./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3517141476 <...> Warning: Permanently added '10.128.10.55' (ED25519) to the list of known hosts. execve("./syz-executor3517141476", ["./syz-executor3517141476"], 0x7ffef1445990 /* 10 vars */) = 0 brk(NULL) = 0x55557ac9c000 brk(0x55557ac9cd00) = 0x55557ac9cd00 arch_prctl(ARCH_SET_FS, 0x55557ac9c380) = 0 set_tid_address(0x55557ac9c650) = 282 set_robust_list(0x55557ac9c660, 24) = 0 rseq(0x55557ac9cca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3517141476", 4096) = 28 getrandom("\xb5\x46\xdc\xc0\x1b\xfa\x4f\x3f", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557ac9cd00 brk(0x55557acbdd00) = 0x55557acbdd00 brk(0x55557acbe000) = 0x55557acbe000 mprotect(0x7f59a059d000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557ac9c650) = 283 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557ac9c650) = 284 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557ac9c650) = 285 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557ac9c650) = 286 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557ac9c650) = 287 ./strace-static-x86_64: Process 287 attached [pid 287] set_robust_list(0x55557ac9c660, 24) = 0 [pid 287] mkdir("./syzkaller.VlTV3T", 0700) = 0 [pid 287] chmod("./syzkaller.VlTV3T", 0777) = 0 [pid 287] chdir("./syzkaller.VlTV3T") = 0 [pid 287] mkdir("./0", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557ac9c650) = 289 ./strace-static-x86_64: Process 289 attached ./strace-static-x86_64: Process 285 attached ./strace-static-x86_64: Process 284 attached ./strace-static-x86_64: Process 286 attached ./strace-static-x86_64: Process 283 attached [pid 286] set_robust_list(0x55557ac9c660, 24 [pid 285] set_robust_list(0x55557ac9c660, 24 [pid 284] set_robust_list(0x55557ac9c660, 24 [pid 283] set_robust_list(0x55557ac9c660, 24 [pid 289] set_robust_list(0x55557ac9c660, 24) = 0 [pid 289] chdir("./0") = 0 [pid 289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 289] setpgid(0, 0) = 0 [pid 289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 289] write(3, "1000", 4) = 4 [pid 289] close(3) = 0 [pid 289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 289] write(1, "executing program\n", 18executing program ) = 18 [pid 289] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 289] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 289] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 289] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 289] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 289] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 289] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 289] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 289] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 289] memfd_create("syzkaller", 0) = 5 [pid 289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f59980ea000 [pid 289] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 286] <... set_robust_list resumed>) = 0 [pid 285] <... set_robust_list resumed>) = 0 [pid 284] <... set_robust_list resumed>) = 0 [pid 283] <... set_robust_list resumed>) = 0 [pid 289] munmap(0x7f59980ea000, 138412032) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 6 [pid 289] ioctl(6, LOOP_SET_FD, 5 [pid 285] mkdir("./syzkaller.He8ys4", 0700 [pid 284] mkdir("./syzkaller.DRbR7P", 0700 [pid 283] mkdir("./syzkaller.ogtjHe", 0700) = 0 [pid 284] <... mkdir resumed>) = 0 [pid 285] <... mkdir resumed>) = 0 [pid 286] mkdir("./syzkaller.SKCIRZ", 0700 [pid 285] chmod("./syzkaller.He8ys4", 0777 [pid 284] chmod("./syzkaller.DRbR7P", 0777 [pid 283] chmod("./syzkaller.ogtjHe", 0777 [pid 286] <... mkdir resumed>) = 0 [pid 285] <... chmod resumed>) = 0 [pid 284] <... chmod resumed>) = 0 [pid 286] chmod("./syzkaller.SKCIRZ", 0777 [pid 283] <... chmod resumed>) = 0 [ 22.091283][ T24] audit: type=1400 audit(1748997646.200:64): avc: denied { execmem } for pid=282 comm="syz-executor351" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 22.111401][ T24] audit: type=1400 audit(1748997646.210:65): avc: denied { read write } for pid=287 comm="syz-executor351" name="loop4" dev="devtmpfs" ino=119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 289] <... ioctl resumed>) = 0 [pid 289] close(5) = 0 [pid 289] close(6) = 0 [pid 289] mkdir("./file0", 0777) = 0 [pid 289] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"... [pid 285] chdir("./syzkaller.He8ys4" [pid 284] chdir("./syzkaller.DRbR7P" [pid 285] <... chdir resumed>) = 0 [pid 283] chdir("./syzkaller.ogtjHe" [pid 286] <... chmod resumed>) = 0 [pid 285] mkdir("./0", 0777 [pid 284] <... chdir resumed>) = 0 [pid 283] <... chdir resumed>) = 0 [ 22.140388][ T24] audit: type=1400 audit(1748997646.210:66): avc: denied { open } for pid=287 comm="syz-executor351" path="/dev/loop4" dev="devtmpfs" ino=119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.166240][ T24] audit: type=1400 audit(1748997646.210:67): avc: denied { ioctl } for pid=287 comm="syz-executor351" path="/dev/loop4" dev="devtmpfs" ino=119 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 286] chdir("./syzkaller.SKCIRZ" [pid 285] <... mkdir resumed>) = 0 [pid 284] mkdir("./0", 0777 [pid 283] mkdir("./0", 0777 [pid 286] <... chdir resumed>) = 0 [pid 283] <... mkdir resumed>) = 0 [pid 286] mkdir("./0", 0777 [pid 284] <... mkdir resumed>) = 0 [pid 286] <... mkdir resumed>) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 284] <... openat resumed>) = 3 [pid 283] <... openat resumed>) = 3 [pid 286] ioctl(3, LOOP_CLR_FD [pid 285] <... openat resumed>) = 3 [pid 284] ioctl(3, LOOP_CLR_FD [pid 283] ioctl(3, LOOP_CLR_FD [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 285] ioctl(3, LOOP_CLR_FD [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 286] close(3 [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] close(3 [pid 283] close(3 [pid 286] <... close resumed>) = 0 [pid 285] close(3 [pid 284] <... close resumed>) = 0 [pid 283] <... close resumed>) = 0 [ 22.195115][ T24] audit: type=1400 audit(1748997646.230:68): avc: denied { read write } for pid=289 comm="syz-executor351" name="vhost-vsock" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 22.220277][ T24] audit: type=1400 audit(1748997646.230:69): avc: denied { open } for pid=289 comm="syz-executor351" path="/dev/vhost-vsock" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 285] <... close resumed>) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 296 attached ./strace-static-x86_64: Process 295 attached ./strace-static-x86_64: Process 294 attached [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] set_robust_list(0x55557ac9c660, 24 [pid 295] set_robust_list(0x55557ac9c660, 24 [pid 294] set_robust_list(0x55557ac9c660, 24 [pid 286] <... clone resumed>, child_tidptr=0x55557ac9c650) = 296 [pid 284] <... clone resumed>, child_tidptr=0x55557ac9c650) = 294 [pid 283] <... clone resumed>, child_tidptr=0x55557ac9c650) = 295 [ 22.246451][ T24] audit: type=1400 audit(1748997646.230:70): avc: denied { ioctl } for pid=289 comm="syz-executor351" path="/dev/vhost-vsock" dev="devtmpfs" ino=262 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 22.251446][ T289] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue ./strace-static-x86_64: Process 297 attached [pid 297] set_robust_list(0x55557ac9c660, 24) = 