_robust_list resumed>) = 0 [pid 6042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6041] close(4 [pid 5016] <... restart_syscall resumed>) = 0 [pid 6043] chdir("./168" [pid 6041] <... close resumed>) = 0 [pid 6038] <... munmap resumed>) = 0 [pid 6043] <... chdir resumed>) = 0 [pid 6041] close(3 [pid 6043] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5016] umount2("./165", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6043] <... prctl resumed>) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6043] setpgid(0, 0 [pid 5016] openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6043] <... setpgid resumed>) = 0 [pid 5016] <... openat resumed>) = 3 [pid 6043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5016] newfstatat(3, "", [pid 6043] <... openat resumed>) = 3 [pid 6041] <... close resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6043] write(3, "1000", 4 [pid 6041] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6038] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5016] getdents64(3, [pid 6043] <... write resumed>) = 4 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 6043] close(3 [pid 6041] <... open resumed>) = 3 [pid 5016] umount2("./165/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6043] <... close resumed>) = 0 [pid 6038] <... openat resumed>) = 7 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6043] symlink("/dev/binderfs", "./binderfs" [pid 6041] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6038] ioctl(7, LOOP_SET_FD, 6 [pid 5016] newfstatat(AT_FDCWD, "./165/binderfs", [pid 6043] <... symlink resumed>) = 0 [pid 6042] <... write resumed>) = 1048576 [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6043] memfd_create("syzkaller", 0 [pid 6042] munmap(0x7f3634699000, 1048576 [pid 6041] <... mount resumed>) = 0 [pid 6038] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5016] unlink("./165/binderfs" [pid 6043] <... memfd_create resumed>) = 3 [pid 5016] <... unlink resumed>) = 0 [pid 6043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5016] umount2("\x2e\x2f\x31\x36\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6043] <... mmap resumed>) = 0x7f3634699000 [pid 6042] <... munmap resumed>) = 0 [pid 6041] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6040] <... write resumed>) = 2097152 [pid 6038] ioctl(7, LOOP_CLR_FD [pid 5016] <... umount2 resumed>) = 0 [pid 6043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5016] umount2("\x2e\x2f\x31\x36\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6042] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6041] <... open resumed>) = 4 [pid 6040] munmap(0x7f362c399000, 2097152 [pid 6038] <... ioctl resumed>) = 0 [pid 6042] <... openat resumed>) = 4 [pid 6041] openat(AT_FDCWD, NULL, O_RDWR [pid 6040] <... munmap resumed>) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x35\x2f\x2e\x02", [pid 6042] ioctl(4, LOOP_SET_FD, 3 [pid 6041] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] umount2("\x2e\x2f\x31\x36\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x35\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5016] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5016] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5016] close(4) = 0 [pid 5016] rmdir("\x2e\x2f\x31\x36\x35\x2f\x2e\x02") = 0 [pid 5016] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5016] close(3) = 0 [pid 6041] ftruncate(-1, 2 [pid 5016] rmdir("./165" [pid 6042] <... ioctl resumed>) = 0 [pid 6041] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6040] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6038] ioctl(7, LOOP_SET_FD, 6 [pid 5016] <... rmdir resumed>) = 0 [pid 6043] <... write resumed>) = 1048576 [pid 6042] close(3 [pid 6041] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 6040] <... openat resumed>) = 7 [pid 6038] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5016] mkdir("./166", 0777 [pid 6041] <... mmap resumed>) = 0x20000000 [pid 6038] close(7 [pid 6040] ioctl(7, LOOP_SET_FD, 6 [pid 6042] <... close resumed>) = 0 [pid 5016] <... mkdir resumed>) = 0 [pid 6038] <... close resumed>) = 0 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5016] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5016] close(3) = 0 [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6043] munmap(0x7f3634699000, 1048576 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 6044 [pid 6043] <... munmap resumed>) = 0 [pid 6041] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6038] close(6 [pid 6041] <... open resumed>) = -1 EFAULT (Bad address) [pid 6043] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6043] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6038] <... close resumed>) = 0 [pid 6041] memfd_create("syzkaller", 0) = 5 [pid 6040] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 6044 attached [pid 6042] mkdir("\x2e\x02", 0777 [pid 6041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6040] ioctl(7, LOOP_CLR_FD [pid 6044] set_robust_list(0x555557506760, 24 [pid 6042] <... mkdir resumed>) = 0 [pid 6041] <... mmap resumed>) = 0x7f362c399000 [pid 6040] <... ioctl resumed>) = 0 [pid 6044] <... set_robust_list resumed>) = 0 [pid 6044] chdir("./166") = 0 [pid 6044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6044] setpgid(0, 0 [pid 6042] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 6044] <... setpgid resumed>) = 0 [pid 6044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6040] ioctl(7, LOOP_SET_FD, 6 [pid 6044] <... openat resumed>) = 3 [pid 6040] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6044] write(3, "1000", 4 [pid 6040] close(7 [pid 6038] exit_group(0 [pid 6044] <... write resumed>) = 4 [pid 6040] <... close resumed>) = 0 [pid 6044] close(3 [pid 6040] close(6 [pid 6044] <... close resumed>) = 0 [pid 6043] close(3 [pid 6044] symlink("/dev/binderfs", "./binderfs" [pid 6043] <... close resumed>) = 0 [pid 6044] <... symlink resumed>) = 0 [pid 6043] mkdir("\x2e\x02", 0777 [pid 6044] memfd_create("syzkaller", 0 [pid 6043] <... mkdir resumed>) = 0 [pid 6044] <... memfd_create resumed>) = 3 [ 188.456684][ T6042] loop5: detected capacity change from 0 to 2048 [ 188.477301][ T6043] loop1: detected capacity change from 0 to 2048 [pid 6043] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 6044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 6044] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6038] <... exit_group resumed>) = ? [pid 6044] <... write resumed>) = 1048576 [pid 6038] +++ exited with 0 +++ [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6038, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5017] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6040] <... close resumed>) = 0 [pid 5017] umount2("./166", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5017] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] umount2("./166/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6040] exit_group(0 [pid 5017] newfstatat(AT_FDCWD, "./166/binderfs", [pid 6040] <... exit_group resumed>) = ? [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] unlink("./166/binderfs") = 0 [pid 6040] +++ exited with 0 +++ [pid 5017] umount2("\x2e\x2f\x31\x36\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6040, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- [ 188.524070][ T6042] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 188.545397][ T6043] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 188.561230][ T6042] UDF-fs: Scanning with blocksize 512 failed [pid 6041] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6044] munmap(0x7f3634699000, 1048576 [pid 5018] umount2("./170", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6044] <... munmap resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6044] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5018] newfstatat(3, "", [pid 6044] <... openat resumed>) = 4 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6044] ioctl(4, LOOP_SET_FD, 3 [pid 5018] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5018] umount2("./170/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(AT_FDCWD, "./170/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] unlink("./170/binderfs") = 0 [ 188.588096][ T6043] UDF-fs: Scanning with blocksize 512 failed [ 188.616565][ T6042] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 188.616610][ T6043] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5018] umount2("\x2e\x2f\x31\x37\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6041] <... write resumed>) = 2097152 [pid 5017] <... umount2 resumed>) = 0 [pid 6041] munmap(0x7f362c399000, 2097152) = 0 [pid 6041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 6041] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6041] ioctl(6, LOOP_CLR_FD) = 0 [pid 6041] ioctl(6, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 6041] close(6) = 0 [pid 6041] close(5 [pid 5017] umount2("\x2e\x2f\x31\x36\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x36\x2f\x2e\x02", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] <... umount2 resumed>) = 0 [pid 5017] umount2("\x2e\x2f\x31\x36\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6042] <... mount resumed>) = 0 [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6042] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5018] umount2("\x2e\x2f\x31\x37\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6042] <... openat resumed>) = 3 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... openat resumed>) = 4 [pid 6044] <... ioctl resumed>) = 0 [pid 6042] chdir("\x2e\x02" [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x37\x30\x2f\x2e\x02", [pid 6044] close(3 [pid 6042] <... chdir resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] newfstatat(4, "", [pid 6042] ioctl(4, LOOP_CLR_FD [pid 5018] umount2("\x2e\x2f\x31\x37\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6042] <... ioctl resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6042] close(4 [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x37\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6042] <... close resumed>) = 0 [pid 5018] <... openat resumed>) = 4 [pid 6042] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5018] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] getdents64(4, [pid 6044] <... close resumed>) = 0 [pid 6043] <... mount resumed>) = 0 [pid 6042] <... open resumed>) = 4 [pid 5018] getdents64(4, [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 6042] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 6042] <... mount resumed>) = 0 [pid 5018] getdents64(4, [pid 6042] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 6042] <... open resumed>) = 5 [pid 5018] close(4 [pid 6042] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] <... close resumed>) = 0 [pid 6042] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5018] rmdir("\x2e\x2f\x31\x37\x30\x2f\x2e\x02" [pid 6044] mkdir("\x2e\x02", 0777 [pid 6043] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 6042] ftruncate(-1, 2 [pid 5018] <... rmdir resumed>) = 0 [pid 5017] getdents64(4, [pid 6042] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5018] getdents64(3, [pid 6042] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 6044] <... mkdir resumed>) = 0 [pid 6043] <... openat resumed>) = 3 [pid 6042] <... mmap resumed>) = 0x20000000 [pid 5018] close(3 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [ 188.635661][ T6044] loop2: detected capacity change from 0 to 2048 [pid 6042] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5018] <... close resumed>) = 0 [pid 5017] close(4 [pid 6044] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 6043] chdir("\x2e\x02" [pid 6042] <... open resumed>) = -1 EFAULT (Bad address) [pid 5018] rmdir("./170" [pid 5017] <... close resumed>) = 0 [pid 6043] <... chdir resumed>) = 0 [pid 6042] memfd_create("syzkaller", 0 [pid 6041] <... close resumed>) = 0 [pid 5018] <... rmdir resumed>) = 0 [pid 6042] <... memfd_create resumed>) = 6 [pid 5018] mkdir("./171", 0777 [pid 6042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] <... mkdir resumed>) = 0 [pid 6042] <... mmap resumed>) = 0x7f362c399000 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6043] ioctl(4, LOOP_CLR_FD [pid 6041] exit_group(0 [pid 5018] <... openat resumed>) = 3 [pid 5017] rmdir("\x2e\x2f\x31\x36\x36\x2f\x2e\x02" [pid 5018] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5018] close(3) = 0 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 6045 ./strace-static-x86_64: Process 6045 attached [pid 6045] set_robust_list(0x555557506760, 24) = 0 [pid 6045] chdir("./171") = 0 [pid 6045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6045] setpgid(0, 0) = 0 [pid 6045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6045] write(3, "1000", 4) = 4 [pid 6045] close(3) = 0 [pid 6045] symlink("/dev/binderfs", "./binderfs" [pid 6043] <... ioctl resumed>) = 0 [pid 6041] <... exit_group resumed>) = ? [pid 5017] <... rmdir resumed>) = 0 [pid 6045] <... symlink resumed>) = 0 [pid 6045] memfd_create("syzkaller", 0 [pid 6041] +++ exited with 0 +++ [pid 6043] close(4 [pid 5017] getdents64(3, [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6041, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5014] umount2("./163", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6043] <... close resumed>) = 0 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5014] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6044] <... mount resumed>) = 0 [pid 6043] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5017] close(3 [pid 5014] getdents64(3, [pid 6045] <... memfd_create resumed>) = 3 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 6045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5014] umount2("./163/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6045] <... mmap resumed>) = 0x7f3634699000 [pid 5014] <... umount2 resumed>) = 0 [pid 6044] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5017] <... close resumed>) = 0 [pid 6043] <... open resumed>) = 4 [pid 