./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor494500944 <...> Warning: Permanently added '10.128.0.74' (ED25519) to the list of known hosts. execve("./syz-executor494500944", ["./syz-executor494500944"], 0x7fffc4d7f740 /* 10 vars */) = 0 brk(NULL) = 0x5555559f0000 brk(0x5555559f0d40) = 0x5555559f0d40 arch_prctl(ARCH_SET_FS, 0x5555559f03c0) = 0 set_tid_address(0x5555559f0690) = 5829 set_robust_list(0x5555559f06a0, 24) = 0 rseq(0x5555559f0ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor494500944", 4096) = 27 getrandom("\x7f\xe1\xcb\xff\xe7\xf8\x92\x7d", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555559f0d40 brk(0x555555a11d40) = 0x555555a11d40 brk(0x555555a12000) = 0x555555a12000 mprotect(0x7f17d9881000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.yW7TSU", 0700) = 0 chmod("./syzkaller.yW7TSU", 0777) = 0 chdir("./syzkaller.yW7TSU") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5831 attached , child_tidptr=0x5555559f0690) = 5831 [pid 5831] set_robust_list(0x5555559f06a0, 24) = 0 [pid 5831] chdir("./0") = 0 [pid 5831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5831] setpgid(0, 0) = 0 [pid 5831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5831] write(3, "1000", 4) = 4 [pid 5831] close(3) = 0 [pid 5831] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5831] write(1, "executing program\n", 18) = 18 [pid 5831] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5831] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5831] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5831] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5831] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5832 attached [pid 5832] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053) = 0 [pid 5831] <... clone3 resumed> => {parent_tid=[5832]}, 88) = 5832 [pid 5832] set_robust_list(0x7f17d97ae9a0, 24 [pid 5831] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] <... set_robust_list resumed>) = 0 [pid 5831] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5831] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] memfd_create("syzkaller", 0 [pid 5831] <... futex resumed>) = 0 [pid 5832] <... memfd_create resumed>) = 3 [pid 5831] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5832] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5832] munmap(0x7f17d1200000, 138412032) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5832] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5832] close(3) = 0 [pid 5832] close(4) = 0 [pid 5832] mkdir("./file0", 0777) = 0 [pid 5832] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5832] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5832] chdir("./file0") = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5832] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5831] <... futex resumed>) = 0 [pid 5832] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... futex resumed>) = 0 [pid 5832] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777 [pid 5831] <... futex resumed>) = 1 [pid 5831] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... openat resumed>) = 4 [pid 5832] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5831] <... futex resumed>) = 0 [pid 5832] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 88.385867][ T5832] loop0: detected capacity change from 0 to 32768 [pid 5831] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5831] <... futex resumed>) = 0 [pid 5832] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [pid 5831] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5831] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5831] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5831] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5831] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5833 attached [pid 5833] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053 [pid 5831] <... clone3 resumed> => {parent_tid=[5833]}, 88) = 5833 [pid 5833] <... rseq resumed>) = 0 [pid 5831] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] set_robust_list(0x7f17d978d9a0, 24 [pid 5831] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... set_robust_list resumed>) = 0 [pid 5831] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] <... futex resumed>) = 0 [pid 5833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] open_tree(AT_FDCWD, "./file0", 0) = 5 [pid 5833] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5831] <... futex resumed>) = 0 [pid 5831] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [pid 5831] <... futex resumed>) = 0 [pid 5831] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5831] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 88.557695][ T5833] ERROR: (device loop0): dtSearch: stack overrun! [ 88.557695][ T5833] [ 88.568524][ T5833] ERROR: (device loop0): remounting filesystem as read-only [ 88.575950][ T5833] btstack dump: [ 88.580116][ T5833] bn = 0, index = 0 [ 88.584045][ T5833] bn = 0, index = 0 [ 88.588358][ T5833] bn = 0, index = 0 [ 88.592216][ T5833] bn = 0, index = 0 [ 88.596150][ T5833] bn = 0, index = 0 [ 88.600700][ T5833] bn = 0, index = 0 [pid 5833] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5833] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 88.605012][ T5833] bn = 0, index = 0 [ 88.609512][ T5833] bn = 0, index = 0 [ 88.613410][ T5833] jfs_rename did not expect dtDelete to return rc = -5 [ 88.620960][ T5833] ERROR: (device loop0): jfs_rename: [ 88.620960][ T5833] [pid 5833] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] exit_group(0 [pid 5833] <... futex resumed>) = ? [pid 5831] <... exit_group resumed>) = ? [pid 