0 [pid 297] chdir("./0") = 0 [pid 297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 297] setpgid(0, 0) = 0 [pid 297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 297] write(3, "1000", 4) = 4 [pid 297] close(3) = 0 [pid 297] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 297] write(1, "executing program\n", 18) = 18 [pid 297] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 296] <... set_robust_list resumed>) = 0 [pid 295] <... set_robust_list resumed>) = 0 [pid 294] <... set_robust_list resumed>) = 0 [pid 285] <... clone resumed>, child_tidptr=0x55557ac9c650) = 297 [pid 296] chdir("./0" [pid 295] chdir("./0" [pid 294] chdir("./0" [pid 296] <... chdir resumed>) = 0 [pid 295] <... chdir resumed>) = 0 [pid 294] <... chdir resumed>) = 0 [pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 294] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 296] <... prctl resumed>) = 0 [pid 295] <... prctl resumed>) = 0 [pid 294] <... prctl resumed>) = 0 [pid 296] setpgid(0, 0 [pid 295] setpgid(0, 0 [pid 294] setpgid(0, 0 [pid 296] <... setpgid resumed>) = 0 [pid 295] <... setpgid resumed>) = 0 [pid 294] <... setpgid resumed>) = 0 [pid 296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 296] <... openat resumed>) = 3 [pid 295] <... openat resumed>) = 3 [pid 294] <... openat resumed>) = 3 [pid 296] write(3, "1000", 4 [pid 295] write(3, "1000", 4 [pid 294] write(3, "1000", 4 [pid 296] <... write resumed>) = 4 [pid 295] <... write resumed>) = 4 [pid 294] <... write resumed>) = 4 [pid 296] close(3 [pid 295] close(3 [pid 294] close(3 [pid 296] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 294] <... close resumed>) = 0 [pid 296] symlink("/dev/binderfs", "./binderfs" [pid 295] symlink("/dev/binderfs", "./binderfs" [pid 294] symlink("/dev/binderfs", "./binderfs"executing program executing program executing program [pid 296] <... symlink resumed>) = 0 [pid 295] <... symlink resumed>) = 0 [pid 294] <... symlink resumed>) = 0 [pid 296] write(1, "executing program\n", 18 [pid 295] write(1, "executing program\n", 18 [pid 294] write(1, "executing program\n", 18 [pid 296] <... write resumed>) = 18 [pid 295] <... write resumed>) = 18 [pid 294] <... write resumed>) = 18 [pid 296] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 295] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 294] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 296] <... openat resumed>) = 3 [pid 295] <... openat resumed>) = 3 [pid 294] <... openat resumed>) = 3 [pid 296] ioctl(3, VHOST_SET_OWNER [pid 295] ioctl(3, VHOST_SET_OWNER [pid 294] ioctl(3, VHOST_SET_OWNER [pid 297] <... openat resumed>) = 3 [pid 297] ioctl(3, VHOST_SET_OWNER [pid 295] <... ioctl resumed>, 0) = 0 [pid 295] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 295] ioctl(3, VHOST_SET_MEM_TABLE [pid 296] <... ioctl resumed>, 0) = 0 [pid 296] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 296] ioctl(3, VHOST_SET_MEM_TABLE [pid 294] <... ioctl resumed>, 0) = 0 [pid 294] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 294] ioctl(3, VHOST_SET_MEM_TABLE [pid 296] <... ioctl resumed>, 0x200000003380) = 0 [pid 296] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 296] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 296] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 296] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 296] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 296] memfd_create("syzkaller", 0) = 5 [pid 296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f59980ea000 [pid 296] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 295] <... ioctl resumed>, 0x200000003380) = 0 [pid 295] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 295] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 295] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 295] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 295] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 295] memfd_create("syzkaller", 0) = 5 [pid 295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f59980ea000 [pid 296] <... write resumed>) = 1048576 [pid 295] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 296] munmap(0x7f59980ea000, 138412032 [pid 295] <... write resumed>) = 1048576 [pid 295] munmap(0x7f59980ea000, 138412032) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 295] ioctl(6, LOOP_SET_FD, 5 [pid 296] <... munmap resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 295] <... ioctl resumed>) = 0 [pid 295] close(5) = 0 [pid 295] close(6) = 0 [pid 296] <... openat resumed>) = 6 [pid 296] ioctl(6, LOOP_SET_FD, 5 [pid 295] mkdir("./file0", 0777) = 0 [pid 295] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"... [pid 294] <... ioctl resumed>, 0x200000003380) = 0 [pid 294] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 294] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 294] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 294] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 294] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 294] memfd_create("syzkaller", 0 [pid 296] <... ioctl resumed>) = 0 [pid 294] <... memfd_create resumed>) = 5 [pid 294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f59980ea000 [pid 296] close(5 [pid 294] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 296] <... close resumed>) = 0 [pid 294] <... write resumed>) = 1048576 [pid 294] munmap(0x7f59980ea000, 138412032) = 0 [pid 294] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 6 [pid 296] close(6 [pid 294] ioctl(6, LOOP_SET_FD, 5 [pid 296] <... close resumed>) = 0 [ 22.273554][ T24] audit: type=1400 audit(1748997646.260:71): avc: denied { mounton } for pid=289 comm="syz-executor351" path="/root/syzkaller.VlTV3T/0/file0" dev="sda1" ino=2031 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 296] mkdir("./file0", 0777) = 0 [pid 294] <... ioctl resumed>) = 0 [pid 297] <... ioctl resumed>, 0) = 0 [pid 297] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 297] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 297] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 297] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 297] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 297] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 297] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 297] memfd_create("syzkaller", 0) = 5 [pid 297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f59980ea000 [pid 294] close(5) = 0 [pid 294] close(6 [pid 297] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 296] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"... [pid 289] <... mount resumed>) = 0 [pid 289] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 289] chdir("./file0") = 0 [ 22.342399][ T24] audit: type=1400 audit(1748997646.450:72): avc: denied { mount } for pid=289 comm="syz-executor351" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 289] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 294] <... close resumed>) = 0 [pid 294] mkdir("./file0", 0777) = 0 [pid 294] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"... [pid 297] <... write resumed>) = 1048576 [pid 297] munmap(0x7f59980ea000, 138412032) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 289] <... openat resumed>) = 6 [pid 289] ioctl(6, LOOP_CLR_FD) = 