5014] umount2("./163/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6044] <... openat resumed>) = 3 [pid 6043] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5017] rmdir("./166" [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6044] chdir("\x2e\x02" [pid 6043] <... mount resumed>) = 0 [pid 5014] newfstatat(AT_FDCWD, "./163/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] unlink("./163/bus") = 0 [pid 5014] umount2("./163/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5014] newfstatat(AT_FDCWD, "./163/binderfs", [pid 5017] <... rmdir resumed>) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6044] <... chdir resumed>) = 0 [pid 6043] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5014] unlink("./163/binderfs") = 0 [pid 5014] getdents64(3, [pid 6044] ioctl(4, LOOP_CLR_FD [pid 6043] <... open resumed>) = 5 [pid 5017] mkdir("./167", 0777 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] close(3) = 0 [pid 5014] rmdir("./163" [pid 6044] <... ioctl resumed>) = 0 [pid 6043] openat(AT_FDCWD, NULL, O_RDWR [pid 5014] <... rmdir resumed>) = 0 [pid 5014] mkdir("./164", 0777 [pid 6044] close(4 [pid 6043] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5017] <... mkdir resumed>) = 0 [pid 5014] <... mkdir resumed>) = 0 [pid 6044] <... close resumed>) = 0 [pid 6043] ftruncate(-1, 2 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6044] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6043] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5017] <... openat resumed>) = 3 [pid 5014] <... openat resumed>) = 3 [pid 5014] ioctl(3, LOOP_CLR_FD) = 0 [pid 5014] close(3 [pid 6043] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5014] <... close resumed>) = 0 [pid 6044] <... open resumed>) = 4 [pid 6043] <... mmap resumed>) = 0x20000000 [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6044] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6043] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6044] <... mount resumed>) = 0 [pid 6043] <... open resumed>) = -1 EFAULT (Bad address) [pid 6042] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 6046 [pid 6044] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5017] close(3 [pid 6043] memfd_create("syzkaller", 0 [pid 6044] <... open resumed>) = 5 [pid 5017] <... close resumed>) = 0 [pid 6044] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6044] ftruncate(-1, 2 [pid 6043] <... memfd_create resumed>) = 6 [ 188.674226][ T6044] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 188.683184][ T6044] UDF-fs: Scanning with blocksize 512 failed [ 188.693136][ T6044] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) ./strace-static-x86_64: Process 6046 attached [pid 6044] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6046] set_robust_list(0x555557506760, 24 [pid 6044] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 6043] <... mmap resumed>) = 0x7f362c399000 [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 6047 [pid 6046] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 6047 attached [pid 6047] set_robust_list(0x555557506760, 24) = 0 [pid 6047] chdir("./167" [pid 6044] <... mmap resumed>) = 0x20000000 [pid 6047] <... chdir resumed>) = 0 [pid 6047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6047] setpgid(0, 0 [pid 6046] chdir("./164" [pid 6047] <... setpgid resumed>) = 0 [pid 6047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6046] <... chdir resumed>) = 0 [pid 6044] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6047] <... openat resumed>) = 3 [pid 6046] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6044] <... open resumed>) = -1 EFAULT (Bad address) [pid 6047] write(3, "1000", 4) = 4 [pid 6046] <... prctl resumed>) = 0 [pid 6045] <... write resumed>) = 1048576 [pid 6047] close(3 [pid 6044] memfd_create("syzkaller", 0 [pid 6047] <... close resumed>) = 0 [pid 6046] setpgid(0, 0 [pid 6047] symlink("/dev/binderfs", "./binderfs" [pid 6044] <... memfd_create resumed>) = 6 [pid 6047] <... symlink resumed>) = 0 [pid 6046] <... setpgid resumed>) = 0 [pid 6045] munmap(0x7f3634699000, 1048576 [pid 6044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6047] memfd_create("syzkaller", 0 [pid 6046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6045] <... munmap resumed>) = 0 [pid 6044] <... mmap resumed>) = 0x7f362c399000 [pid 6047] <... memfd_create resumed>) = 3 [pid 6046] <... openat resumed>) = 3 [pid 6045] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6046] write(3, "1000", 4 [pid 6045] <... openat resumed>) = 4 [pid 6047] <... mmap resumed>) = 0x7f3634699000 [pid 6046] <... write resumed>) = 4 [pid 6045] ioctl(4, LOOP_SET_FD, 3 [pid 6047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6046] close(3) = 0 [pid 6046] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6046] memfd_create("syzkaller", 0) = 3 [pid 6046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 6046] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6045] <... ioctl resumed>) = 0 [pid 6045] close(3) = 0 [ 188.802847][ T6045] loop4: detected capacity change from 0 to 2048 [pid 6045] mkdir("\x2e\x02", 0777 [pid 6047] <... write resumed>) = 1048576 [pid 6045] <... mkdir resumed>) = 0 [pid 6042] <... write resumed>) = 2097152 [pid 6045] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 6044] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6043] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6042] munmap(0x7f362c399000, 2097152) = 0 [pid 6047] munmap(0x7f3634699000, 1048576) = 0 [pid 6047] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6047] ioctl(4, LOOP_SET_FD, 3 [pid 6042] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 7 [pid 6042] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 6042] ioctl(7, LOOP_CLR_FD) = 0 [pid 6046] <... write resumed>) = 1048576 [pid 6042] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 6042] close(7) = 0 [pid 6042] close(6 [pid 6046] munmap(0x7f3634699000, 1048576 [pid 6043] <... write resumed>) = 2097152 [pid 6047] <... ioctl resumed>) = 0 [pid 6047] close(3) = 0 [pid 6047] mkdir("\x2e\x02", 0777 [pid 6046] <... munmap resumed>) = 0 [pid 6046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6046] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 6047] <... mkdir resumed>) = 0 [pid 6047] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 6046] ioctl(4, LOOP_CLR_FD) = 0 [pid 6042] <... close resumed>) = 0 [pid 6042] exit_group(0) = ? [pid 6046] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [ 188.876650][ T6045] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 188.894199][ T6047] loop3: detected capacity change from 0 to 2048 [ 188.904934][ T6045] UDF-fs: Scanning with blocksize 512 failed [pid 6046] close(4) = 0 [pid 6044] <... write resumed>) = 2097152 [pid 6043] munmap(0x7f362c399000, 2097152 [pid 6046] close(3 [pid 6044] munmap(0x7f362c399000, 2097152 [pid 6043] <... munmap resumed>) = 0 [pid 6045] <... mount resumed>) = 0 [pid 6046] <... close resumed>) = 0 [pid 6045] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 6044] <... munmap resumed>) = 0 [pid 6043] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6042] +++ exited with 0 +++ [pid 6046] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6045] <... openat resumed>) = 3 [pid 6044] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6043] <... openat resumed>) = 7 [pid 6046] <... open resumed>) = 3 [pid 6045] chdir("\x2e\x02" [pid 6044] <... openat resumed>) = 7 [pid 6043] ioctl(7, LOOP_SET_FD, 6 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6042, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- [pid 6046] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6045] <... chdir resumed>) = 0 [pid 6044] ioctl(7, LOOP_SET_FD, 6 [pid 6043] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] restart_syscall(<... resuming interrupted clone ...> [pid 6046] <... mount resumed>) = 0 [pid 6045] ioctl(4, LOOP_CLR_FD [pid 6044] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6043] ioctl(7, LOOP_CLR_FD [pid 5019] <... restart_syscall resumed>) = 0 [pid 6046] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6045] <... ioctl resumed>) = 0 [pid 6044] ioctl(7, LOOP_CLR_FD [pid 6043] <... ioctl resumed>) = 0 [pid 6045] close(4 [pid 6044] <... ioctl resumed>) = 0 [pid 6046] <... open resumed>) = 4 [pid 5019] umount2("./172", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6046] openat(AT_FDCWD, NULL, O_RDWR [pid 6045] <... close resumed>) = 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6045] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6046] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5019] openat(AT_FDCWD, "./172", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6043] ioctl(7, LOOP_SET_FD, 6 [pid 6044] ioctl(7, LOOP_SET_FD, 6 [pid 6043] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [ 188.956046][ T6045] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 188.963703][ T6047] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 188.976256][ T6047] UDF-fs: Scanning with blocksize 512 failed [pid 5019] <... openat resumed>) = 3 [pid 6046] ftruncate(-1, 2 [pid 6045] <... open resumed>) = 4 [pid 6044] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6043] close(7 [pid 5019] newfstatat(3, "", [pid 6046] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6045] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6044] close(7 [pid 6043] <... close resumed>) = 0 [pid 6046] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 6044] <... close resumed>) = 0 [pid 6045] <... mount resumed>) = 0 [pid 6047] <... mount resumed>) = 0 [pid 6046] <... mmap resumed>) = 0x20000000 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6044] close(6 [pid 6043] close(6 [pid 5019] getdents64(3, [pid 6047] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 6047] chdir("\x2e\x02") = 0 [pid 6047] ioctl(4, LOOP_CLR_FD) = 0 [pid 6047] close(4) = 0 [pid 6047] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5019] umount2("./172/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5019] newfstatat(AT_FDCWD, "./172/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] unlink("./172/binderfs") = 0 [pid 5019] umount2("\x2e\x2f\x31\x37\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6046] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6045] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6043] <... close resumed>) = 0 [pid 6046] <... open resumed>) = -1 EFAULT (Bad address) [pid 6045] <... open resumed>) = 5 [pid 6045] openat(AT_FDCWD, NULL, O_RDWR [pid 6046] memfd_create("syzkaller", 0) = 5 [pid 6045] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6045] ftruncate(-1, 2 [pid 6046] <... mmap resumed>) = 0x7f362c399000 [pid 6045] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6045] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 6047] <... open resumed>) = 4 [pid 6045] <... mmap resumed>) = 0x20000000 [pid 6045] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 6045] memfd_create("syzkaller", 0 [pid 6047] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6045] <... memfd_create resumed>) = 6 [pid 6047] <... mount resumed>) = 0 [pid 6045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6047] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6045] <... mmap resumed>) = 0x7f362c399000 [pid 6047] <... open resumed>) = 5 [pid 5019] <... umount2 resumed>) = 0 [pid 6047] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 6047] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 5019] umount2("\x2e\x2f\x31\x37\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6047] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6047] <... mmap resumed>) = 0x20000000 [ 188.998938][ T6047] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x37\x32\x2f\x2e\x02", [pid 6047] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6047] <... open resumed>) = -1 EFAULT (Bad address) [pid 5019] umount2("\x2e\x2f\x31\x37\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6047] memfd_create("syzkaller", 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6047] <... memfd_create resumed>) = 6 [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x37\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5019] <... openat resumed>) = 4 [pid 6047] <... mmap resumed>) = 0x7f362c399000 [pid 5019] newfstatat(4, "", [pid 6044] <... close resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6043] exit_group(0 [pid 5019] getdents64(4, [pid 6044] exit_group(0 [pid 6043] <... exit_group resumed>) = ? [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 6044] <... exit_group resumed>) = ? [pid 6043] +++ exited with 0 +++ [pid 5019] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5019] close(4 [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6043, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5019] <... close resumed>) = 0 [pid 5019] rmdir("\x2e\x2f\x31\x37\x32\x2f\x2e\x02" [pid 5015] umount2("./168", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6044] +++ exited with 0 +++ [pid 5019] <... rmdir resumed>) = 0 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] getdents64(3, [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6044, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5015] openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] <... openat resumed>) = 3 [pid 5019] close(3 [pid 5015] newfstatat(3, "", [pid 5019] <... close resumed>) = 0 [pid 5019] rmdir("./172" [pid 5016] umount2("./166", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] <... rmdir resumed>) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] getdents64(3, [pid 5019] mkdir("./173", 0777 [pid 5016] openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5019] <... mkdir resumed>) = 0 [pid 5016] <... openat resumed>) = 3 [pid 5015] umount2("./168/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5016] newfstatat(3, "", [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] <... openat resumed>) = 3 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] newfstatat(AT_FDCWD, "./168/binderfs", [pid 5019] ioctl(3, LOOP_CLR_FD [pid 