5833] +++ exited with 0 +++ [pid 5832] <... write resumed>) = ? [pid 5832] +++ exited with 0 +++ [pid 5831] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5831, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=55 /* 0.55 s */} --- umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5834 attached , child_tidptr=0x5555559f0690) = 5834 [pid 5834] set_robust_list(0x5555559f06a0, 24) = 0 [pid 5834] chdir("./1") = 0 [pid 5834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5834] setpgid(0, 0) = 0 [pid 5834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "1000", 4) = 4 [pid 5834] close(3) = 0 [pid 5834] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5834] write(1, "executing program\n", 18) = 18 [pid 5834] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5834] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5834] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5834] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5835 attached [pid 5835] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053) = 0 [pid 5834] <... clone3 resumed> => {parent_tid=[5835]}, 88) = 5835 [pid 5835] set_robust_list(0x7f17d97ae9a0, 24 [pid 5834] rt_sigprocmask(SIG_SETMASK, [], [pid 5835] <... set_robust_list resumed>) = 0 [pid 5834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5835] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5835] memfd_create("syzkaller", 0) = 3 [pid 5835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5835] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5835] munmap(0x7f17d1200000, 138412032) = 0 [pid 5835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5835] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5835] close(3) = 0 [pid 5835] close(4) = 0 [pid 5835] mkdir("./file0", 0777) = 0 [pid 5835] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5835] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 90.119693][ T5835] loop0: detected capacity change from 0 to 32768 [pid 5835] chdir("./file0") = 0 [pid 5835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5835] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5835] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] <... futex resumed>) = 0 [pid 5835] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777 [pid 5834] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... openat resumed>) = 4 [pid 5835] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5835] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = 0 [pid 5834] <... futex resumed>) = 1 [pid 5835] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [pid 5834] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5834] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5834] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5834] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5836 attached [pid 5836] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053 [pid 5834] <... clone3 resumed> => {parent_tid=[5836]}, 88) = 5836 [pid 5836] <... rseq resumed>) = 0 [pid 5834] rt_sigprocmask(SIG_SETMASK, [], [pid 5836] set_robust_list(0x7f17d978d9a0, 24) = 0 [pid 5834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5836] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5836] open_tree(AT_FDCWD, "./file0", 0) = 5 [pid 5834] <... futex resumed>) = 0 [pid 5836] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5834] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = 0 [pid 5834] <... futex resumed>) = 0 [pid 5836] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [ 90.321458][ T5836] ERROR: (device loop0): dtSearch: stack overrun! [ 90.321458][ T5836] [ 90.330762][ T5836] ERROR: (device loop0): remounting filesystem as read-only [ 90.340461][ T5836] btstack dump: [ 90.344191][ T5836] bn = 0, index = 0 [ 90.348879][ T5836] bn = 0, index = 0 [ 90.352752][ T5836] bn = 0, index = 0 [ 90.356590][ T5836] bn = 0, index = 0 [ 90.361253][ T5836] bn = 0, index = 0 [ 90.365132][ T5836] bn = 0, index = 0 [pid 5834] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5836] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5836] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 90.369502][ T5836] bn = 0, index = 0 [ 90.373585][ T5836] bn = 0, index = 0 [ 90.378293][ T5836] jfs_rename did not expect dtDelete to return rc = -5 [ 90.385285][ T5836] ERROR: (device loop0): jfs_rename: [ 90.385285][ T5836] [pid 5836] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] exit_group(0 [pid 5836] <... futex resumed>) = ? [pid 5835] <... write resumed>) = ? [pid 5834] <... exit_group resumed>) = ? [pid 5836] +++ exited with 0 +++ [pid 5835] +++ exited with 0 +++ [pid 5834] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5834, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=62 /* 0.62 s */} --- umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5838 attached , child_tidptr=0x5555559f0690) = 5838 [pid 5838] set_robust_list(0x5555559f06a0, 24) = 0 [pid 5838] chdir("./2") = 0 [pid 5838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5838] setpgid(0, 0) = 0 [pid 5838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5838] write(3, "1000", 4) = 4 [pid 5838] close(3) = 0 [pid 5838] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5838] write(1, "executing program\n", 18) = 18 [pid 5838] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5838] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5838] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5838] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5839 attached [pid 5839] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053) = 0 [pid 5838] <... clone3 