0 [pid 289] close(6) = 0 [ 22.387856][ T295] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 289] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 297] <... openat resumed>) = 6 [pid 297] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 297] close(5) = 0 [pid 297] close(6 [pid 289] <... openat resumed>) = 6 [pid 289] write(6, "#! ./file1\n", 11) = 11 [pid 289] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [ 22.441578][ T24] audit: type=1400 audit(1748997646.550:73): avc: denied { write } for pid=289 comm="syz-executor351" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 22.467849][ T289] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor351: bg 0: block 234: padding at end of block bitmap is not set [pid 289] socketpair(AF_UNIX, SOCK_STREAM, 0, [pid 297] <... close resumed>) = 0 [pid 297] mkdir("./file0", 0777) = 0 [pid 297] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"... [pid 295] <... mount resumed>) = 0 [pid 295] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 295] chdir("./file0") = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 289] <... socketpair resumed>0x200000000040) = -1 EFAULT (Bad address) [ 22.497463][ T294] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 289] exit_group(0) = ? [pid 295] <... openat resumed>) = 6 [pid 289] +++ exited with 0 +++ [pid 295] ioctl(6, LOOP_CLR_FD [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=289, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 295] <... ioctl resumed>) = 0 [pid 295] close(6) = 0 [pid 294] <... mount resumed>) = 0 [pid 295] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 294] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 287] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] <... openat resumed>) = 6 [pid 294] <... openat resumed>) = 5 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] write(6, "#! ./file1\n", 11 [pid 294] chdir("./file0" [pid 287] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... write resumed>) = 11 [pid 294] <... chdir resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 295] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 294] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 287] newfstatat(3, "", [pid 295] <... mmap resumed>) = 0x200000000000 [pid 294] <... openat resumed>) = 6 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] socketpair(AF_UNIX, SOCK_STREAM, 0, [ 22.547474][ T297] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 287] getdents64(3, 0x55557ac9d6f0 /* 4 entries */, 32768) = 112 [pid 287] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] <... mount resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x55557aca5730 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x55557aca5730 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./0/file0") = 0 [pid 287] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./0/binderfs") = 0 [pid 287] getdents64(3, 0x55557ac9d6f0 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./0" [pid 297] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 287] <... rmdir resumed>) = 0 [pid 297] <... openat resumed>) = 5 [pid 287] mkdir("./1", 0777 [pid 297] chdir("./file0" [pid 287] <... mkdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 297] <... chdir resumed>) = 0 [pid 294] ioctl(6, LOOP_CLR_FD [ 22.592278][ T295] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor351: bg 0: block 234: padding at end of block bitmap is not set [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 295] <... socketpair resumed>0x200000000040) = -1 EFAULT (Bad address) [pid 295] exit_group(0) = ? [pid 297] <... openat resumed>) = 6 [pid 294] <... ioctl resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 297] ioctl(6, LOOP_CLR_FD [pid 294] close(6 [pid 287] ioctl(3, LOOP_CLR_FD [pid 294] <... close resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... ioctl resumed>) = 0 [pid 294] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 287] close(3 [pid 297] close(6 [pid 294] <... openat resumed>) = 6 [pid 287] <... close resumed>) = 0 [pid 294] write(6, "#! ./file1\n", 11 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... close resumed>) = 0 [pid 294] <... write resumed>) = 11 [pid 297] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 294] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 287] <... clone resumed>, child_tidptr=0x55557ac9c650) = 317 [pid 294] <... mmap resumed>) = 0x200000000000 [ 22.655528][ T296] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 294] socketpair(AF_UNIX, SOCK_STREAM, 0, ./strace-static-x86_64: Process 317 attached [pid 297] <... openat resumed>) = 6 [pid 317] set_robust_list(0x55557ac9c660, 24 [pid 297] write(6, "#! ./file1\n", 11 [pid 317] <... set_robust_list resumed>) = 0 [pid 317] chdir("./1") = 0 [pid 297] <... write resumed>) = 11 [pid 317] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 317] <... prctl resumed>) = 0 [pid 297] <... mmap resumed>) = 0x200000000000 [pid 317] setpgid(0, 0 [pid 297] socketpair(AF_UNIX, SOCK_STREAM, 0, [pid 317] <... setpgid resumed>) = 0 [pid 317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 317] write(3, "1000", 4) = 4 [pid 317] close(3 [pid 295] +++ exited with 0 +++ [pid 317] <... close resumed>) = 0 [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=295, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 317] symlink("/dev/binderfs", "./binderfs" [pid 283] restart_syscall(<... resuming interrupted clone ...> [pid 317] <... symlink resumed>) = 0 [pid 317] write(1, "executing program\n", 18executing program ) = 18 [pid 317] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 317] ioctl(3, VHOST_SET_OWNER [pid 283] <... restart_syscall resumed>) = 0 [pid 297] <... socketpair resumed>0x200000000040) = -1 EFAULT (Bad address) [pid 283] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] exit_group(0 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... exit_group resumed>) = ? [pid 283] <... openat resumed>) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557ac9d6f0 /* 4 entries */, 32768) = 112 [pid 297] +++ exited with 0 +++ [pid 283] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=297, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 285] restart_syscall(<... resuming interrupted clone ...> [pid 296] <... mount resumed>) = 0 [pid 294] <... socketpair resumed>0x200000000040) = -1 EFAULT (Bad address) [pid 294] exit_group(0 [pid 296] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 294] <... exit_group resumed>) = ? [pid 296] <... openat resumed>) = 5 [pid 296] chdir("./file0" [pid 317] <... ioctl resumed>, 0) = 0 [pid 317] ioctl(3, VHOST_SET_VRING_ADDR [pid 296] <... chdir resumed>) = 0 [pid 317] <... ioctl resumed>, 0x200000000300) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 317] ioctl(3, VHOST_SET_MEM_TABLE [pid 285] <... restart_syscall resumed>) = 0 [pid 317] <... ioctl resumed>, 0x200000003380) = 0 [pid 317] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 285] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 317] ioctl(3, VHOST_SET_VRING_ERR [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 317] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 294] +++ exited with 0 +++ [pid 317] ioctl(3, VHOST_SET_VRING_ADDR [pid 285] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 317] <... ioctl resumed>, 0x200000000240) = 0 [pid 285] <... openat resumed>) = 3 [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=294, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 317] ioctl(3, VHOST_SET_VRING_KICK [pid 285] newfstatat(3, "", [pid 284] restart_syscall(<... resuming interrupted clone ...