5016] getdents64(3, [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] unlink("./168/binderfs" [pid 5019] close(3 [pid 5016] umount2("./166/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... close resumed>) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... unlink resumed>) = 0 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 6048 [pid 5016] newfstatat(AT_FDCWD, "./166/binderfs", [pid 5015] umount2("\x2e\x2f\x31\x36\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] unlink("./166/binderfs") = 0 [pid 5016] umount2("\x2e\x2f\x31\x36\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6046] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6047] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152./strace-static-x86_64: Process 6048 attached [pid 6048] set_robust_list(0x555557506760, 24 [pid 6045] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5016] <... umount2 resumed>) = 0 [pid 5015] <... umount2 resumed>) = 0 [pid 6048] <... set_robust_list resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x36\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] umount2("\x2e\x2f\x31\x36\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6048] chdir("./173" [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6048] <... chdir resumed>) = 0 [pid 6046] <... write resumed>) = 2097152 [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x36\x2f\x2e\x02", [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x38\x2f\x2e\x02", [pid 6048] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6048] <... prctl resumed>) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6046] munmap(0x7f362c399000, 2097152 [pid 5016] umount2("\x2e\x2f\x31\x36\x36\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6048] setpgid(0, 0 [pid 5015] umount2("\x2e\x2f\x31\x36\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6046] <... munmap resumed>) = 0 [pid 6048] <... setpgid resumed>) = 0 [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6046] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x36\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6048] <... openat resumed>) = 3 [pid 5016] <... openat resumed>) = 4 [pid 5015] <... openat resumed>) = 4 [pid 5016] newfstatat(4, "", [pid 6048] write(3, "1000", 4 [pid 5015] newfstatat(4, "", [pid 6048] <... write resumed>) = 4 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6048] close(3 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6048] <... close resumed>) = 0 [pid 5016] getdents64(4, [pid 6048] symlink("/dev/binderfs", "./binderfs" [pid 6046] <... openat resumed>) = 6 [pid 5015] getdents64(4, [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 6048] <... symlink resumed>) = 0 [pid 5016] getdents64(4, [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 6048] memfd_create("syzkaller", 0 [pid 6046] ioctl(6, LOOP_SET_FD, 5 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] getdents64(4, [pid 6048] <... memfd_create resumed>) = 3 [pid 6046] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5016] close(4 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 6048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6046] ioctl(6, LOOP_CLR_FD [pid 5016] <... close resumed>) = 0 [pid 5015] close(4 [pid 6048] <... mmap resumed>) = 0x7f3634699000 [pid 6046] <... ioctl resumed>) = 0 [pid 5016] rmdir("\x2e\x2f\x31\x36\x36\x2f\x2e\x02" [pid 5015] <... close resumed>) = 0 [pid 6048] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5016] <... rmdir resumed>) = 0 [pid 5015] rmdir("\x2e\x2f\x31\x36\x38\x2f\x2e\x02" [pid 5016] getdents64(3, [pid 5015] <... rmdir resumed>) = 0 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] getdents64(3, [pid 5016] close(3 [pid 6046] ioctl(6, LOOP_SET_FD, 5 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 6046] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6045] <... write resumed>) = 2097152 [pid 5016] <... close resumed>) = 0 [pid 5015] close(3 [pid 6048] <... write resumed>) = 1048576 [pid 6047] <... write resumed>) = 2097152 [pid 6046] close(6 [pid 6045] munmap(0x7f362c399000, 2097152 [pid 5016] rmdir("./166" [pid 5015] <... close resumed>) = 0 [pid 6048] munmap(0x7f3634699000, 1048576 [pid 6047] munmap(0x7f362c399000, 2097152 [pid 6046] <... close resumed>) = 0 [pid 6045] <... munmap resumed>) = 0 [pid 5016] <... rmdir resumed>) = 0 [pid 5015] rmdir("./168" [pid 6048] <... munmap resumed>) = 0 [pid 6046] close(5 [pid 6045] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5016] mkdir("./167", 0777 [pid 5015] <... rmdir resumed>) = 0 [pid 6048] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6047] <... munmap resumed>) = 0 [pid 6045] <... openat resumed>) = 7 [pid 5016] <... mkdir resumed>) = 0 [pid 5015] mkdir("./169", 0777 [pid 6048] <... openat resumed>) = 4 [pid 6047] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6045] ioctl(7, LOOP_SET_FD, 6 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5015] <... mkdir resumed>) = 0 [pid 6048] ioctl(4, LOOP_SET_FD, 3 [pid 6047] <... openat resumed>) = 7 [pid 6045] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5016] <... openat resumed>) = 3 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6045] ioctl(7, LOOP_CLR_FD [pid 5016] ioctl(3, LOOP_CLR_FD [pid 5015] <... openat resumed>) = 3 [pid 6045] <... ioctl resumed>) = 0 [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5015] ioctl(3, LOOP_CLR_FD [pid 6046] <... close resumed>) = 0 [pid 5016] close(3 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6047] ioctl(7, LOOP_SET_FD, 6 [pid 6046] exit_group(0 [pid 5016] <... close resumed>) = 0 [pid 5015] close(3 [pid 6048] <... ioctl resumed>) = 0 [pid 6047] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6046] <... exit_group resumed>) = ? [pid 6045] ioctl(7, LOOP_SET_FD, 6 [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5015] <... close resumed>) = 0 [pid 6047] ioctl(7, LOOP_CLR_FD [pid 6045] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6047] <... ioctl resumed>) = 0 [pid 6046] +++ exited with 0 +++ [pid 6045] close(7 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 6049 [pid 6045] <... close resumed>) = 0 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 6050 [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6046, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 6045] close(6 [pid 6047] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 6047] close(7./strace-static-x86_64: Process 6050 attached ./strace-static-x86_64: Process 6049 attached ) = 0 [pid 6050] set_robust_list(0x555557506760, 24 [pid 6049] set_robust_list(0x555557506760, 24 [pid 6047] close(6 [pid 6045] <... close resumed>) = 0 [pid 6050] <... set_robust_list resumed>) = 0 [pid 6049] <... set_robust_list resumed>) = 0 [pid 6050] chdir("./169" [pid 6049] chdir("./167" [pid 6050] <... chdir resumed>) = 0 [pid 6049] <... chdir resumed>) = 0 [pid 6050] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6049] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6050] <... prctl resumed>) = 0 [pid 6049] <... prctl resumed>) = 0 [pid 6050] setpgid(0, 0 [pid 6049] setpgid(0, 0 [pid 6045] exit_group(0 [pid 6050] <... setpgid resumed>) = 0 [pid 6049] <... setpgid resumed>) = 0 [pid 6045] <... exit_group resumed>) = ? [pid 6050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6045] +++ exited with 0 +++ [pid 5014] umount2("./164", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6050] <... openat resumed>) = 3 [pid 6049] <... openat resumed>) = 3 [pid 6048] close(3 [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6045, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6050] write(3, "1000", 4 [pid 6049] write(3, "1000", 4 [pid 5018] restart_syscall(<... resuming interrupted clone ...> [pid 5014] openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6050] <... write resumed>) = 4 [pid 6049] <... write resumed>) = 4 [pid 6048] <... close resumed>) = 0 [pid 5018] <... restart_syscall resumed>) = 0 [pid 6050] close(3 [pid 6049] close(3 [pid 5014] <... openat resumed>) = 3 [pid 6050] <... close resumed>) = 0 [pid 6049] <... close resumed>) = 0 [pid 6048] mkdir("\x2e\x02", 0777 [pid 6050] symlink("/dev/binderfs", "./binderfs" [ 189.219220][ T6048] loop5: detected capacity change from 0 to 2048 [pid 6049] symlink("/dev/binderfs", "./binderfs" [pid 5014] newfstatat(3, "", [pid 6050] <... symlink resumed>) = 0 [pid 6049] <... symlink resumed>) = 0 [pid 6048] <... mkdir resumed>) = 0 [pid 5018] umount2("./171", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6050] memfd_create("syzkaller", 0 [pid 6049] memfd_create("syzkaller", 0 [pid 6048] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6050] <... memfd_create resumed>) = 3 [pid 6049] <... memfd_create resumed>) = 3 [pid 5018] openat(AT_FDCWD, "./171", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] getdents64(3, [pid 6050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] <... openat resumed>) = 3 [pid 6050] <... mmap resumed>) = 0x7f3634699000 [pid 6049] <... mmap resumed>) = 0x7f3634699000 [pid 5018] newfstatat(3, "", [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 6050] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6049] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6047] <... close resumed>) = 0 [pid 6047] exit_group(0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] umount2("./164/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6047] <... exit_group resumed>) = ? [pid 5018] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] <... umount2 resumed>) = 0 [pid 5018] umount2("./171/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5014] umount2("./164/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] newfstatat(AT_FDCWD, "./171/binderfs", [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] unlink("./171/binderfs" [pid 5014] newfstatat(AT_FDCWD, "./164/bus", [pid 5018] <... unlink resumed>) = 0 [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] umount2("\x2e\x2f\x31\x37\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] unlink("./164/bus" [pid 5018] <... umount2 resumed>) = 0 [pid 6049] <... write resumed>) = 1048576 [pid 5018] umount2("\x2e\x2f\x31\x37\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... unlink resumed>) = 0 [pid 5014] umount2("./164/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x37\x31\x2f\x2e\x02", [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5014] newfstatat(AT_FDCWD, "./164/binderfs", [pid 6050] <... write resumed>) = 1048576 [pid 5018] umount2("\x2e\x2f\x31\x37\x31\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] unlink("./164/binderfs" [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x37\x31\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5014] <... unlink resumed>) = 0 [pid 5018] <... openat resumed>) = 4 [pid 5014] getdents64(3, [pid 5018] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] getdents64(4, [pid 5014] close(3 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5014] <... close resumed>) = 0 [pid 5018] getdents64(4, [pid 5014] rmdir("./164" [pid 6049] munmap(0x7f3634699000, 1048576 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 6050] munmap(0x7f3634699000, 1048576 [pid 6049] <... munmap resumed>) = 0 [pid 5018] close(4 [pid 5014] <... rmdir resumed>) = 0 [pid 6050] <... munmap resumed>) = 0 [pid 6049] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6047] +++ exited with 0 +++ [pid 5018] <... close resumed>) = 0 [pid 5014] mkdir("./165", 0777 [pid 6049] <... openat resumed>) = 4 [pid 5018] rmdir("\x2e\x2f\x31\x37\x31\x2f\x2e\x02" [pid 6050] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6049] ioctl(4, LOOP_SET_FD, 3 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6047, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [ 189.304974][ T6048] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 189.315249][ T6048] UDF-fs: Scanning with blocksize 512 failed [pid 6050] <... openat resumed>) = 4 [pid 5018] <... rmdir resumed>) = 0 [pid 5017] restart_syscall(<... resuming interrupted clone ...