resumed> => {parent_tid=[5839]}, 88) = 5839 [pid 5839] set_robust_list(0x7f17d97ae9a0, 24 [pid 5838] rt_sigprocmask(SIG_SETMASK, [], [pid 5839] <... set_robust_list resumed>) = 0 [pid 5838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5838] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5839] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5839] memfd_create("syzkaller", 0) = 3 [pid 5839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5839] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5839] munmap(0x7f17d1200000, 138412032) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5839] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5839] close(3) = 0 [pid 5839] close(4) = 0 [pid 5839] mkdir("./file0", 0777) = 0 [pid 5839] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5839] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5839] chdir("./file0") = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5839] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5838] <... futex resumed>) = 0 [pid 5839] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 91.761383][ T5839] loop0: detected capacity change from 0 to 32768 [pid 5839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5838] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777) = 4 [pid 5839] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5838] <... futex resumed>) = 0 [pid 5839] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5838] <... futex resumed>) = 0 [pid 5839] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [pid 5838] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5838] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5838] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5838] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5840 attached => {parent_tid=[5840]}, 88) = 5840 [pid 5840] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053 [pid 5838] rt_sigprocmask(SIG_SETMASK, [], [pid 5840] <... rseq resumed>) = 0 [pid 5838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5840] set_robust_list(0x7f17d978d9a0, 24 [pid 5838] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... set_robust_list resumed>) = 0 [pid 5840] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5840] open_tree(AT_FDCWD, "./file0", 0 [pid 5838] <... futex resumed>) = 0 [pid 5838] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] <... open_tree resumed>) = 5 [pid 5840] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5838] <... futex resumed>) = 0 [pid 5840] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [pid 5838] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 91.878470][ T59] cfg80211: failed to load regulatory.db [ 91.906219][ T5840] ERROR: (device loop0): dtSearch: stack overrun! [ 91.906219][ T5840] [ 91.916480][ T5840] ERROR: (device loop0): remounting filesystem as read-only [ 91.924292][ T5840] btstack dump: [pid 5838] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5838] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5840] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5840] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 91.928350][ T5840] bn = 0, index = 0 [ 91.932379][ T5840] bn = 0, index = 0 [ 91.936329][ T5840] bn = 0, index = 0 [ 91.940326][ T5840] bn = 0, index = 0 [ 91.944398][ T5840] bn = 0, index = 0 [ 91.948387][ T5840] bn = 0, index = 0 [ 91.952278][ T5840] bn = 0, index = 0 [ 91.956119][ T5840] bn = 0, index = 0 [ 91.960326][ T5840] jfs_rename did not expect dtDelete to return rc = -5 [ 91.967331][ T5840] ERROR: (device loop0): jfs_rename: [ 91.967331][ T5840] [pid 5840] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] exit_group(0) = ? [pid 5840] <... futex resumed>) = ? [pid 5840] +++ exited with 0 +++ [pid 5839] <... write resumed>) = ? [pid 5839] +++ exited with 0 +++ [pid 5838] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5838, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=67 /* 0.67 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5841 attached , child_tidptr=0x5555559f0690) = 5841 [pid 5841] set_robust_list(0x5555559f06a0, 24) = 0 [pid 5841] chdir("./3") = 0 [pid 5841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5841] setpgid(0, 0) = 0 [pid 5841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5841] write(3, "1000", 4) = 4 [pid 5841] close(3) = 0 [pid 5841] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5841] write(1, "executing program\n", 18) = 18 [pid 5841] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5841] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5841] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5841] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5841] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5841] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5841] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5842 attached => {parent_tid=[5842]}, 88) = 5842 [pid 5842] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053 [pid 5841] rt_sigprocmask(SIG_SETMASK, [], [pid 5842] <... rseq resumed>) = 0 [pid 5841] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5842] set_robust_list(0x7f17d97ae9a0, 24 [pid 5841] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... set_robust_list resumed>) = 0 [pid 5842] rt_sigprocmask(SIG_SETMASK, [], [pid 5841] <... futex resumed>) = 0 [pid 5842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5842] memfd_create("syzkaller", 0 [pid 5841] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5842] <... memfd_create resumed>) = 3 [pid 5842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5842] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5842] munmap(0x7f17d1200000, 