> [pid 317] <... ioctl resumed>, 0x200000000000) = 0 [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 317] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 285] getdents64(3, [pid 317] <... ioctl resumed>, 0x200000000140) = 0 [pid 285] <... getdents64 resumed>0x55557ac9d6f0 /* 4 entries */, 32768) = 112 [pid 317] memfd_create("syzkaller", 0 [pid 285] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 317] <... memfd_create resumed>) = 5 [pid 317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f59980ea000 [pid 317] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 284] <... restart_syscall resumed>) = 0 [pid 284] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557ac9d6f0 /* 4 entries */, 32768) = 112 [pid 284] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 317] <... write resumed>) = 1048576 [pid 317] munmap(0x7f59980ea000, 138412032) = 0 [ 22.693759][ T294] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor351: bg 0: block 234: padding at end of block bitmap is not set [ 22.716662][ T297] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor351: bg 0: block 234: padding at end of block bitmap is not set [pid 317] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 296] <... openat resumed>) = 6 [pid 283] <... umount2 resumed>) = 0 [pid 296] ioctl(6, LOOP_CLR_FD [pid 283] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, 0x55557aca5730 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, 0x55557aca5730 /* 0 entries */, 32768) = 0 [pid 283] close(4) = 0 [pid 283] rmdir("./0/file0") = 0 [pid 283] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] unlink("./0/binderfs") = 0 [pid 283] getdents64(3, 0x55557ac9d6f0 /* 0 entries */, 32768) = 0 [pid 283] close(3) = 0 [pid 283] rmdir("./0") = 0 [pid 283] mkdir("./1", 0777) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 317] <... openat resumed>) = 6 [pid 296] <... ioctl resumed>) = 0 [pid 283] <... openat resumed>) = 3 [pid 317] ioctl(6, LOOP_SET_FD, 5 [pid 296] close(6 [pid 285] <... umount2 resumed>) = 0 [pid 283] ioctl(3, LOOP_CLR_FD [pid 296] <... close resumed>) = 0 [pid 285] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... openat resumed>) = 6 [pid 285] newfstatat(AT_FDCWD, "./0/file0", [pid 283] close(3 [pid 296] write(6, "#! ./file1\n", 11 [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... write resumed>) = 11 [pid 285] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... mmap resumed>) = 0x200000000000 [pid 285] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] socketpair(AF_UNIX, SOCK_STREAM, 0, [pid 285] <... openat resumed>) = 4 [pid 317] <... ioctl resumed>) = 0 [pid 284] <... umount2 resumed>) = 0 [pid 317] close(5) = 0 [pid 317] close(6) = 0 [pid 317] mkdir("./file0", 0777) = 0 [pid 317] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"... [pid 285] newfstatat(4, "", [pid 283] <... close resumed>) = 0 [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 285] getdents64(4, 0x55557aca5730 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, [pid 283] <... clone resumed>, child_tidptr=0x55557ac9c650) = 320 [pid 285] <... getdents64 resumed>0x55557aca5730 /* 0 entries */, 32768) = 0 [pid 285] close(4) = 0 [pid 285] rmdir("./0/file0") = 0 [pid 285] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./0/binderfs", [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] unlink("./0/binderfs" [pid 284] newfstatat(AT_FDCWD, "./0/file0", [pid 285] <... unlink resumed>) = 0 [pid 285] getdents64(3, [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] <... getdents64 resumed>0x55557ac9d6f0 /* 0 entries */, 32768) = 0 [pid 285] close(3 [pid 284] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... close resumed>) = 0 [pid 285] rmdir("./0" [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] <... rmdir resumed>) = 0 [pid 284] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 285] mkdir("./1", 0777) = 0 [pid 284] <... openat resumed>) = 4 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 284] newfstatat(4, "", [pid 285] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] close(3) = 0 [pid 284] getdents64(4, [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 284] <... getdents64 resumed>0x55557aca5730 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, [pid 285] <... clone resumed>, child_tidptr=0x55557ac9c650) = 321 [pid 284] <... getdents64 resumed>0x55557aca5730 /* 0 entries */, 32768) = 0 [pid 284] close(4) = 0 [pid 284] rmdir("./0/file0") = 0 [pid 284] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] unlink("./0/binderfs") = 0 [pid 284] getdents64(3, 0x55557ac9d6f0 /* 0 entries */, 32768) = 0 [pid 284] close(3) = 0 [pid 284] rmdir("./0") = 0 [pid 284] mkdir("./1", 0777) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 284] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 284] close(3) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 322 attached , child_tidptr=0x55557ac9c650) = 322 [pid 322] set_robust_list(0x55557ac9c660, 24) = 0 [pid 322] chdir("./1") = 0 [pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 322] setpgid(0, 0) = 0 [pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 322] write(3, "1000", 4) = 4 [pid 322] close(3) = 0 [pid 322] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 322] write(1, "executing program\n", 18) = 18 [pid 322] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 322] ioctl(3, VHOST_SET_OWNER [pid 296] <... socketpair resumed>0x200000000040) = -1 EFAULT (Bad address) [pid 296] exit_group(0) = ? [pid 296] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=296, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 286] restart_syscall(<... resuming interrupted clone ...> [pid 322] <... ioctl resumed>, 0) = 0 [pid 322] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 322] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 322] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 322] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 322] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 322] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 322] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 286] <... restart_syscall resumed>) = 0 [pid 322] memfd_create("syzkaller", 0) = 5 [pid 322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 286] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 322] <... mmap resumed>) = 0x7f59980ea000 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 322] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 286] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557ac9d6f0 /* 4 entries */, 32768) = 112 [ 22.892288][ T298] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm vhost-296: bg 0: block 234: padding at end of block bitmap is not set [pid 286] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 320 attached ./strace-static-x86_64: Process 321 attached [pid 321] set_robust_list(0x55557ac9c660, 24 [pid 320] set_robust_list(0x55557ac9c660, 