> [pid 5014] <... mkdir resumed>) = 0 [pid 6050] ioctl(4, LOOP_SET_FD, 3 [pid 5018] getdents64(3, [pid 5017] <... restart_syscall resumed>) = 0 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5018] close(3 [pid 5017] umount2("./167", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... openat resumed>) = 3 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5017] newfstatat(3, "", [pid 5018] <... close resumed>) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5014] ioctl(3, LOOP_CLR_FD [pid 5018] rmdir("./171" [pid 5017] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5018] <... rmdir resumed>) = 0 [pid 5017] umount2("./167/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] mkdir("./172", 0777 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5014] close(3 [pid 5017] newfstatat(AT_FDCWD, "./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] unlink("./167/binderfs" [pid 5018] <... mkdir resumed>) = 0 [pid 5017] <... unlink resumed>) = 0 [pid 5014] <... close resumed>) = 0 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5017] umount2("\x2e\x2f\x31\x36\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6048] <... mount resumed>) = 0 [pid 6048] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5018] <... openat resumed>) = 3 [pid 6048] chdir("\x2e\x02" [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5014] <... clone resumed>, child_tidptr=0x555557506750) = 6051 [pid 6048] <... chdir resumed>) = 0 [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5017] <... umount2 resumed>) = 0 [pid 6048] ioctl(4, LOOP_CLR_FD) = 0 [pid 5018] close(3 [pid 5017] umount2("\x2e\x2f\x31\x36\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6048] close(4 [pid 5018] <... close resumed>) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6050] <... ioctl resumed>) = 0 [pid 6048] <... close resumed>) = 0 [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x37\x2f\x2e\x02", [pid 6050] close(3 [pid 6048] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6050] <... close resumed>) = 0 [pid 6048] <... open resumed>) = 4 [pid 5017] umount2("\x2e\x2f\x31\x36\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6050] mkdir("\x2e\x02", 0777 [pid 6048] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6050] <... mkdir resumed>) = 0 [pid 6048] <... mount resumed>) = 0 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x37\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6050] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 6048] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5017] <... openat resumed>) = 4 [pid 6048] <... open resumed>) = 5 [pid 5017] newfstatat(4, "", [pid 6048] openat(AT_FDCWD, NULL, O_RDWR [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 6052 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6048] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6049] <... ioctl resumed>) = 0 [pid 5017] getdents64(4, [pid 6049] close(3 [pid 6048] ftruncate(-1, 2 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [ 189.353961][ T6049] loop2: detected capacity change from 0 to 2048 [ 189.362580][ T6050] loop1: detected capacity change from 0 to 2048 [ 189.374981][ T6048] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) ./strace-static-x86_64: Process 6052 attached ./strace-static-x86_64: Process 6051 attached [pid 6049] <... close resumed>) = 0 [pid 6048] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5017] getdents64(4, [pid 6052] set_robust_list(0x555557506760, 24 [pid 6051] set_robust_list(0x555557506760, 24 [pid 6049] mkdir("\x2e\x02", 0777 [pid 6048] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 6052] <... set_robust_list resumed>) = 0 [pid 6051] <... set_robust_list resumed>) = 0 [pid 6049] <... mkdir resumed>) = 0 [pid 6048] <... mmap resumed>) = 0x20000000 [pid 5017] close(4 [pid 6052] chdir("./172" [pid 6048] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5017] <... close resumed>) = 0 [pid 6052] <... chdir resumed>) = 0 [pid 6048] <... open resumed>) = -1 EFAULT (Bad address) [pid 5017] rmdir("\x2e\x2f\x31\x36\x37\x2f\x2e\x02" [pid 6052] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6051] chdir("./165" [pid 6049] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 6048] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 5017] <... rmdir resumed>) = 0 [pid 6052] <... prctl resumed>) = 0 [pid 6051] <... chdir resumed>) = 0 [pid 6048] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 5017] getdents64(3, [pid 6052] setpgid(0, 0 [pid 6048] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 6052] <... setpgid resumed>) = 0 [pid 6051] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6048] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 5017] close(3 [pid 6052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6051] <... prctl resumed>) = 0 [pid 6048] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 5017] <... close resumed>) = 0 [pid 6052] <... openat resumed>) = 3 [pid 6051] setpgid(0, 0 [pid 6048] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 5017] rmdir("./167" [pid 6052] write(3, "1000", 4 [pid 6051] <... setpgid resumed>) = 0 [pid 6048] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5017] <... rmdir resumed>) = 0 [pid 6052] <... write resumed>) = 4 [pid 6048] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5017] mkdir("./168", 0777 [pid 6052] close(3 [pid 6048] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5017] <... mkdir resumed>) = 0 [pid 6052] <... close resumed>) = 0 [pid 6048] memfd_create("syzkaller", 0 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6052] symlink("/dev/binderfs", "./binderfs" [pid 6048] <... memfd_create resumed>) = 6 [pid 5017] <... openat resumed>) = 3 [pid 6052] <... symlink resumed>) = 0 [pid 6048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5017] ioctl(3, LOOP_CLR_FD [pid 6052] memfd_create("syzkaller", 0 [pid 6048] <... mmap resumed>) = 0x7f362c399000 [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6052] <... memfd_create resumed>) = 3 [pid 6048] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5017] close(3 [pid 6052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6048] exit_group(0 [pid 5017] <... close resumed>) = 0 [pid 6052] <... mmap resumed>) = 0x7f3634699000 [pid 6048] <... exit_group resumed>) = ? [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6048] +++ exited with 0 +++ [pid 6052] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6051] <... openat resumed>) = 3 [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6048, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 6053 [ 189.428635][ T6050] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 189.452668][ T6049] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 189.468534][ T6050] UDF-fs: Scanning with blocksize 512 failed [pid 6051] write(3, "1000", 4) = 4 [pid 6051] close(3) = 0 [pid 6051] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 6053 attached [pid 6053] set_robust_list(0x555557506760, 24) = 0 [pid 6053] chdir("./168") = 0 [pid 6053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6053] setpgid(0, 0 [pid 6052] <... write resumed>) = 1048576 [pid 6051] <... symlink resumed>) = 0 [pid 6053] <... setpgid resumed>) = 0 [pid 6053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6051] memfd_create("syzkaller", 0 [pid 6053] <... openat resumed>) = 3 [pid 6051] <... memfd_create resumed>) = 3 [pid 6049] <... mount resumed>) = 0 [pid 5019] umount2("./173", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6053] write(3, "1000", 4) = 4 [pid 6053] close(3) = 0 [pid 6053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6053] memfd_create("syzkaller", 0) = 3 [pid 6053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 6051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6049] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6051] <... mmap resumed>) = 0x7f3634699000 [pid 6049] <... openat resumed>) = 3 [pid 5019] openat(AT_FDCWD, "./173", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6052] munmap(0x7f3634699000, 1048576 [pid 6053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6052] <... munmap resumed>) = 0 [pid 6052] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5019] <... openat resumed>) = 3 [pid 6049] chdir("\x2e\x02" [pid 5019] newfstatat(3, "", [pid 6052] <... openat resumed>) = 4 [pid 6049] <... chdir resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 189.478891][ T6049] UDF-fs: Scanning with blocksize 512 failed [ 189.491913][ T6049] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 189.508308][ T6050] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6052] ioctl(4, LOOP_SET_FD, 3 [pid 6049] ioctl(4, LOOP_CLR_FD [pid 6052] <... ioctl resumed>) = 0 [pid 6051] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6050] <... mount resumed>) = 0 [pid 5019] getdents64(3, [pid 6052] close(3) = 0 [pid 6052] mkdir("\x2e\x02", 0777 [pid 6049] <... ioctl resumed>) = 0 [pid 6052] <... mkdir resumed>) = 0 [pid 6052] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 6051] <... write resumed>) = 1048576 [pid 6050] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 6050] <... openat resumed>) = 3 [pid 6049] close(4 [pid 5019] umount2("./173/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6049] <... close resumed>) = 0 [pid 6050] chdir("\x2e\x02" [pid 6049] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6050] <... chdir resumed>) = 0 [pid 6050] ioctl(4, LOOP_CLR_FD [pid 6049] <... open resumed>) = 4 [pid 5019] newfstatat(AT_FDCWD, "./173/binderfs", [pid 6049] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6050] <... ioctl resumed>) = 0 [pid 6050] close(4 [pid 6049] <... mount resumed>) = 0 [pid 5019] unlink("./173/binderfs" [pid 6050] <... close resumed>) = 0 [pid 6049] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5019] <... unlink resumed>) = 0 [pid 6050] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] umount2("\x2e\x2f\x31\x37\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6049] <... open resumed>) = 5 [pid 6049] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 6050] <... open resumed>) = 4 [pid 6050] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6049] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 6049] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 6050] <... mount resumed>) = 0 [pid 6049] <... mmap resumed>) = 0x20000000 [pid 6049] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 6049] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 6049] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 6049] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 6049] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 6049] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 6049] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 6049] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 6049] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 6049] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 6049] memfd_create("syzkaller", 0) = 6 [pid 6049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6050] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6049] <... mmap resumed>) = 0x7f362c399000 [pid 6050] <... open resumed>) = 5 [pid 6049] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 6050] openat(AT_FDCWD, NULL, O_RDWR [pid 6049] exit_group(0 [pid 6050] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6049] <... exit_group resumed>) = ? [pid 6051] munmap(0x7f3634699000, 1048576 [pid 6050] ftruncate(-1, 2 [pid 6049] +++ exited with 0 +++ [pid 5019] <... umount2 resumed>) = 0 [ 189.527136][ T6052] loop4: detected capacity change from 0 to 2048 [ 189.544289][ T6052] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [pid 6053] <... write resumed>) = 1048576 [pid 6051] <... munmap resumed>) = 0 [pid 6050] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] umount2("\x2e\x2f\x31\x37\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6049, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6051] ioctl(4, LOOP_SET_FD, 3 [pid 6050] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6053] munmap(0x7f3634699000, 1048576 [pid 5016] umount2("./167", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6053] <... munmap resumed>) = 0 [pid 6050] <... mmap resumed>) = 0x20000000 [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x37\x33\x2f\x2e\x02", [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6053] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5016] openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6053] <... openat resumed>) = 4 [pid 6050] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5016] <... openat resumed>) = 3 [pid 6053] ioctl(4, LOOP_SET_FD, 3 [pid 6050] <... open resumed>) = -1 EFAULT (Bad address) [pid 5019] umount2("\x2e\x2f\x31\x37\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] getdents64(3, 0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5016] umount2("./167/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(AT_FDCWD, "./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] unlink("./167/binderfs") = 0 [pid 5016] umount2("\x2e\x2f\x31\x36\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 6051] <... ioctl resumed>) = 0 [pid 6051] close(3) = 0 [pid 6051] mkdir("\x2e\x02", 0777 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] umount2("\x2e\x2f\x31\x36\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x37\x2f\x2e\x02", [pid 6051] <... mkdir resumed>) = 0 [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] umount2("\x2e\x2f\x31\x36\x37\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x37\x33\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x37\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5016] newfstatat(4, "", [pid 5019] <... openat resumed>) = 4 [pid 6053] <... ioctl resumed>) = 0 [pid 5019] newfstatat(4, "", [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6053] close(3 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6053] <... close resumed>) = 0 [pid 5019] getdents64(4, [pid 6053] mkdir("\x2e\x02", 0777 [pid 6051] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5016] getdents64(4, [pid 6053] <... mkdir resumed>) = 0 [pid 5019] getdents64(4, [pid 6053] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [ 189.571488][ T6051] loop0: detected capacity change from 0 to 2048 [ 189.595134][ T6053] loop3: detected capacity change from 0 to 2048 [ 189.597109][ T6052] UDF-fs: Scanning with blocksize 512 failed [ 189.602447][ T6050] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2 [pid 5019] close(4) = 0 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5019] rmdir("\x2e\x2f\x31\x37\x33\x2f\x2e\x02") = 0 [pid 5019] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5019] close(3) = 0 [pid 5019] rmdir("./173") = 0 [pid 5019] mkdir("./174", 0777) = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5019] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5019] close(3) = 0 [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5016] getdents64(4, [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 6054 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6054 attached [pid 6054] set_robust_list(0x555557506760, 24) = 0 [pid 6054] chdir("./174") = 0 [pid 6054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6054] setpgid(0, 0) = 0 [pid 6054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5016] close(4 [pid 6054] <... openat resumed>) = 3 [pid 6054] write(3, "1000", 4) = 4 [pid 6054] close(3) = 0 [pid 6054] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5016] <... close resumed>) = 0 [pid 6054] memfd_create("syzkaller", 0) = 3 [pid 5016] rmdir("\x2e\x2f\x31\x36\x37\x2f\x2e\x02" [pid 6054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6050] memfd_create("syzkaller", 0 [pid 6054] <... mmap resumed>) = 0x7f3634699000 [ 189.640629][ T6053] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 189.663287][ T6053] UDF-fs: Scanning with blocksize 512 failed [ 189.665918][ T6052] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 189.678930][ T6051] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [pid 