138412032) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5842] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5842] close(3) = 0 [pid 5842] close(4) = 0 [pid 5842] mkdir("./file0", 0777) = 0 [pid 5842] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5842] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5842] chdir("./file0") = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5842] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5841] <... futex resumed>) = 0 [pid 5842] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5841] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5841] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5842] <... futex resumed>) = 0 [pid 5842] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777) = 4 [ 93.513586][ T5842] loop0: detected capacity change from 0 to 32768 [pid 5842] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5841] <... futex resumed>) = 0 [pid 5842] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [pid 5841] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5841] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5841] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5841] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5841] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5841] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5841] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5843 attached [pid 5843] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053 [pid 5841] <... clone3 resumed> => {parent_tid=[5843]}, 88) = 5843 [pid 5843] <... rseq resumed>) = 0 [pid 5841] rt_sigprocmask(SIG_SETMASK, [], [pid 5843] set_robust_list(0x7f17d978d9a0, 24) = 0 [pid 5843] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5843] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5841] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5841] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] <... futex resumed>) = 0 [pid 5841] <... futex resumed>) = 1 [pid 5843] open_tree(AT_FDCWD, "./file0", 0 [pid 5841] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5843] <... open_tree resumed>) = 5 [pid 5843] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5841] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5843] <... futex resumed>) = 0 [pid 5841] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [pid 5841] <... futex resumed>) = 0 [ 93.672885][ T5843] ERROR: (device loop0): dtSearch: stack overrun! [ 93.672885][ T5843] [ 93.683078][ T5843] ERROR: (device loop0): remounting filesystem as read-only [ 93.691508][ T5843] btstack dump: [ 93.695009][ T5843] bn = 0, index = 0 [ 93.699370][ T5843] bn = 0, index = 0 [ 93.703304][ T5843] bn = 0, index = 0 [ 93.708277][ T5843] bn = 0, index = 0 [ 93.712134][ T5843] bn = 0, index = 0 [ 93.716058][ T5843] bn = 0, index = 0 [pid 5841] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5843] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5843] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 93.720792][ T5843] bn = 0, index = 0 [ 93.724794][ T5843] bn = 0, index = 0 [ 93.729215][ T5843] jfs_rename did not expect dtDelete to return rc = -5 [ 93.736459][ T5843] ERROR: (device loop0): jfs_rename: [ 93.736459][ T5843] [pid 5843] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5841] exit_group(0 [pid 5843] <... futex resumed>) = ? [pid 5842] <... write resumed>) = ? [pid 5843] +++ exited with 0 +++ [pid 5841] <... exit_group resumed>) = ? [pid 5842] +++ exited with 0 +++ [pid 5841] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5841, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=80 /* 0.80 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5844 attached , child_tidptr=0x5555559f0690) = 5844 [pid 5844] set_robust_list(0x5555559f06a0, 24) = 0 [pid 5844] chdir("./4") = 0 [pid 5844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5844] setpgid(0, 0) = 0 [pid 5844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5844] write(3, "1000", 4) = 4 [pid 5844] close(3) = 0 [pid 5844] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5844] write(1, "executing program\n", 18) = 18 [pid 5844] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5844] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5844] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5844] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5844] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5844] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5844] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5845 attached [pid 5845] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053) = 0 [pid 5844] <... clone3 resumed> => {parent_tid=[5845]}, 88) = 5845 [pid 5845] set_robust_list(0x7f17d97ae9a0, 24 [pid 5844] rt_sigprocmask(SIG_SETMASK, [], [pid 5845] <... set_robust_list resumed>) = 0 [pid 5844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5845] rt_sigprocmask(SIG_SETMASK, [], [pid 5844] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5844] <... futex resumed>) = 0 [pid 5844] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5845] memfd_create("syzkaller", 0) = 3 [pid 5845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5845] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5845] munmap(0x7f17d1200000, 138412032) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5845] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5845] close(3) = 0 [pid 5845] close(4) = 0 [pid 5845] mkdir("./file0", 0777) = 0 [pid 5845] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5845] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5845] chdir("./file0") = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 