24) = 0 [pid 320] chdir("./1" [pid 321] <... set_robust_list resumed>) = 0 [pid 321] chdir("./1" [pid 320] <... chdir resumed>) = 0 [pid 321] <... chdir resumed>) = 0 [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 321] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 320] setpgid(0, 0 [pid 321] <... prctl resumed>) = 0 [pid 321] setpgid(0, 0 [pid 320] <... setpgid resumed>) = 0 [pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 321] <... setpgid resumed>) = 0 [pid 321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 320] <... openat resumed>) = 3 [pid 321] <... openat resumed>) = 3 [pid 320] write(3, "1000", 4 [pid 321] write(3, "1000", 4 [pid 320] <... write resumed>) = 4 [pid 321] <... write resumed>) = 4 [pid 321] close(3) = 0 [pid 320] close(3) = 0 [pid 321] symlink("/dev/binderfs", "./binderfs") = 0 [pid 320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 320] write(1, "executing program\n", 18executing program executing program ) = 18 [pid 321] write(1, "executing program\n", 18 [pid 320] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 321] <... write resumed>) = 18 [pid 321] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR [pid 320] <... openat resumed>) = 3 [pid 321] <... openat resumed>) = 3 [pid 321] ioctl(3, VHOST_SET_OWNER [pid 320] ioctl(3, VHOST_SET_OWNER [pid 322] <... write resumed>) = 1048576 [pid 322] munmap(0x7f59980ea000, 138412032) = 0 [pid 322] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 320] <... ioctl resumed>, 0) = 0 [pid 320] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 321] <... ioctl resumed>, 0) = 0 [pid 320] ioctl(3, VHOST_SET_MEM_TABLE [pid 321] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 320] <... ioctl resumed>, 0x200000003380) = 0 [pid 321] ioctl(3, VHOST_SET_MEM_TABLE [pid 320] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 320] ioctl(3, VHOST_SET_VRING_ERR [pid 321] <... ioctl resumed>, 0x200000003380) = 0 [pid 320] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 321] eventfd2(118, EFD_SEMAPHORE [pid 320] ioctl(3, VHOST_SET_VRING_ADDR [pid 321] <... eventfd2 resumed>) = 4 [pid 320] <... ioctl resumed>, 0x200000000240) = 0 [pid 321] ioctl(3, VHOST_SET_VRING_ERR [pid 320] ioctl(3, VHOST_SET_VRING_KICK [pid 321] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 320] <... ioctl resumed>, 0x200000000000) = 0 [pid 321] ioctl(3, VHOST_SET_VRING_ADDR [pid 320] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 321] <... ioctl resumed>, 0x200000000240) = 0 [pid 320] <... ioctl resumed>, 0x200000000140) = 0 [pid 321] ioctl(3, VHOST_SET_VRING_KICK [pid 320] memfd_create("syzkaller", 0 [pid 321] <... ioctl resumed>, 0x200000000000) = 0 [pid 320] <... memfd_create resumed>) = 5 [pid 321] ioctl(3, VHOST_VSOCK_SET_RUNNING [pid 320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 321] <... ioctl resumed>, 0x200000000140) = 0 [pid 320] <... mmap resumed>) = 0x7f59980ea000 [pid 321] memfd_create("syzkaller", 0) = 5 [pid 321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f59980ea000 [pid 321] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 320] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [ 22.947334][ T317] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 320] munmap(0x7f59980ea000, 138412032 [pid 322] <... openat resumed>) = 6 [pid 321] <... write resumed>) = 1048576 [pid 286] <... umount2 resumed>) = 0 [pid 322] ioctl(6, LOOP_SET_FD, 5 [pid 286] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 321] munmap(0x7f59980ea000, 138412032 [pid 320] <... munmap resumed>) = 0 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./0/file0", [pid 321] <... munmap resumed>) = 0 [pid 320] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 321] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55557aca5730 /* 2 entries */, 32768) = 48 [pid 286] getdents64(4, 0x55557aca5730 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 286] rmdir("./0/file0") = 0 [pid 286] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./0/binderfs") = 0 [pid 286] getdents64(3, 0x55557ac9d6f0 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 286] rmdir("./0") = 0 [pid 286] mkdir("./1", 0777) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 317] <... mount resumed>) = 0 [pid 317] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 322] <... ioctl resumed>) = 0 [pid 321] <... openat resumed>) = 6 [pid 320] <... openat resumed>) = 6 [pid 317] <... openat resumed>) = 5 [pid 286] <... openat resumed>) = 3 [pid 322] close(5 [pid 317] chdir("./file0" [pid 322] <... close resumed>) = 0 [pid 322] close(6 [pid 317] <... chdir resumed>) = 0 [pid 322] <... close resumed>) = 0 [pid 317] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 322] mkdir("./file0", 0777 [pid 317] <... openat resumed>) = 6 [pid 322] <... mkdir resumed>) = 0 [pid 321] ioctl(6, LOOP_SET_FD, 5 [pid 320] ioctl(6, LOOP_SET_FD, 5 [pid 317] ioctl(6, LOOP_CLR_FD [pid 286] ioctl(3, LOOP_CLR_FD [pid 322] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"... [pid 317] <... ioctl resumed>) = 0 [pid 317] close(6 [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 286] close(3 [pid 320] <... ioctl resumed>) = 0 [pid 320] close(5) = 0 [pid 320] close(6 [pid 321] <... ioctl resumed>) = 0 [pid 321] close(5 [pid 317] <... close resumed>) = 0 [pid 321] <... close resumed>) = 0 [pid 317] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 286] <... close resumed>) = 0 [pid 321] close(6 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 317] <... openat resumed>) = 6 [pid 317] write(6, "#! ./file1\n", 11) = 11 [pid 286] <... clone resumed>, child_tidptr=0x55557ac9c650) = 333 [pid 317] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 317] socketpair(AF_UNIX, SOCK_STREAM, 0, ./strace-static-x86_64: Process 333 attached [pid 333] set_robust_list(0x55557ac9c660, 24) = 0 [pid 333] chdir("./1") = 0 [pid 333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 333] setpgid(0, 0) = 0 [pid 333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 333] write(3, "1000", 4) = 4 [pid 333] close(3) = 0 [pid 333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 333] write(1, "executing program\n", 18executing program ) = 18 [pid 333] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 333] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 333] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 333] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 333] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 333] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 333] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 333] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 333] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 333] memfd_create("syzkaller", 0) = 5 [pid 333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f59980ea000 [pid 333] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 320] <... close resumed>) = 0 [pid 320] mkdir("./file0", 0777) = 0 [pid 320] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"... [pid 322] <... mount resumed>) = 0 [pid 322] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 322] chdir("./file0") = 0 [pid 322] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 333] <... write resumed>) = 1048576 [ 23.070853][ T317] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor351: bg 0: block 234: padding at end of block bitmap is not set [ 23.096911][ T322] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 322] <... openat resumed>) = 6 [pid 321] <... close resumed>) = 0 [pid 317] <... socketpair resumed>0x200000000040) = -1 EFAULT (Bad address) [pid 322] ioctl(6, LOOP_CLR_FD [pid 321] mkdir("./file0", 0777 [pid 322] <... ioctl resumed>) = 0 [pid 333] munmap(0x7f59980ea000, 138412032 [pid 322] close(6 [pid 321] <... mkdir resumed>) = 0 [pid 317] exit_group(0 [pid 333] <... munmap resumed>) = 0 [pid 322] <... close resumed>) = 0 [pid 321] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"... [pid 317] <... exit_group resumed>) = ? [pid 333] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 322] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 333] <... openat resumed>) = 6 [pid 322] <... openat resumed>) = 6 [pid 333] ioctl(6, LOOP_SET_FD, 5 [pid 322] write(6, "#! ./file1\n", 11) = 11 [pid 322] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 322] socketpair(AF_UNIX, SOCK_STREAM, 0, [pid 317] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=317, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557ac9d6f0 /* 4 entries */, 32768) = 112 [pid 287] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 333] <... ioctl resumed>) = 0 [ 23.177491][ T322] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor351: bg 0: block 234: padding at end of block bitmap is not set [pid 333] close(5) = 0 [pid 333] close(6) = 0 [pid 333] mkdir("./file0", 0777) = 0 [pid 333] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"... [pid 322] <... socketpair resumed>0x200000000040) = -1 EFAULT (Bad address) [ 23.209174][ T321] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [ 23.247625][ T320] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 322] exit_group(0) = ? [pid 321] <... mount resumed>) = 0 [pid 320] <... mount resumed>) = 0 [pid 321] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 320] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 321] <... openat resumed>) = 5 [pid 321] chdir("./file0" [pid 320] <... openat resumed>) = 5 [pid 321] <... chdir resumed>) = 0 [pid 320] chdir("./file0" [pid 321] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 320] <... chdir resumed>) = 0 [pid 320] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 322] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=322, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 284] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 284] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557ac9d6f0 /* 4 entries */, 32768) = 112 [pid 284] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = 0 [pid 321] <... openat resumed>) = 6 [pid 321] ioctl(6, LOOP_CLR_FD [pid 320] <... openat resumed>) = 6 [pid 320] ioctl(6, LOOP_CLR_FD [pid 287] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x55557aca5730 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x55557aca5730 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./1/file0") = 0 [pid 287] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./1/binderfs") = 0 [pid 287] getdents64(3, 0x55557ac9d6f0 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./1") = 0 [pid 287] mkdir("./2", 0777) = 0 [ 23.287153][ T333] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 333] <... mount resumed>) = 0 [pid 333] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 333] chdir("./file0") = 0 [pid 333] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 284] <... umount2 resumed>) = 0 [pid 321] <... ioctl resumed>) = 0 [pid 320] <... ioctl resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 333] <... openat resumed>) = 6 [pid 321] close(6 [pid 333] ioctl(6, LOOP_CLR_FD [pid 320] close(6 [pid 287] ioctl(3, LOOP_CLR_FD [pid 321] <... close resumed>) = 0 [pid 320] <... close resumed>) = 0 [pid 333] <... ioctl resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 320] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 333] close(6 [pid 321] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 287] close(3 [pid 284] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 333] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 333] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 321] <... openat resumed>) = 6 [pid 333] <... openat resumed>) = 6 [pid 320] <... openat resumed>) = 6 [pid 321] write(6, "#! ./file1\n", 11 [pid 287] <... clone resumed>, child_tidptr=0x55557ac9c650) = 342 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 333] write(6, "#! ./file1\n", 11 [pid 320] write(6, "#! ./file1\n", 11 [pid 333] <... write resumed>) = 11 [pid 321] <... write resumed>) = 11 [pid 333] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 321] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 320] <... write resumed>) = 11 [pid 284] newfstatat(AT_FDCWD, "./1/file0", [pid 333] <... mmap resumed>) = 0x200000000000 [pid 320] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0 [pid 321] <... mmap resumed>) = 0x200000000000 [pid 320] <... mmap resumed>) = 0x200000000000 [pid 333] socketpair(AF_UNIX, SOCK_STREAM, 0, [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 342 attached [pid 321] socketpair(AF_UNIX, SOCK_STREAM, 0, [pid 320] socketpair(AF_UNIX, SOCK_STREAM, 0, [pid 284] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 284] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(4, 0x55557aca5730 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, 0x55557aca5730 /* 0 entries */, 32768) = 0 [pid 284] close(4) = 0 [pid 284] rmdir("./1/file0") = 0 [pid 284] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] unlink("./1/binderfs") = 0 [pid 284] getdents64(3, 0x55557ac9d6f0 /* 0 entries */, 32768) = 0 [pid 284] close(3) = 0 [pid 284] rmdir("./1") = 0 [pid 284] mkdir("./2", 0777 [pid 342] set_robust_list(0x55557ac9c660, 24 [pid 321] <... socketpair resumed>0x200000000040) = -1 EFAULT (Bad address) [pid 320] <... socketpair resumed>0x200000000040) = -1 EFAULT (Bad address) [pid 342] <... set_robust_list resumed>) = 0 [pid 342] chdir("./2" [pid 321] exit_group(0 [pid 320] exit_group(0 [pid 342] <... chdir resumed>) = 0 [pid 321] <... exit_group resumed>) = ? [pid 342] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 320] <... exit_group resumed>) = ? [pid 342] <... prctl resumed>) = 0 [pid 342] setpgid(0, 0) = 0 [pid 342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 284] <... mkdir resumed>) = 0 [pid 342] write(3, "1000", 4) = 4 [pid 342] close(3) = 0 [pid 342] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 342] write(1, "executing program\n", 18) = 18 [pid 342] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 342] ioctl(3, VHOST_SET_OWNER [pid 333] <... socketpair resumed>0x200000000040) = -1 EFAULT (Bad address) [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 284] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 333] exit_group(0 [pid 284] close(3) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 333] <... exit_group resumed>) = ? [pid 284] <... clone resumed>, child_tidptr=0x55557ac9c650) = 344 [pid 342] <... ioctl resumed>, 0) = 0 [pid 342] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 342] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 342] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 342] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 342] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 342] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 342] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 342] memfd_create("syzkaller", 0) = 5 [pid 333] +++ exited with 0 +++ [pid 342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=333, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 342] <... mmap resumed>) = 0x7f59980ea000 [pid 286] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 344 attached ) = 0 [pid 286] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557ac9d6f0 /* 4 entries */, 32768) = 112 [pid 286] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 344] set_robust_list(0x55557ac9c660, 24) = 0 [pid 344] chdir("./2") = 0 [pid 344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 344] setpgid(0, 0) = 0 [pid 344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 344] write(3, "1000", 4) = 4 [pid 344] close(3) = 0 [ 23.381580][ T333] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor351: bg 0: block 234: padding at end of block bitmap is not set [ 23.381786][ T327] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm vhost-320: bg 0: block 234: padding at end of block bitmap is not set [ 23.396731][ T321] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor351: bg 0: block 234: padding at end of block bitmap is not set [pid 344] symlink("/dev/binderfs", "./binderfs" [pid 342] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 344] <... symlink resumed>) = 0 executing program [pid 344] write(1, "executing program\n", 18) = 18 [pid 344] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 344] ioctl(3, VHOST_SET_OWNER [pid 342] <... write resumed>) = 1048576 [pid 321] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=321, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 285] restart_syscall(<... resuming interrupted clone ...> [pid 342] munmap(0x7f59980ea000, 138412032) = 0 [pid 342] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 285] <... restart_syscall resumed>) = 0 [pid 285] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557ac9d6f0 /* 4 entries */, 32768) = 112 [pid 285] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 344] <... ioctl resumed>, 0) = 0 [pid 344] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 344] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 344] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 344] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 344] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 344] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 344] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 344] memfd_create("syzkaller", 0) = 5 [pid 344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f59980ea000 [pid 320] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=320, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 283] restart_syscall(<... resuming interrupted clone ...> [pid 344] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 283] <... restart_syscall resumed>) = 0 [pid 283] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557ac9d6f0 /* 4 entries */, 32768) = 112 [pid 283] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 344] <... write resumed>) = 1048576 [pid 286] <... umount2 resumed>) = 0 [pid 342] <... openat resumed>) = 6 [pid 342] ioctl(6, LOOP_SET_FD, 5 [pid 286] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55557aca5730 /* 2 entries */, 32768) = 48 [pid 286] getdents64(4, 0x55557aca5730 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 286] rmdir("./1/file0") = 0 [pid 286] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./1/binderfs") = 0 [pid 286] getdents64(3, 0x55557ac9d6f0 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 286] rmdir("./1") = 0 [pid 286] mkdir("./2", 0777) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 344] munmap(0x7f59980ea000, 138412032) = 0 [pid 344] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 342] <... ioctl resumed>) = 0 [pid 285] <... umount2 resumed>) = 0 [pid 344] <... openat resumed>) = 6 [pid 286] <... openat resumed>) = 3 [pid 283] <... umount2 resumed>) = 0 [pid 344] ioctl(6, LOOP_SET_FD, 5 [pid 342] close(5 [pid 286] ioctl(3, LOOP_CLR_FD [pid 342] <... close resumed>) = 0 [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 342] close(6 [pid 286] close(3 [pid 285] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 344] <... ioctl resumed>) = 0 [pid 342] <... close resumed>) = 0 [pid 286] <... close resumed>) = 0 [pid 344] close(5 [pid 342] mkdir("./file0", 0777 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 344] <... close resumed>) = 0 [pid 342] <... mkdir resumed>) = 0 [pid 344] close(6 [pid 342] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"... [pid 286] <... clone resumed>, child_tidptr=0x55557ac9c650) = 348 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./1/file0", [pid 283] newfstatat(AT_FDCWD, "./1/file0", ./strace-static-x86_64: Process 348 attached [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 348] set_robust_list(0x55557ac9c660, 24 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 348] <... set_robust_list resumed>) = 0 [pid 285] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 348] chdir("./2" [pid 283] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 348] <... chdir resumed>) = 0 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 285] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 283] <... openat resumed>) = 4 [pid 285] <... openat resumed>) = 4 [pid 285] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, [pid 283] getdents64(4, [pid 285] <... getdents64 resumed>0x55557aca5730 /* 2 entries */, 32768) = 48 [pid 283] <... getdents64 resumed>0x55557aca5730 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, 0x55557aca5730 /* 0 entries */, 32768) = 0 [pid 285] getdents64(4, [pid 283] close(4 [pid 285] <... getdents64 resumed>0x55557aca5730 /* 0 entries */, 32768) = 0 [pid 285] close(4 [pid 283] <... close resumed>) = 0 [pid 285] <... close resumed>) = 0 [pid 283] rmdir("./1/file0" [pid 285] rmdir("./1/file0") = 0 [pid 283] <... rmdir resumed>) = 0 [pid 285] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./1/binderfs", [pid 283] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] unlink("./1/binderfs" [pid 283] newfstatat(AT_FDCWD, "./1/binderfs", [pid 285] <... unlink resumed>) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] getdents64(3, [pid 283] unlink("./1/binderfs" [pid 285] <... getdents64 resumed>0x55557ac9d6f0 /* 0 entries */, 32768) = 0 [pid 283] <... unlink resumed>) = 0 [pid 285] close(3 [pid 283] getdents64(3, [pid 285] <... close resumed>) = 0 [pid 283] <... getdents64 resumed>0x55557ac9d6f0 /* 0 entries */, 32768) = 0 [pid 285] rmdir("./1" [pid 283] close(3 [pid 285] <... rmdir resumed>) = 0 [pid 283] <... close resumed>) = 0 [pid 285] mkdir("./2", 0777 [pid 283] rmdir("./1" [pid 285] <... mkdir resumed>) = 0 [pid 283] <... rmdir resumed>) = 0 [pid 283] mkdir("./2", 0777 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 283] <... mkdir resumed>) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 348] setpgid(0, 0) = 0 [pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 