6050] <... memfd_create resumed>) = 6 [pid 5016] <... rmdir resumed>) = 0 [pid 5016] getdents64(3, [pid 6050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6052] <... mount resumed>) = 0 [pid 6050] <... mmap resumed>) = 0x7f362c399000 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 6052] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 5016] close(3 [pid 6052] chdir("\x2e\x02" [pid 5016] <... close resumed>) = 0 [pid 6052] <... chdir resumed>) = 0 [pid 5016] rmdir("./167" [pid 6052] ioctl(4, LOOP_CLR_FD) = 0 [pid 5016] <... rmdir resumed>) = 0 [pid 6052] close(4 [pid 5016] mkdir("./168", 0777 [pid 6052] <... close resumed>) = 0 [pid 6052] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5016] <... mkdir resumed>) = 0 [pid 6052] <... open resumed>) = 4 [pid 6052] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6052] <... mount resumed>) = 0 [pid 5016] <... openat resumed>) = 3 [pid 6054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6052] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5016] ioctl(3, LOOP_CLR_FD [pid 6054] <... write resumed>) = 1048576 [pid 6052] <... open resumed>) = 5 [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6052] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5016] close(3 [pid 6052] ftruncate(-1, 2 [pid 5016] <... close resumed>) = 0 [pid 6052] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6052] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 6052] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 6055 [pid 6052] <... open resumed>) = -1 EFAULT (Bad address) [pid 6054] munmap(0x7f3634699000, 1048576 [pid 6052] memfd_create("syzkaller", 0) = 6 [pid 6052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 6053] <... mount resumed>) = 0 [pid 6053] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 6053] chdir("\x2e\x02") = 0 [ 189.701438][ T6051] UDF-fs: Scanning with blocksize 512 failed [ 189.725209][ T6053] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6053] ioctl(4, LOOP_CLR_FD [pid 6054] <... munmap resumed>) = 0 [pid 6053] <... ioctl resumed>) = 0 [pid 6053] close(4) = 0 ./strace-static-x86_64: Process 6055 attached [pid 6053] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6055] set_robust_list(0x555557506760, 24 [pid 6054] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6053] <... open resumed>) = 4 [pid 6055] <... set_robust_list resumed>) = 0 [pid 6054] <... openat resumed>) = 4 [pid 6053] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6054] ioctl(4, LOOP_SET_FD, 3 [pid 6053] <... mount resumed>) = 0 [pid 6055] chdir("./168" [pid 6054] <... ioctl resumed>) = 0 [pid 6053] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 6053] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 6053] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 6053] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 6053] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 6055] <... chdir resumed>) = 0 [pid 6053] memfd_create("syzkaller", 0) = 6 [pid 6053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 6055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6055] setpgid(0, 0 [pid 6054] close(3) = 0 [pid 6054] mkdir("\x2e\x02", 0777 [pid 6055] <... setpgid resumed>) = 0 [pid 6054] <... mkdir resumed>) = 0 [pid 6054] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 6055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6055] write(3, "1000", 4) = 4 [pid 6055] close(3) = 0 [pid 6055] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6055] memfd_create("syzkaller", 0) = 3 [ 189.796138][ T6054] loop5: detected capacity change from 0 to 2048 [ 189.802809][ T6051] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 189.834485][ T6051] UDF-fs: Scanning with blocksize 1024 failed [pid 6055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 6055] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6050] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 4315764 [pid 6052] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2482399 [pid 6055] <... write resumed>) = 1048576 [ 189.848110][ T6054] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 189.886559][ T6054] UDF-fs: Scanning with blocksize 512 failed [pid 6055] munmap(0x7f3634699000, 1048576) = 0 [pid 6055] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6053] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6055] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6052] <... write resumed>) = 2482399 [pid 6055] close(3) = 0 [pid 6055] mkdir("\x2e\x02", 0777) = 0 [ 189.907295][ T6051] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 189.927443][ T6055] loop2: detected capacity change from 0 to 2048 [ 189.937388][ T6054] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 189.944304][ T6051] UDF-fs: Scanning with blocksize 2048 failed [pid 6055] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 6054] <... mount resumed>) = 0 [pid 6054] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 6054] chdir("\x2e\x02") = 0 [pid 6054] ioctl(4, LOOP_CLR_FD) = 0 [pid 6054] close(4) = 0 [pid 6052] munmap(0x7f362c399000, 2482399 [pid 6054] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6054] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 6054] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 6054] openat(AT_FDCWD, NULL, O_RDWR [pid 6053] <... write resumed>) = 2097152 [pid 6054] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6054] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 6054] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 6052] <... munmap resumed>) = 0 [pid 6054] <... mmap resumed>) = 0x20000000 [pid 6054] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = -1 EFAULT (Bad address) [pid 6053] munmap(0x7f362c399000, 2097152 [pid 6052] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6053] <... munmap resumed>) = 0 [pid 6053] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6054] memfd_create("syzkaller", 0 [pid 6052] <... openat resumed>) = 7 [pid 6054] <... memfd_create resumed>) = 6 [pid 6054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f362c399000 [pid 6052] ioctl(7, LOOP_SET_FD, 6 [pid 6053] <... openat resumed>) = 7 [pid 6052] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6050] <... write resumed>) = 4315764 [pid 6053] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 6052] ioctl(7, LOOP_CLR_FD [pid 6053] ioctl(7, LOOP_CLR_FD) = 0 [pid 6052] <... ioctl resumed>) = 0 [pid 6052] ioctl(7, LOOP_SET_FD, 6 [pid 6053] ioctl(7, LOOP_SET_FD, 6 [pid 6052] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6053] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [ 189.963313][ T6055] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 189.972177][ T6051] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 189.996265][ T6055] UDF-fs: Scanning with blocksize 512 failed [ 190.003400][ T6051] UDF-fs: Scanning with blocksize 4096 failed [pid 6052] close(7 [pid 6053] close(7 [pid 6052] <... close resumed>) = 0 [pid 6051] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6050] munmap(0x7f362c399000, 4315764 [pid 6053] <... close resumed>) = 0 [pid 6052] close(6 [pid 6051] ioctl(4, LOOP_CLR_FD [pid 6053] close(6 [pid 6051] <... ioctl resumed>) = 0 [pid 6051] close(4) = 0 [pid 6051] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 3 [pid 6051] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 6051] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 6051] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 6051] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 6051] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 6051] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6053] <... close resumed>) = 0 [pid 6051] <... open resumed>) = -1 EFAULT (Bad address) [pid 6053] exit_group(0) = ? [pid 6055] <... mount resumed>) = 0 [pid 6054] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6052] <... close resumed>) = 0 [pid 6051] memfd_create("syzkaller", 0 [pid 6050] <... munmap resumed>) = 0 [ 190.045968][ T6055] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6055] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 6053] +++ exited with 0 +++ [pid 6052] exit_group(0 [pid 6051] <... memfd_create resumed>) = 5 [pid 6050] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6055] <... openat resumed>) = 3 [pid 6052] <... exit_group resumed>) = ? [pid 6051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6050] <... openat resumed>) = 7 [pid 6055] chdir("\x2e\x02" [pid 6052] +++ exited with 0 +++ [pid 6051] <... mmap resumed>) = 0x7f362c399000 [pid 6050] ioctl(7, LOOP_SET_FD, 6 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6053, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 6055] <... chdir resumed>) = 0 [pid 6050] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6052, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=7 /* 0.07 s */} --- [pid 5017] umount2("./168", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6055] ioctl(4, LOOP_CLR_FD [pid 6050] ioctl(7, LOOP_CLR_FD [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6055] <... ioctl resumed>) = 0 [pid 6050] <... ioctl resumed>) = 0 [pid 5017] openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6055] close(4 [pid 5017] <... openat resumed>) = 3 [pid 6055] <... close resumed>) = 0 [pid 5017] newfstatat(3, "", [pid 6055] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6055] <... open resumed>) = 4 [pid 6054] <... write resumed>) = 2097152 [pid 6050] ioctl(7, LOOP_SET_FD, 6 [pid 5018] umount2("./172", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] getdents64(3, [pid 6055] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6050] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 6055] <... mount resumed>) = 0 [pid 6054] munmap(0x7f362c399000, 2097152 [pid 6050] close(7 [pid 5018] openat(AT_FDCWD, "./172", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] umount2("./168/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6055] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6050] <... close resumed>) = 0 [pid 5018] <... openat resumed>) = 3 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6055] <... open resumed>) = 5 [pid 6050] close(6 [pid 5018] newfstatat(3, "", [pid 5017] newfstatat(AT_FDCWD, "./168/binderfs", [pid 6055] openat(AT_FDCWD, NULL, O_RDWR [pid 6054] <... munmap resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6055] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6054] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5018] getdents64(3, [pid 5017] unlink("./168/binderfs" [pid 6055] ftruncate(-1, 2 [pid 6054] <... openat resumed>) = 7 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] <... unlink resumed>) = 0 [pid 6055] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6054] ioctl(7, LOOP_SET_FD, 6 [pid 5018] umount2("./172/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] umount2("\x2e\x2f\x31\x36\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6055] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 6054] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6055] <... mmap resumed>) = 0x20000000 [pid 6054] ioctl(7, LOOP_CLR_FD [pid 5018] newfstatat(AT_FDCWD, "./172/binderfs", [pid 6055] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6054] <... ioctl resumed>) = 0 [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6055] <... open resumed>) = -1 EFAULT (Bad address) [pid 5018] unlink("./172/binderfs" [pid 6055] memfd_create("syzkaller", 0) = 6 [pid 5018] <... unlink resumed>) = 0 [pid 6055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6054] ioctl(7, LOOP_SET_FD, 6 [pid 5018] umount2("\x2e\x2f\x31\x37\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6055] <... mmap resumed>) = 0x7f362c399000 [pid 6054] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6054] close(7) = 0 [pid 6054] close(6 [pid 5017] <... umount2 resumed>) = 0 [pid 6051] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5017] umount2("\x2e\x2f\x31\x36\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6050] <... close resumed>) = 0 [pid 6054] <... close resumed>) = 0 [pid 6050] exit_group(0 [pid 5018] <... umount2 resumed>) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6054] exit_group(0 [pid 6050] <... exit_group resumed>) = ? [pid 5018] umount2("\x2e\x2f\x31\x37\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x38\x2f\x2e\x02", [pid 6054] <... exit_group resumed>) = ? [pid 6050] +++ exited with 0 +++ [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6054] +++ exited with 0 +++ [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x37\x32\x2f\x2e\x02", [pid 5017] umount2("\x2e\x2f\x31\x36\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6050, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6054, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5018] umount2("\x2e\x2f\x31\x37\x32\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5019] restart_syscall(<... resuming interrupted clone ...