95.234488][ T5845] loop0: detected capacity change from 0 to 32768 [pid 5845] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5844] <... futex resumed>) = 0 [pid 5845] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5844] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5845] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777) = 4 [pid 5845] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5844] <... futex resumed>) = 0 [pid 5845] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5844] <... futex resumed>) = 0 [pid 5844] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [pid 5844] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5844] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5844] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5844] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5844] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5844] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5846 attached [pid 5846] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053 [pid 5844] <... clone3 resumed> => {parent_tid=[5846]}, 88) = 5846 [pid 5846] <... rseq resumed>) = 0 [pid 5844] rt_sigprocmask(SIG_SETMASK, [], [pid 5846] set_robust_list(0x7f17d978d9a0, 24 [pid 5844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5846] <... set_robust_list resumed>) = 0 [pid 5844] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] rt_sigprocmask(SIG_SETMASK, [], [pid 5844] <... futex resumed>) = 0 [pid 5846] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5846] open_tree(AT_FDCWD, "./file0", 0 [pid 5844] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5846] <... open_tree resumed>) = 5 [pid 5846] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5844] <... futex resumed>) = 0 [pid 5846] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5844] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5846] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [pid 5844] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 95.430298][ T5846] ERROR: (device loop0): dtSearch: stack overrun! [ 95.430298][ T5846] [ 95.439748][ T5846] ERROR: (device loop0): remounting filesystem as read-only [ 95.447962][ T5846] btstack dump: [ 95.451583][ T5846] bn = 0, index = 0 [ 95.455426][ T5846] bn = 0, index = 0 [ 95.460207][ T5846] bn = 0, index = 0 [ 95.464118][ T5846] bn = 0, index = 0 [ 95.468501][ T5846] bn = 0, index = 0 [ 95.472920][ T5846] bn = 0, index = 0 [pid 5846] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5846] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 95.477348][ T5846] bn = 0, index = 0 [ 95.481309][ T5846] bn = 0, index = 0 [ 95.485320][ T5846] jfs_rename did not expect dtDelete to return rc = -5 [ 95.492802][ T5846] ERROR: (device loop0): jfs_rename: [ 95.492802][ T5846] [pid 5846] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] exit_group(0 [pid 5846] <... futex resumed>) = ? [pid 5844] <... exit_group resumed>) = ? [pid 5846] +++ exited with 0 +++ [pid 5845] <... write resumed>) = ? [pid 5845] +++ exited with 0 +++ [pid 5844] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5844, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=75 /* 0.75 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5847 attached , child_tidptr=0x5555559f0690) = 5847 [pid 5847] set_robust_list(0x5555559f06a0, 24) = 0 [pid 5847] chdir("./5") = 0 [pid 5847] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5847] setpgid(0, 0) = 0 [pid 5847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5847] write(3, "1000", 4) = 4 [pid 5847] close(3) = 0 [pid 5847] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5847] write(1, "executing program\n", 18executing program ) = 18 [pid 5847] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5847] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5847] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5847] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5847] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5847] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5848 attached [pid 5848] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053) = 0 [pid 5847] <... clone3 resumed> => {parent_tid=[5848]}, 88) = 5848 [pid 5848] set_robust_list(0x7f17d97ae9a0, 24 [pid 5847] rt_sigprocmask(SIG_SETMASK, [], [pid 5848] <... set_robust_list resumed>) = 0 [pid 5847] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5848] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5847] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] memfd_create("syzkaller", 0 [pid 5847] <... futex resumed>) = 0 [pid 5848] <... memfd_create resumed>) = 3 [pid 5848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5847] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5848] <... mmap resumed>) = 0x7f17d1200000 [pid 5848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5848] munmap(0x7f17d1200000, 138412032) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5848] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5848] close(3) = 0 [pid 5848] close(4) = 0 [pid 5848] mkdir("./file0", 0777) = 0 [pid 5848] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5848] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5848] chdir("./file0") = 0 [ 97.071622][ T5848] loop0: detected capacity change from 0 to 32768 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5848] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5848] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5847] <... futex resumed>) = 0 [pid 5847] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5848] <... futex