348] write(3, "1000", 4) = 4 [pid 348] close(3) = 0 [pid 348] symlink("/dev/binderfs", "./binderfs") = 0 [pid 348] write(1, "executing program\n", 18executing program ) = 18 [pid 348] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 348] ioctl(3, VHOST_SET_OWNER [pid 344] <... close resumed>) = 0 [pid 344] mkdir("./file0", 0777) = 0 [pid 348] <... ioctl resumed>, 0) = 0 [pid 348] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 348] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 348] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 348] ioctl(3, VHOST_SET_VRING_ERR [pid 344] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"... [pid 348] <... ioctl resumed>, 0x2000000001c0) = 0 [pid 348] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 348] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 348] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 348] memfd_create("syzkaller", 0) = 5 [pid 348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f59980ea000 [pid 348] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 348] munmap(0x7f59980ea000, 138412032) = 0 [pid 348] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 285] <... openat resumed>) = 3 [pid 283] <... openat resumed>) = 3 [pid 285] ioctl(3, LOOP_CLR_FD [pid 283] ioctl(3, LOOP_CLR_FD [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 285] close(3 [pid 283] close(3 [pid 285] <... close resumed>) = 0 [pid 283] <... close resumed>) = 0 [pid 348] <... openat resumed>) = 6 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 348] ioctl(6, LOOP_SET_FD, 5 [pid 285] <... clone resumed>, child_tidptr=0x55557ac9c650) = 352 [pid 283] <... clone resumed>, child_tidptr=0x55557ac9c650) = 353 ./strace-static-x86_64: Process 352 attached [pid 352] set_robust_list(0x55557ac9c660, 24) = 0 [pid 352] chdir("./2"./strace-static-x86_64: Process 353 attached [pid 348] <... ioctl resumed>) = 0 [pid 348] close(5) = 0 [pid 348] close(6 [pid 352] <... chdir resumed>) = 0 [ 23.667051][ T342] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 352] setpgid(0, 0) = 0 [pid 352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 352] write(3, "1000", 4) = 4 [pid 352] close(3) = 0 [pid 352] symlink("/dev/binderfs", "./binderfs" [pid 353] set_robust_list(0x55557ac9c660, 24 [pid 352] <... symlink resumed>) = 0 executing program [pid 352] write(1, "executing program\n", 18) = 18 [pid 352] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 352] ioctl(3, VHOST_SET_OWNER [pid 353] <... set_robust_list resumed>) = 0 [pid 353] chdir("./2") = 0 [pid 353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 353] setpgid(0, 0) = 0 [pid 353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 353] write(3, "1000", 4) = 4 [pid 353] close(3) = 0 [pid 353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 353] write(1, "executing program\n", 18executing program ) = 18 [pid 353] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 353] ioctl(3, VHOST_SET_OWNER [pid 352] <... ioctl resumed>, 0) = 0 [pid 352] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 352] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 352] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 352] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 352] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 352] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 352] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 353] <... ioctl resumed>, 0) = 0 [pid 353] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000300) = 0 [pid 353] ioctl(3, VHOST_SET_MEM_TABLE, 0x200000003380) = 0 [pid 353] eventfd2(118, EFD_SEMAPHORE) = 4 [pid 353] ioctl(3, VHOST_SET_VRING_ERR, 0x2000000001c0) = 0 [pid 353] ioctl(3, VHOST_SET_VRING_ADDR, 0x200000000240) = 0 [pid 353] ioctl(3, VHOST_SET_VRING_KICK, 0x200000000000) = 0 [pid 353] ioctl(3, VHOST_VSOCK_SET_RUNNING, 0x200000000140) = 0 [pid 353] memfd_create("syzkaller", 0) = 5 [pid 353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f59980ea000 [pid 352] memfd_create("syzkaller", 0 [pid 348] <... close resumed>) = 0 [pid 352] <... memfd_create resumed>) = 5 [pid 348] mkdir("./file0", 0777 [pid 352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f59980ea000 [pid 348] <... mkdir resumed>) = 0 [pid 348] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"... [pid 352] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [ 23.715442][ T344] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 353] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 353] munmap(0x7f59980ea000, 138412032) = 0 [pid 353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 353] ioctl(6, LOOP_SET_FD, 5 [pid 352] munmap(0x7f59980ea000, 138412032) = 0 [pid 352] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 353] <... ioctl resumed>) = 0 [pid 352] <... openat resumed>) = 6 [pid 352] ioctl(6, LOOP_SET_FD, 5 [pid 353] close(5) = 0 [pid 353] close(6 [pid 352] <... ioctl resumed>) = 0 [pid 352] close(5) = 0 [pid 352] close(6) = 0 [pid 352] mkdir("./file0", 0777) = 0 [pid 352] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"... [pid 353] <... close resumed>) = 0 [pid 353] mkdir("./file0", 0777) = 0 [pid 353] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_DIRSYNC|MS_NOATIME|MS_STRICTATIME|MS_LAZYTIME, "dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,gr"... [pid 342] <... mount resumed>) = 0 [pid 342] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 342] chdir("./file0") = 0 [ 23.784585][ T348] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 342] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 344] <... mount resumed>) = 0 [pid 344] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 344] chdir("./file0") = 0 [pid 344] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 342] <... openat resumed>) = 6 [pid 342] ioctl(6, LOOP_CLR_FD) = 0 [pid 342] close(6) = 0 [pid 342] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 342] write(6, "#! ./file1\n", 11) = 11 [pid 342] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 342] socketpair(AF_UNIX, SOCK_STREAM, 0, [pid 344] <... openat resumed>) = 6 [pid 344] ioctl(6, LOOP_CLR_FD) = 0 [pid 344] close(6) = 0 [pid 344] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 344] write(6, "#! ./file1\n", 11) = 11 [ 23.881315][ T342] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor351: bg 0: block 234: padding at end of block bitmap is not set [ 23.906673][ T352] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,nojournal_checksum,grpquota,auto_da_alloc,noquota,data_err=abort,grpid,grpjquota=,nouid32,grpid,,errors=continue [pid 344] mmap(0x200000000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP|0x800000, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 6, 0) = 0x200000000000 [pid 344] socketpair(AF_UNIX, SOCK_STREAM, 0, [pid 353] <... mount resumed>) = 0 [pid 353] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 353] chdir("./file0" [pid 348] <... mount resumed>) = 0 [pid 348] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 348] chdir("./file0") = 0 [pid 353] <... chdir resumed>) = 0 [pid 348] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 6 [pid 348] ioctl(6, LOOP_CLR_FD) = 0 [pid 348] close(6) = 0 [pid 348] openat(AT_FDCWD, "hugetlb.2MB.usage_in_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000