> [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... openat resumed>) = 4 [pid 5015] umount2("./169", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... restart_syscall resumed>) = 0 [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x37\x32\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] newfstatat(4, "", [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... openat resumed>) = 4 [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] newfstatat(4, "", [pid 5017] getdents64(4, [pid 5015] <... openat resumed>) = 3 [pid 5019] umount2("./174", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] newfstatat(3, "", [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] getdents64(4, [pid 5017] getdents64(4, [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] openat(AT_FDCWD, "./174", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] getdents64(3, [pid 5019] <... openat resumed>) = 3 [pid 5018] getdents64(4, [pid 5017] close(4 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5019] newfstatat(3, "", [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5017] <... close resumed>) = 0 [pid 5015] umount2("./169/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6051] <... write resumed>) = 2097152 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] close(4 [pid 5017] rmdir("\x2e\x2f\x31\x36\x38\x2f\x2e\x02" [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6055] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5019] getdents64(3, [pid 5018] <... close resumed>) = 0 [pid 5017] <... rmdir resumed>) = 0 [pid 5015] newfstatat(AT_FDCWD, "./169/binderfs", [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5018] rmdir("\x2e\x2f\x31\x37\x32\x2f\x2e\x02" [pid 5017] getdents64(3, [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5019] umount2("./174/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... rmdir resumed>) = 0 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] unlink("./169/binderfs" [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] getdents64(3, [pid 5017] close(3 [pid 5015] <... unlink resumed>) = 0 [pid 5019] newfstatat(AT_FDCWD, "./174/binderfs", [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5017] <... close resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x36\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] close(3 [pid 5017] rmdir("./168" [pid 5015] <... umount2 resumed>) = 0 [pid 5019] unlink("./174/binderfs" [pid 5018] <... close resumed>) = 0 [pid 5017] <... rmdir resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x36\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5019] <... unlink resumed>) = 0 [pid 5018] rmdir("./172" [pid 5017] mkdir("./169", 0777 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] umount2("\x2e\x2f\x31\x37\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... rmdir resumed>) = 0 [pid 5017] <... mkdir resumed>) = 0 [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x39\x2f\x2e\x02", [pid 5018] mkdir("./173", 0777 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] <... mkdir resumed>) = 0 [pid 5017] <... openat resumed>) = 3 [pid 5015] umount2("\x2e\x2f\x31\x36\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5019] <... umount2 resumed>) = 0 [pid 5018] <... openat resumed>) = 3 [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5019] umount2("\x2e\x2f\x31\x37\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5017] close(3 [pid 5015] <... openat resumed>) = 4 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5017] <... close resumed>) = 0 [pid 5015] newfstatat(4, "", [pid 5019] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x37\x34\x2f\x2e\x02", [pid 5018] close(3 [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] <... close resumed>) = 0 [pid 5015] getdents64(4, [pid 5019] umount2("\x2e\x2f\x31\x37\x34\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 6056 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5019] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] getdents64(4, [pid 5019] openat(AT_FDCWD, "\x2e\x2f\x31\x37\x34\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 6057 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5019] <... openat resumed>) = 4 [pid 5015] close(4 [pid 5019] newfstatat(4, "", [pid 5015] <... close resumed>) = 0 [pid 5019] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] rmdir("\x2e\x2f\x31\x36\x39\x2f\x2e\x02"./strace-static-x86_64: Process 6057 attached [pid 6051] munmap(0x7f362c399000, 2097152 [pid 5019] getdents64(4, [pid 5015] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6056 attached [pid 6057] set_robust_list(0x555557506760, 24 [pid 6051] <... munmap resumed>) = 0 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5015] getdents64(3, [pid 6057] <... set_robust_list resumed>) = 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 6057] chdir("./173" [pid 5015] close(3 [pid 6057] <... chdir resumed>) = 0 [pid 5015] <... close resumed>) = 0 [pid 6057] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5015] rmdir("./169" [pid 6057] <... prctl resumed>) = 0 [pid 6056] set_robust_list(0x555557506760, 24 [pid 5019] getdents64(4, [pid 5015] <... rmdir resumed>) = 0 [pid 6057] setpgid(0, 0 [pid 6056] <... set_robust_list resumed>) = 0 [pid 5019] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5015] mkdir("./170", 0777 [pid 6057] <... setpgid resumed>) = 0 [pid 6056] chdir("./169" [pid 6051] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5019] close(4 [pid 5015] <... mkdir resumed>) = 0 [pid 6057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6056] <... chdir resumed>) = 0 [pid 6051] <... openat resumed>) = 6 [pid 5019] <... close resumed>) = 0 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6057] <... openat resumed>) = 3 [pid 6056] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6051] ioctl(6, LOOP_SET_FD, 5 [pid 5019] rmdir("\x2e\x2f\x31\x37\x34\x2f\x2e\x02" [pid 5015] <... openat resumed>) = 3 [pid 6057] write(3, "1000", 4 [pid 6056] <... prctl resumed>) = 0 [pid 6055] <... write resumed>) = 2097152 [pid 6051] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] <... rmdir resumed>) = 0 [pid 5015] ioctl(3, LOOP_CLR_FD [pid 6057] <... write resumed>) = 4 [pid 6056] setpgid(0, 0 [pid 6051] ioctl(6, LOOP_CLR_FD [pid 5019] getdents64(3, [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6057] close(3 [pid 6056] <... setpgid resumed>) = 0 [pid 6051] <... ioctl resumed>) = 0 [pid 5019] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] close(3 [pid 6057] <... close resumed>) = 0 [pid 6056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5019] close(3 [pid 5015] <... close resumed>) = 0 [pid 6057] symlink("/dev/binderfs", "./binderfs" [pid 6056] <... openat resumed>) = 3 [pid 5019] <... close resumed>) = 0 [pid 5015] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6057] <... symlink resumed>) = 0 [pid 6056] write(3, "1000", 4 [pid 5019] rmdir("./174" [pid 6057] memfd_create("syzkaller", 0 [pid 6056] <... write resumed>) = 4 [pid 6051] ioctl(6, LOOP_SET_FD, 5 [pid 5015] <... clone resumed>, child_tidptr=0x555557506750) = 6058 [pid 6057] <... memfd_create resumed>) = 3 [pid 6056] close(3 [pid 6051] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5019] <... rmdir resumed>) = 0 [pid 6057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6056] <... close resumed>) = 0 [pid 6051] close(6 [pid 5019] mkdir("./175", 0777 [pid 6057] <... mmap resumed>) = 0x7f3634699000 [pid 6056] symlink("/dev/binderfs", "./binderfs" [pid 6051] <... close resumed>) = 0 [pid 6057] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6056] <... symlink resumed>) = 0 [pid 6051] close(5 [pid 5019] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 6058 attached [pid 6057] <... write resumed>) = 1048576 [pid 6056] memfd_create("syzkaller", 0 [pid 5019] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6058] set_robust_list(0x555557506760, 24 [pid 6056] <... memfd_create resumed>) = 3 [pid 5019] <... openat resumed>) = 3 [pid 6058] <... set_robust_list resumed>) = 0 [pid 6056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6055] munmap(0x7f362c399000, 2097152 [pid 5019] ioctl(3, LOOP_CLR_FD [pid 6058] chdir("./170" [pid 6056] <... mmap resumed>) = 0x7f3634699000 [pid 5019] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6058] <... chdir resumed>) = 0 [pid 6058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6058] setpgid(0, 0) = 0 [pid 6051] <... close resumed>) = 0 [pid 6058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6055] <... munmap resumed>) = 0 [pid 6051] exit_group(0 [pid 5019] close(3 [pid 6058] <... openat resumed>) = 3 [pid 6051] <... exit_group resumed>) = ? [pid 5019] <... close resumed>) = 0 [pid 6058] write(3, "1000", 4 [pid 6056] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6051] +++ exited with 0 +++ [pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6058] <... write resumed>) = 4 [pid 6055] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6058] close(3 [pid 6055] <... openat resumed>) = 7 [pid 5014] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6051, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- [pid 6058] <... close resumed>) = 0 [pid 6055] ioctl(7, LOOP_SET_FD, 6 [pid 5019] <... clone resumed>, child_tidptr=0x555557506750) = 6059 [pid 6058] symlink("/dev/binderfs", "./binderfs" [pid 6055] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 6058] <... symlink resumed>) = 0 [pid 6055] ioctl(7, LOOP_CLR_FD [pid 6058] memfd_create("syzkaller", 0 [pid 6055] <... ioctl resumed>) = 0 [pid 6058] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 6059 attached [pid 6058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6057] munmap(0x7f3634699000, 1048576 [pid 6059] set_robust_list(0x555557506760, 24 [pid 6058] <... mmap resumed>) = 0x7f3634699000 [pid 5014] umount2("./165", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6059] <... set_robust_list resumed>) = 0 [pid 6058] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6057] <... munmap resumed>) = 0 [pid 6055] ioctl(7, LOOP_SET_FD, 6 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6059] chdir("./175" [pid 6057] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6055] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5014] openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6059] <... chdir resumed>) = 0 [pid 6057] <... openat resumed>) = 4 [pid 6055] close(7 [pid 6059] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6057] ioctl(4, LOOP_SET_FD, 3 [pid 6055] <... close resumed>) = 0 [pid 5014] <... openat resumed>) = 3 [pid 6059] <... prctl resumed>) = 0 [pid 6055] close(6 [pid 5014] newfstatat(3, "", [pid 6059] setpgid(0, 0 [pid 6056] <... write resumed>) = 1048576 [pid 6055] <... close resumed>) = 0 [pid 6059] <... setpgid resumed>) = 0 [pid 6056] munmap(0x7f3634699000, 1048576 [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5014] getdents64(3, [pid 6059] write(3, "1000", 4 [pid 6056] <... munmap resumed>) = 0 [pid 6059] <... write resumed>) = 4 [pid 6056] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5014] <... getdents64 resumed>0x5555575077f0 /* 5 entries */, 32768) = 128 [pid 6059] close(3 [pid 6058] <... write resumed>) = 1048576 [pid 6057] <... ioctl resumed>) = 0 [pid 6056] <... openat resumed>) = 4 [pid 6055] exit_group(0 [pid 5014] umount2("./165/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6058] munmap(0x7f3634699000, 1048576 [pid 6059] <... close resumed>) = 0 [pid 6059] symlink("/dev/binderfs", "./binderfs" [pid 6058] <... munmap resumed>) = 0 [pid 6057] close(3 [pid 6056] ioctl(4, LOOP_SET_FD, 3 [pid 6055] <... exit_group resumed>) = ? [pid 5014] <... umount2 resumed>) = 0 [pid 6058] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6059] <... symlink resumed>) = 0 [pid 6058] <... openat resumed>) = 4 [pid 6058] ioctl(4, LOOP_SET_FD, 3 [pid 6059] memfd_create("syzkaller", 0 [pid 6057] <... close resumed>) = 0 [pid 5014] umount2("./165/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6059] <... memfd_create resumed>) = 3 [pid 6057] mkdir("\x2e\x02", 0777 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 5014] newfstatat(AT_FDCWD, "./165/bus", [pid 6059] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6057] <... mkdir resumed>) = 0 [pid 6056] <... ioctl resumed>) = 0 [pid 6056] close(3 [pid 5014] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6057] mount("/dev/loop4", "\x2e\x02", "udf", 0, "" [pid 6056] <... close resumed>) = 0 [pid 5014] unlink("./165/bus" [pid 6056] mkdir("\x2e\x02", 0777) = 0 [pid 5014] <... unlink resumed>) = 0 [pid 6056] mount("/dev/loop3", "\x2e\x02", "udf", 0, "" [pid 5014] umount2("./165/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 190.435692][ T6057] loop4: detected capacity change from 0 to 2048 [ 190.469237][ T6056] loop3: detected capacity change from 0 to 2048 [ 190.470015][ T6058] loop1: detected capacity change from 0 to 2048 [pid 5014] newfstatat(AT_FDCWD, "./165/binderfs", [pid 6055] +++ exited with 0 +++ [pid 6058] <... ioctl resumed>) = 0 [pid 6059] <... write resumed>) = 1048576 [pid 6058] close(3 [pid 5016] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6055, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5014] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6058] <... close resumed>) = 0 [pid 5016] restart_syscall(<... resuming interrupted clone ...