resumed>) = 0 [pid 5847] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5848] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777) = 4 [pid 5848] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5847] <... futex resumed>) = 0 [pid 5848] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5847] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5847] <... futex resumed>) = 0 [pid 5848] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [pid 5847] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5847] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5847] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5847] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5847] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5849 attached [pid 5849] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053 [pid 5847] <... clone3 resumed> => {parent_tid=[5849]}, 88) = 5849 [pid 5849] <... rseq resumed>) = 0 [pid 5847] rt_sigprocmask(SIG_SETMASK, [], [pid 5849] set_robust_list(0x7f17d978d9a0, 24) = 0 [pid 5847] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5849] rt_sigprocmask(SIG_SETMASK, [], [pid 5847] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5847] <... futex resumed>) = 0 [pid 5849] open_tree(AT_FDCWD, "./file0", 0 [pid 5847] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5849] <... open_tree resumed>) = 5 [pid 5849] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5847] <... futex resumed>) = 0 [pid 5849] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [pid 5847] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 97.249646][ T5849] ERROR: (device loop0): dtSearch: stack overrun! [ 97.249646][ T5849] [ 97.259486][ T5849] ERROR: (device loop0): remounting filesystem as read-only [ 97.267653][ T5849] btstack dump: [ 97.271149][ T5849] bn = 0, index = 0 [ 97.274985][ T5849] bn = 0, index = 0 [ 97.279382][ T5849] bn = 0, index = 0 [ 97.283225][ T5849] bn = 0, index = 0 [ 97.287606][ T5849] bn = 0, index = 0 [ 97.291445][ T5849] bn = 0, index = 0 [ 97.295369][ T5849] bn = 0, index = 0 [pid 5847] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5849] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5849] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 97.299782][ T5849] bn = 0, index = 0 [ 97.303642][ T5849] jfs_rename did not expect dtDelete to return rc = -5 [ 97.311502][ T5849] ERROR: (device loop0): jfs_rename: [ 97.311502][ T5849] [pid 5849] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5847] exit_group(0 [pid 5849] <... futex resumed>) = ? [pid 5847] <... exit_group resumed>) = ? [pid 5849] +++ exited with 0 +++ [pid 5848] <... write resumed>) = ? [pid 5848] +++ exited with 0 +++ [pid 5847] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5847, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=59 /* 0.59 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5851 attached , child_tidptr=0x5555559f0690) = 5851 [pid 5851] set_robust_list(0x5555559f06a0, 24) = 0 [pid 5851] chdir("./6") = 0 [pid 5851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5851] setpgid(0, 0) = 0 [pid 5851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] write(3, "1000", 4) = 4 [pid 5851] close(3) = 0 [pid 5851] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5851] write(1, "executing program\n", 18) = 18 [pid 5851] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5851] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5851] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5851] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5851] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5852 attached [pid 5852] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053 [pid 5851] <... clone3 resumed> => {parent_tid=[5852]}, 88) = 5852 [pid 5852] <... rseq resumed>) = 0 [pid 5851] rt_sigprocmask(SIG_SETMASK, [], [pid 5852] set_robust_list(0x7f17d97ae9a0, 24 [pid 5851] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5852] <... set_robust_list resumed>) = 0 [pid 5852] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5851] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] memfd_create("syzkaller", 0 [pid 5851] <... futex resumed>) = 0 [pid 5852] <... memfd_create resumed>) = 3 [pid 5851] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5852] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5852] munmap(0x7f17d1200000, 138412032) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5852] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5852] close(3) = 0 [pid 5852] close(4) = 0 [pid 5852] mkdir("./file0", 0777) = 0 [pid 5852] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5852] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5852] chdir("./file0") = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5852] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5851] <... futex resumed>) = 0 [pid 5852] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5851] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5851] <... futex resumed>) = 0 [pid 5851] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5852] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777) = 4 [pid 5852] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5851] <... futex resumed>) = 0 [pid 5852] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5851] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5852] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [ 98.712596][ T5852] loop0: detected capacity change from 0 to 32768 [pid 