> [pid 5014] unlink("./165/binderfs" [pid 6058] mkdir("\x2e\x02", 0777 [pid 5016] <... restart_syscall resumed>) = 0 [pid 6058] <... mkdir resumed>) = 0 [pid 5014] <... unlink resumed>) = 0 [pid 6058] mount("/dev/loop1", "\x2e\x02", "udf", 0, "" [pid 5016] umount2("./168", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5014] umount2("\x2e\x2f\x31\x36\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(3, "", [pid 5014] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x35\x2f\x2e\x02", [pid 5016] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] getdents64(3, [pid 5014] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5014] umount2("\x2e\x2f\x31\x36\x35\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] umount2("./168/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5014] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(AT_FDCWD, "./168/binderfs", [pid 6059] munmap(0x7f3634699000, 1048576 [pid 5014] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x35\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] unlink("./168/binderfs" [pid 5014] <... openat resumed>) = 4 [pid 5016] <... unlink resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x36\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 190.504255][ T6057] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 190.512096][ T6056] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 190.528724][ T6058] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 190.540229][ T6057] UDF-fs: Scanning with blocksize 512 failed [ 190.541587][ T6056] UDF-fs: Scanning with blocksize 512 failed [pid 5014] getdents64(4, 0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5014] getdents64(4, 0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5014] close(4) = 0 [pid 5014] rmdir("\x2e\x2f\x31\x36\x35\x2f\x2e\x02") = 0 [pid 5014] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5014] close(3) = 0 [pid 5014] rmdir("./165") = 0 [pid 5014] mkdir("./166", 0777) = 0 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5014] ioctl(3, LOOP_CLR_FD [pid 6059] <... munmap resumed>) = 0 [pid 6059] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5014] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5014] close(3 [pid 6059] <... openat resumed>) = 4 [pid 6059] ioctl(4, LOOP_SET_FD, 3 [pid 5014] <... close resumed>) = 0 [ 190.553792][ T6058] UDF-fs: Scanning with blocksize 512 failed [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557506750) = 6060 [pid 5016] <... umount2 resumed>) = 0 [pid 5016] umount2("\x2e\x2f\x31\x36\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5016] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x38\x2f\x2e\x02", ./strace-static-x86_64: Process 6060 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5016] umount2("\x2e\x2f\x31\x36\x38\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5016] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x38\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5016] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5016] getdents64(4, [pid 6059] <... ioctl resumed>) = 0 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 6060] set_robust_list(0x555557506760, 24) = 0 [pid 6060] chdir("./166") = 0 [pid 6060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6060] setpgid(0, 0) = 0 [pid 6060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6060] write(3, "1000", 4) = 4 [pid 6060] close(3) = 0 [pid 6060] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6060] memfd_create("syzkaller", 0) = 3 [pid 6060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6056] <... mount resumed>) = 0 [pid 6056] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 6059] close(3 [pid 6056] <... openat resumed>) = 3 [pid 5016] getdents64(4, [pid 6056] chdir("\x2e\x02" [pid 6059] <... close resumed>) = 0 [pid 6056] <... chdir resumed>) = 0 [pid 5016] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 6059] mkdir("\x2e\x02", 0777 [pid 6057] <... mount resumed>) = 0 [pid 6056] ioctl(4, LOOP_CLR_FD) = 0 [pid 5016] close(4 [pid 6056] close(4 [pid 6060] <... mmap resumed>) = 0x7f3634699000 [pid 6059] <... mkdir resumed>) = 0 [pid 6058] <... mount resumed>) = 0 [pid 6057] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 5016] <... close resumed>) = 0 [pid 6060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6059] mount("/dev/loop5", "\x2e\x02", "udf", 0, "" [pid 6058] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 6057] <... openat resumed>) = 3 [pid 6056] <... close resumed>) = 0 [pid 5016] rmdir("\x2e\x2f\x31\x36\x38\x2f\x2e\x02" [pid 6058] <... openat resumed>) = 3 [pid 6057] chdir("\x2e\x02" [pid 5016] <... rmdir resumed>) = 0 [pid 6058] chdir("\x2e\x02" [pid 6057] <... chdir resumed>) = 0 [pid 5016] getdents64(3, [pid 6058] <... chdir resumed>) = 0 [pid 6057] ioctl(4, LOOP_CLR_FD [pid 5016] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 6058] ioctl(4, LOOP_CLR_FD [pid 6057] <... ioctl resumed>) = 0 [ 190.582385][ T6059] loop5: detected capacity change from 0 to 2048 [ 190.584015][ T6056] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 190.613391][ T6058] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 190.621090][ T6057] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5016] close(3 [pid 6058] <... ioctl resumed>) = 0 [pid 6057] close(4 [pid 5016] <... close resumed>) = 0 [pid 6058] close(4 [pid 6057] <... close resumed>) = 0 [pid 6056] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 5016] rmdir("./168" [pid 6058] <... close resumed>) = 0 [pid 6057] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6056] <... open resumed>) = 4 [pid 5016] <... rmdir resumed>) = 0 [pid 6058] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6057] <... open resumed>) = 4 [pid 6056] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5016] mkdir("./169", 0777 [pid 6058] <... open resumed>) = 4 [pid 6057] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5016] <... mkdir resumed>) = 0 [pid 6058] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6057] <... mount resumed>) = 0 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6058] <... mount resumed>) = 0 [pid 6057] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5016] <... openat resumed>) = 3 [pid 6058] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 6057] <... open resumed>) = 5 [pid 5016] ioctl(3, LOOP_CLR_FD [pid 6058] <... open resumed>) = 5 [pid 6057] openat(AT_FDCWD, NULL, O_RDWR [pid 5016] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6058] openat(AT_FDCWD, NULL, O_RDWR [pid 6057] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5016] close(3 [pid 6058] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6057] ftruncate(-1, 2 [pid 6056] <... mount resumed>) = 0 [pid 5016] <... close resumed>) = 0 [pid 6058] ftruncate(-1, 2 [pid 6057] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6056] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 5016] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6058] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6057] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 6056] <... open resumed>) = 5 [pid 6058] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 6057] <... mmap resumed>) = 0x20000000 [pid 6056] openat(AT_FDCWD, NULL, O_RDWR [pid 5016] <... clone resumed>, child_tidptr=0x555557506750) = 6061 [pid 6058] <... mmap resumed>) = 0x20000000 [pid 6057] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6056] <... openat resumed>) = -1 EFAULT (Bad address) [pid 6058] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6057] <... open resumed>) = -1 EFAULT (Bad address) [pid 6056] ftruncate(-1, 2 [pid 6058] <... open resumed>) = -1 EFAULT (Bad address) [pid 6057] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 6056] <... ftruncate resumed>) = -1 EBADF (Bad file descriptor) [pid 6058] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 6057] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 6056] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 6058] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 6057] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 6058] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 6057] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 6056] <... mmap resumed>) = 0x20000000 ./strace-static-x86_64: Process 6061 attached [pid 6058] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 6057] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 6056] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 6061] set_robust_list(0x555557506760, 24 [pid 6058] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 6057] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 6056] <... open resumed>) = -1 EFAULT (Bad address) [pid 6061] <... set_robust_list resumed>) = 0 [pid 6058] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 6057] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 6056] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000240} --- [pid 6061] chdir("./169" [pid 6058] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 6057] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 6056] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000540} --- [pid 6061] <... chdir resumed>) = 0 [pid 6058] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 6057] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 6061] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6058] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 6057] memfd_create("syzkaller", 0 [pid 6061] <... prctl resumed>) = 0 [pid 6058] memfd_create("syzkaller", 0 [pid 6057] <... memfd_create resumed>) = 6 [pid 6061] setpgid(0, 0 [pid 6058] <... memfd_create resumed>) = 6 [pid 6057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6061] <... setpgid resumed>) = 0 [pid 6058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6057] <... mmap resumed>) = 0x7f362c399000 [pid 6061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6058] <... mmap resumed>) = 0x7f362c399000 [pid 6057] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 6056] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec0} --- [pid 6061] <... openat resumed>) = 3 [pid 6058] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 6057] exit_group(0 [pid 6056] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ec1} --- [pid 6061] write(3, "1000", 4 [pid 6058] exit_group(0 [pid 6057] <... exit_group resumed>) = ? [pid 6056] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000ed5} --- [pid 6061] <... write resumed>) = 4 [pid 6058] <... exit_group resumed>) = ? [pid 6057] +++ exited with 0 +++ [pid 6056] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000eff} --- [pid 6061] close(3 [pid 6060] <... write resumed>) = 1048576 [pid 6058] +++ exited with 0 +++ [pid 6056] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f07} --- [pid 5018] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6057, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6061] <... close resumed>) = 0 [pid 6056] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f09} --- [pid 5018] restart_syscall(<... resuming interrupted clone ...> [pid 5015] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6058, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6061] symlink("/dev/binderfs", "./binderfs" [pid 6056] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c0} --- [pid 5018] <... restart_syscall resumed>) = 0 [pid 6061] <... symlink resumed>) = 0 [pid 6056] memfd_create("syzkaller", 0 [pid 6061] memfd_create("syzkaller", 0 [pid 6060] munmap(0x7f3634699000, 1048576 [pid 6056] <... memfd_create resumed>) = 6 [pid 6061] <... memfd_create resumed>) = 3 [pid 6056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3634699000 [pid 6056] <... mmap resumed>) = 0x7f362c399000 [pid 5018] umount2("./173", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6061] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6056] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200012c2} --- [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6060] <... munmap resumed>) = 0 [pid 6056] exit_group(0 [pid 5018] openat(AT_FDCWD, "./173", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6060] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6056] <... exit_group resumed>) = ? [pid 5018] <... openat resumed>) = 3 [pid 5015] umount2("./170", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6056] +++ exited with 0 +++ [pid 6060] <... openat resumed>) = 4 [pid 5018] newfstatat(3, "", [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6060] ioctl(4, LOOP_SET_FD, 3 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6056, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [ 190.671123][ T6059] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 190.698556][ T6059] UDF-fs: Scanning with blocksize 512 failed [pid 5015] openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6061] <... write resumed>) = 1048576 [pid 6061] munmap(0x7f3634699000, 1048576 [pid 5018] getdents64(3, [pid 5017] umount2("./169", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6060] <... ioctl resumed>) = 0 [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... openat resumed>) = 3 [pid 6060] close(3 [pid 5018] umount2("./173/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5015] newfstatat(3, "", [pid 6061] <... munmap resumed>) = 0 [pid 6060] <... close resumed>) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5017] <... openat resumed>) = 3 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6061] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6060] mkdir("\x2e\x02", 0777 [pid 5018] newfstatat(AT_FDCWD, "./173/binderfs", [pid 5017] newfstatat(3, "", [pid 5015] getdents64(3, [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5015] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 6060] <... mkdir resumed>) = 0 [pid 5017] getdents64(3, [pid 5015] umount2("./170/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6061] <... openat resumed>) = 4 [pid 6060] mount("/dev/loop0", "\x2e\x02", "udf", 0, "" [pid 5018] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 4 entries */, 32768) = 104 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6061] ioctl(4, LOOP_SET_FD, 3 [pid 5018] unlink("./173/binderfs" [pid 5017] umount2("./169/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] newfstatat(AT_FDCWD, "./170/binderfs", [pid 5018] <... unlink resumed>) = 0 [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5015] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] umount2("\x2e\x2f\x31\x37\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] newfstatat(AT_FDCWD, "./169/binderfs", [pid 5015] unlink("./170/binderfs" [pid 5017] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] unlink("./169/binderfs" [pid 5015] <... unlink resumed>) = 0 [pid 5017] <... unlink resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x37\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] umount2("\x2e\x2f\x31\x36\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6059] <... mount resumed>) = 0 [pid 6059] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY) = 3 [pid 6059] chdir("\x2e\x02") = 0 [pid 6059] ioctl(4, LOOP_CLR_FD) = 0 [pid 6059] close(4) = 0 [pid 6059] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 6059] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 6059] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [ 190.737712][ T6060] loop0: detected capacity change from 0 to 2048 [ 190.752568][ T6061] loop2: detected capacity change from 0 to 2048 [ 190.755865][ T6059] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 190.775297][ T6060] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [pid 6059] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 6059] ftruncate(-1, 2) = -1 EBADF (Bad file descriptor) [pid 6059] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 6061] <... ioctl resumed>) = 0 [pid 6061] close(3 [pid 5017] <... umount2 resumed>) = 0 [pid 5015] <... umount2 resumed>) = 0 [pid 6061] <... close resumed>) = 0 [pid 5015] umount2("\x2e\x2f\x31\x37\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] <... umount2 resumed>) = 0 [pid 6059] <... mmap resumed>) = 0x20000000 [pid 5018] umount2("\x2e\x2f\x31\x37\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5017] umount2("\x2e\x2f\x31\x36\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6061] mkdir("\x2e\x02", 0777 [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x37\x33\x2f\x2e\x02", [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6061] <... mkdir resumed>) = 0 [pid 6059] open(NULL, O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5017] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x36\x39\x2f\x2e\x02", [pid 5015] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x37\x30\x2f\x2e\x02", [pid 6061] mount("/dev/loop2", "\x2e\x02", "udf", 0, "" [pid 6059] <... open resumed>) = -1 EFAULT (Bad address) [pid 5018] umount2("\x2e\x2f\x31\x37\x33\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5018] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 190.783545][ T6060] UDF-fs: Scanning with blocksize 512 failed [pid 5017] umount2("\x2e\x2f\x31\x36\x39\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5015] umount2("\x2e\x2f\x31\x37\x30\x2f\x2e\x02", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5018] openat(AT_FDCWD, "\x2e\x2f\x31\x37\x33\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5017] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5018] <... openat resumed>) = 4 [pid 5017] openat(AT_FDCWD, "\x2e\x2f\x31\x36\x39\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] newfstatat(4, "", [pid 5017] <... openat resumed>) = 4 [pid 5018] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5017] newfstatat(4, "", [pid 5018] getdents64(4, [pid 5017] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6059] memfd_create("syzkaller", 0 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5017] getdents64(4, [pid 5015] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6059] <... memfd_create resumed>) = 6 [pid 5018] getdents64(4, [pid 5017] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 6059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5018] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5017] getdents64(4, [pid 6059] <... mmap resumed>) = 0x7f362c399000 [pid 5018] close(4 [pid 5017] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] <... close resumed>) = 0 [pid 5017] close(4 [pid 5015] openat(AT_FDCWD, "\x2e\x2f\x31\x37\x30\x2f\x2e\x02", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5018] rmdir("\x2e\x2f\x31\x37\x33\x2f\x2e\x02" [pid 5017] <... close resumed>) = 0 [pid 5015] <... openat resumed>) = 4 [pid 5018] <... rmdir resumed>) = 0 [pid 5017] rmdir("\x2e\x2f\x31\x36\x39\x2f\x2e\x02" [pid 5018] getdents64(3, [pid 5017] <... rmdir resumed>) = 0 [pid 5015] newfstatat(4, "", [pid 5018] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5017] getdents64(3, [pid 5018] close(3 [pid 5017] <... getdents64 resumed>0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5018] <... close resumed>) = 0 [pid 5017] close(3 [pid 5015] getdents64(4, [pid 5018] rmdir("./173" [pid 5017] <... close resumed>) = 0 [pid 5018] <... rmdir resumed>) = 0 [pid 5017] rmdir("./169" [pid 5018] mkdir("./174", 0777 [pid 5017] <... rmdir resumed>) = 0 [pid 5018] <... mkdir resumed>) = 0 [pid 5017] mkdir("./170", 0777 [pid 5018] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5017] <... mkdir resumed>) = 0 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 2 entries */, 32768) = 48 [pid 5018] <... openat resumed>) = 3 [pid 5017] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5015] getdents64(4, [pid 5018] ioctl(3, LOOP_CLR_FD [pid 5017] <... openat resumed>) = 3 [pid 5015] <... getdents64 resumed>0x55555750f830 /* 0 entries */, 32768) = 0 [pid 5018] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5017] ioctl(3, LOOP_CLR_FD [pid 5018] close(3 [pid 5017] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5015] close(4 [pid 5018] <... close resumed>) = 0 [pid 5017] close(3 [pid 5015] <... close resumed>) = 0 [pid 5018] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5017] <... close resumed>) = 0 [pid 5015] rmdir("\x2e\x2f\x31\x37\x30\x2f\x2e\x02" [pid 5017] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5018] <... clone resumed>, child_tidptr=0x555557506750) = 6062 [pid 5015] <... rmdir resumed>) = 0 [pid 5017] <... clone resumed>, child_tidptr=0x555557506750) = 6063 [pid 5015] getdents64(3, 0x5555575077f0 /* 0 entries */, 32768) = 0 [pid 5015] close(3./strace-static-x86_64: Process 6062 attached [ 190.822408][ T6061] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 190.831565][ T6060] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=1723911582, location=1723911582 [ 190.851652][ T6061] UDF-fs: Scanning with blocksize 512 failed ) = 0 ./strace-static-x86_64: Process 6063 attached [pid 6062] set_robust_list(0x555557506760, 24 [pid 6059] write(6, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5015] rmdir("./170" [pid 6063] set_robust_list(0x555557506760, 24 [pid 6062] <... set_robust_list resumed>) = 0 [pid 5015] <... rmdir resumed>) = 0 [pid 6062] chdir("./174") = 0 [pid 6062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6062] setpgid(0, 0) = 0 [pid 6062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6063] <... set_robust_list resumed>) = 0 [pid 6062] <... openat resumed>) = 3 [pid 5015] mkdir("./171", 0777 [pid 6062] write(3, "1000", 4) = 4 [pid 6062] close(3) = 0 [pid 6062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6063] chdir("./170" [pid 6062] memfd_create("syzkaller", 0 [pid 5015] <... mkdir resumed>) = 0 [pid 6061] <... mount resumed>) = 0 [pid 6063] <... chdir resumed>) = 0 [pid 6062] <... memfd_create resumed>) = 3 [pid 5015] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6063] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 190.893430][ T6060] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=2578527076, location=2578527076 [ 190.909423][ T6061] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 190.928165][ T6060] ================================================================================ [pid 6061] openat(AT_FDCWD, "\x2e\x02", O_RDONLY|O_DIRECTORY [pid 6062] <... mmap resumed>) = 0x7f3634699000 [pid 6063] <... prctl resumed>) = 0 [pid 6061] <... openat resumed>) = 3 [pid 5015] <... openat resumed>) = 3 [pid 6063] setpgid(0, 0 [pid 6061] chdir("\x2e\x02" [pid 6062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6063] <... setpgid resumed>) = 0 [pid 6061] <... chdir resumed>) = 0 [pid 5015] ioctl(3, LOOP_CLR_FD [pid 6062] <... write resumed>) = 1048576 [pid 6062] munmap(0x7f3634699000, 1048576) = 0 [ 190.939741][ T6060] UBSAN: array-index-out-of-bounds in fs/udf/super.c:1365:9 [ 190.948329][ T6060] index 4 is out of range for type '__le32[4]' (aka 'unsigned int[4]') [ 190.956979][ T6060] CPU: 0 PID: 6060 Comm: syz-executor319 Not tainted 6.5.0-rc6-syzkaller-00253-g9e6c269de404 #0 [ 190.967432][ T6060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 190.977519][ T6060] Call Trace: [ 190.980823][ T6060] [ 190.983860][ T6060] dump_stack_lvl+0x1e7/0x2d0 [ 190.988602][ T6060] ? nf_tcp_handle_invalid+0x650/0x650 [pid 6059] <... write resumed>) = 2097152 [pid 6062] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6062] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6062] close(3) = 0 [ 190.994091][ T6060] ? panic+0x770/0x770 [ 190.998191][ T6060] ? udf_read_tagged+0x4d3/0xe00 [ 191.002248][ T6062] loop4: detected capacity change from 0 to 2048 [ 191.003140][ T6060] __ubsan_handle_out_of_bounds+0x11c/0x150 [ 191.015393][ T6060] udf_process_sequence+0x300d/0x4e70 [ 191.020807][ T6060] ? udf_check_anchor_block+0x550/0x550 [ 191.026357][ T6060] ? crc_itu_t+0x24f/0x2a0 [ 191.030771][ T6060] ? udf_read_tagged+0x5c8/0xe00 [ 191.035734][ T6060] udf_check_anchor_block+0x2a6/0x550 [ 191.041136][ T6060] ? identify_vsd+0x330/0x330 [ 191.045831][ T6060] udf_load_vrs+0x5ca/0x1100 [ 191.050422][ T6060] ? vprintk_emit+0x10d/0x1f0 [ 191.055104][ T6060] ? udf_parse_options+0x14a0/0x14a0 [ 191.060382][ T6060] ? udf_get_last_session+0x121/0x2c0 [ 191.065754][ T6060] ? __raw_spin_lock_init+0x45/0x100 [ 191.071072][ T6060] udf_fill_super+0x95d/0x23a0 [ 191.075864][ T6060] ? udf_mount+0x40/0x40 [ 191.080121][ T6060] ? vscnprintf+0x80/0x80 [ 191.084461][ T6060] ? set_blocksize+0x1e2/0x390 [ 191.089241][ T6060] ? sb_set_blocksize+0x99/0x100 [ 191.094176][ T6060] mount_bdev+0x276/0x3b0 [ 191.098530][ T6060] ? udf_mount+0x40/0x40 [ 191.102785][ T6060] legacy_get_tree+0xef/0x190 [ 191.107573][ T6060] ? _udf_err+0x190/0x190 [ 191.112005][ T6060] vfs_get_tree+0x8c/0x270 [ 191.116452][ T6060] do_new_mount+0x28f/0xae0 [ 191.120982][ T6060] ? do_move_mount_old+0x170/0x170 [ 191.126104][ T6060] ? user_path_at_empty+0x12f/0x180 [ 191.131327][ T6060] __se_sys_mount+0x2d9/0x3c0 [ 191.136019][ T6060] ? __x64_sys_mount+0xc0/0xc0 [ 191.140798][ T6060] ? syscall_enter_from_user_mode+0x32/0x230 [ 191.146915][ T6060] ? __x64_sys_mount+0x20/0xc0 [ 191.151687][ T6060] do_syscall_64+0x41/0xc0 [ 191.156133][ T6060] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 191.162024][ T6060] RIP: 0033:0x7f363cae1c8a [ 191.166439][ T6060] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 191.186311][ T6060] RSP: 002b:00007ffe6eac67a8 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [pid 6062] mkdir("\x2e\x02", 0777 [pid 5015] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6061] ioctl(4, LOOP_CLR_FD [pid 6063] <... openat resumed>) = 3 [pid 6061] <... ioctl resumed>) = 0 [pid 6063] write(3, "1000", 4 [pid 6061] close(4 [pid 6059] munmap(0x7f362c399000, 2097152 [pid 6063] <... write resumed>) = 4 [pid 6061] <... close resumed>) = 0 [pid 6063] close(3 [pid 6061] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 6063] <... close resumed>) = 0 [ 191.194738][ T6060] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f363cae1c8a [ 191.202714][ T6060] RDX: 0000000020000100 RSI: 0000000020000340 RDI: 00007ffe6eac6800 [ 191.210677][ T6060] RBP: 00007ffe6eac6840 R08: 00007ffe6eac6840 R09: 0000000000000c35 [ 191.218644][ T6060] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000020000340 [ 191.226718][ T6060] R13: 0000000020000100 R14: 0000000000000c3b R15: 0000000020020500 [ 191.234719][ T6060] [ 191.252791][ T6060] ================================================================================ [ 191.254594][ T27] kauditd_printk_skb: 24 callbacks suppressed [ 191.254607][ T27] audit: type=1800 audit(1692541394.908:1028): pid=6061 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor319" name="bus" dev="loop2" ino=851 res=0 errno=0 [ 191.262250][ T6060] Kernel panic - not syncing: UBSAN: panic_on_warn set ... [ 191.262261][ T6060] CPU: 0 PID: 6060 Comm: syz-executor319 Not tainted 6.5.0-rc6-syzkaller-00253-g9e6c269de404 #0 [ 191.262279][ T6060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 191.262289][ T6060] Call Trace: [ 191.262295][ T6060] [ 191.262302][ T6060] dump_stack_lvl+0x1e7/0x2d0 [ 191.262327][ T6060] ? nf_tcp_handle_invalid+0x650/0x650 [ 191.262345][ T6060] ? panic+0x770/0x770 [ 191.262373][ T6060] ? vscnprintf+0x5d/0x80 [ 191.262396][ T6060] panic+0x30f/0x770 [ 191.262419][ T6060] ? check_panic_on_warn+0x21/0xa0 [ 191.262439][ T6060] ? __memcpy_flushcache+0x2b0/0x2b0 [ 191.262460][ T6060] ? dump_stack_lvl+0x253/0x2d0 [ 191.262485][ T6060] ? udf_read_tagged+0x4d3/0xe00 [ 191.262510][ T6060] check_panic_on_warn+0x82/0xa0 [ 191.262530][ T6060] __ubsan_handle_out_of_bounds+0x13c/0x150 [ 191.262557][ T6060] udf_process_sequence+0x300d/0x4e70 [ 191.262602][ T6060] ? udf_check_anchor_block+0x550/0x550 [ 191.262628][ T6060] ? crc_itu_t+0x24f/0x2a0 [ 191.262649][ T6060] ? udf_read_tagged+0x5c8/0xe00 [ 191.262685][ T6060] udf_check_anchor_block+0x2a6/0x550 [ 191.262714][ T6060] ? identify_vsd+0x330/0x330 [ 191.262742][ T6060] udf_load_vrs+0x5ca/0x1100 [ 191.262763][ T6060] ? vprintk_emit+0x10d/0x1f0 [ 191.262795][ T6060] ? udf_parse_options+0x14a0/0x14a0 [ 191.262820][ T6060] ? udf_get_last_session+0x121/0x2c0 [ 191.262842][ T6060] ? __raw_spin_lock_init+0x45/0x100 [ 191.262871][ T6060] udf_fill_super+0x95d/0x23a0 [ 191.262907][ T6060] ? udf_mount+0x40/0x40 [ 191.262935][ T6060] ? vscnprintf+0x80/0x80 [ 191.262957][ T6060] ? set_blocksize+0x1e2/0x390 [ 191.262978][ T6060] ? sb_set_blocksize+0x99/0x100 [ 191.262996][ T6060] mount_bdev+0x276/0x3b0 [ 191.263016][ T6060] ? udf_mount+0x40/0x40 [ 191.263036][ T6060] legacy_get_tree+0xef/0x190 [ 191.263058][ T6060] ? _udf_err+0x190/0x190 [ 191.263078][ T6060] vfs_get_tree+0x8c/0x270 [ 191.263099][ T6060] do_new_mount+0x28f/0xae0 [ 191.263122][ T6060] ? do_move_mount_old+0x170/0x170 [ 191.263145][ T6060] ? user_path_at_empty+0x12f/0x180 [ 191.263165][ T6060] __se_sys_mount+0x2d9/0x3c0 [ 191.263189][ T6060] ? __x64_sys_mount+0xc0/0xc0 [ 191.263208][ T6060] ? syscall_enter_from_user_mode+0x32/0x230 [ 191.263232][ T6060] ? __x64_sys_mount+0x20/0xc0 [ 191.263253][ T6060] do_syscall_64+0x41/0xc0 [ 191.263271][ T6060] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 191.263294][ T6060] RIP: 0033:0x7f363cae1c8a [ 191.263310][ T6060] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 07 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 191.263323][ T6060] RSP: 002b:00007ffe6eac67a8 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 191.263341][ T6060] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f363cae1c8a [ 191.263354][ T6060] RDX: 0000000020000100 RSI: 0000000020000340 RDI: 00007ffe6eac6800 [ 191.263365][ T6060] RBP: 00007ffe6eac6840 R08: 00007ffe6eac6840 R09: 0000000000000c35 [ 191.263376][ T6060] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000020000340 [ 191.263387][ T6060] R13: 0000000020000100 R14: 0000000000000c3b R15: 0000000020020500 [ 191.263412][ T6060] [ 191.268363][ T6060] Kernel Offset: disabled [ 191.601137][ T6060] Rebooting in 86400 seconds..