5851] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5851] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5851] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5851] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5851] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5853 attached => {parent_tid=[5853]}, 88) = 5853 [pid 5853] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053 [pid 5851] rt_sigprocmask(SIG_SETMASK, [], [pid 5853] <... rseq resumed>) = 0 [pid 5851] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5853] set_robust_list(0x7f17d978d9a0, 24 [pid 5851] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... set_robust_list resumed>) = 0 [pid 5851] <... futex resumed>) = 0 [pid 5853] rt_sigprocmask(SIG_SETMASK, [], [pid 5851] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5853] open_tree(AT_FDCWD, "./file0", 0) = 5 [pid 5853] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5851] <... futex resumed>) = 0 [pid 5853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5851] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [pid 5851] <... futex resumed>) = 0 [pid 5851] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 98.839398][ T5853] ERROR: (device loop0): dtSearch: stack overrun! [ 98.839398][ T5853] [ 98.849333][ T5853] ERROR: (device loop0): remounting filesystem as read-only [ 98.856675][ T5853] btstack dump: [ 98.860601][ T5853] bn = 0, index = 0 [ 98.864450][ T5853] bn = 0, index = 0 [ 98.868974][ T5853] bn = 0, index = 0 [ 98.872929][ T5853] bn = 0, index = 0 [ 98.877209][ T5853] bn = 0, index = 0 [ 98.881062][ T5853] bn = 0, index = 0 [ 98.884893][ T5853] bn = 0, index = 0 [pid 5853] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5853] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 98.889312][ T5853] bn = 0, index = 0 [ 98.893317][ T5853] jfs_rename did not expect dtDelete to return rc = -5 [ 98.900648][ T5853] ERROR: (device loop0): jfs_rename: [ 98.900648][ T5853] [pid 5853] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5851] exit_group(0) = ? [pid 5853] <... futex resumed>) = ? [pid 5853] +++ exited with 0 +++ [pid 5852] <... write resumed>) = ? [pid 5852] +++ exited with 0 +++ [pid 5851] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5851, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=71 /* 0.71 s */} --- umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5854 attached , child_tidptr=0x5555559f0690) = 5854 [pid 5854] set_robust_list(0x5555559f06a0, 24) = 0 [pid 5854] chdir("./7") = 0 [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5854] setpgid(0, 0) = 0 [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5854] write(3, "1000", 4) = 4 [pid 5854] close(3) = 0 [pid 5854] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5854] write(1, "executing program\n", 18) = 18 [pid 5854] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5854] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5854] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5854] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5855 attached [pid 5855] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053) = 0 [pid 5854] <... clone3 resumed> => {parent_tid=[5855]}, 88) = 5855 [pid 5855] set_robust_list(0x7f17d97ae9a0, 24 [pid 5854] rt_sigprocmask(SIG_SETMASK, [], [pid 5855] <... set_robust_list resumed>) = 0 [pid 5854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5855] rt_sigprocmask(SIG_SETMASK, [], [pid 5854] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5854] <... futex resumed>) = 0 [pid 5855] memfd_create("syzkaller", 0 [pid 5854] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5855] <... memfd_create resumed>) = 3 [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5855] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5855] munmap(0x7f17d1200000, 138412032) = 0 [pid 5855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5855] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5855] close(3) = 0 [pid 5855] close(4) = 0 [pid 5855] mkdir("./file0", 0777) = 0 [pid 5855] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5855] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5855] chdir("./file0") = 0 [pid 5855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5855] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5855] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = 0 [pid 5854] <... futex resumed>) = 1 [pid 5855] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777 [pid 5854] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] <... openat resumed>) = 4 [pid 5855] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5855] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5855] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [pid 5854] <... futex resumed>) = 0 [ 100.465075][ T5855] loop0: detected capacity change from 0 to 32768 [pid 5854] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5854] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5854] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5854] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5856 attached [pid 5856] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053) = 0 [pid 5854] <... clone3 resumed> => {parent_tid=[5856]}, 88) = 5856 [pid 5854] rt_sigprocmask(SIG_SETMASK, [], [pid 5856] set_robust_list(0x7f17d978d9a0, 24) = 0 [pid 5854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5856] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5854] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] open_tree(AT_FDCWD, "./file0", 0 [pid 5854] <... futex resumed>) = 0 [pid 5854] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] <... open_tree resumed>) = 5 [pid 5856] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = 0 [pid 5856] <... futex resumed>) = 1 [pid 5854] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [pid 5854] <... futex resumed>) = 0 [ 100.591497][ T5856] ERROR: (device loop0): dtSearch: stack overrun! [ 100.591497][ T5856] [ 100.601244][ T5856] ERROR: (device loop0): remounting filesystem as read-only [ 100.609499][ T5856] btstack dump: [ 100.613421][ T5856] bn = 0, index = 0 [ 100.617822][ T5856] bn = 0, index = 0 [ 100.621807][ T5856] bn = 0, index = 0 [ 100.626064][ T5856] bn = 0, index = 0 [ 100.631021][ T5856] bn = 0, index = 0 [ 100.634875][ T5856] bn = 0, index = 0 [pid 5854] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5856] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5856] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 100.639599][ T5856] bn = 0, index = 0 [ 100.643847][ T5856] bn = 0, index = 0 [ 100.648349][ T5856] jfs_rename did not expect dtDelete to return rc = -5 [ 100.655817][ T5856] ERROR: (device loop0): jfs_rename: [ 100.655817][ T5856] [pid 5856] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] exit_group(0 [pid 5856] <... futex resumed>) = ? [pid 5854] <... exit_group resumed>) = ? [pid 5856] +++ exited with 0 +++ [pid 5855] <... write resumed>) = ? [pid 5855] +++ exited with 0 +++ [pid 5854] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5854, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=77 /* 0.77 s */} --- umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5857 attached [pid 5857] set_robust_list(0x5555559f06a0, 24 [pid 5829] <... clone resumed>, child_tidptr=0x5555559f0690) = 5857 [pid 5857] <... set_robust_list resumed>) = 0 [pid 5857] chdir("./8") = 0 [pid 5857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5857] setpgid(0, 0) = 0 [pid 5857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] write(3, "1000", 4) = 4 [pid 5857] close(3) = 0 [pid 5857] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5857] write(1, "executing program\n", 18) = 18 [pid 5857] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5857] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5857] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5857] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5857] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5857] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5858 attached [pid 5858] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053 [pid 5857] <... clone3 resumed> => {parent_tid=[5858]}, 88) = 5858 [pid 5858] <... rseq resumed>) = 0 [pid 5858] set_robust_list(0x7f17d97ae9a0, 24 [pid 5857] rt_sigprocmask(SIG_SETMASK, [], [pid 5858] <... set_robust_list resumed>) = 0 [pid 5857] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5858] rt_sigprocmask(SIG_SETMASK, [], [pid 5857] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5857] <... futex resumed>) = 0 [pid 5858] memfd_create("syzkaller", 0 [pid 5857] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5858] <... memfd_create resumed>) = 3 [pid 5858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5858] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5858] munmap(0x7f17d1200000, 138412032) = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5858] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5858] close(3) = 0 [pid 5858] close(4) = 0 [pid 5858] mkdir("./file0", 0777) = 0 [pid 5858] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5858] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5858] chdir("./file0") = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5858] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5857] <... futex resumed>) = 0 [pid 5858] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5857] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5858] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777) = 4 [pid 5858] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5857] <... futex resumed>) = 0 [ 102.091404][ T5858] loop0: detected capacity change from 0 to 32768 [pid 5858] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5857] <... futex resumed>) = 0 [pid 5858] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [pid 5857] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5857] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5857] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5857] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5857] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5859 attached [pid 5859] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053) = 0 [pid 5857] <... clone3 resumed> => {parent_tid=[5859]}, 88) = 5859 [pid 5859] set_robust_list(0x7f17d978d9a0, 24 [pid 5857] rt_sigprocmask(SIG_SETMASK, [], [pid 5859] <... set_robust_list resumed>) = 0 [pid 5859] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5859] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5857] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] <... futex resumed>) = 0 [pid 5857] <... futex resumed>) = 1 [pid 5859] open_tree(AT_FDCWD, "./file0", 0 [pid 5857] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] <... open_tree resumed>) = 5 [pid 5859] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5857] <... futex resumed>) = 0 [pid 5859] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [pid 5857] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5857] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 102.249820][ T5859] ERROR: (device loop0): dtSearch: stack overrun! [ 102.249820][ T5859] [ 102.259528][ T5859] ERROR: (device loop0): remounting filesystem as read-only [ 102.267850][ T5859] btstack dump: [ 102.271497][ T5859] bn = 0, index = 0 [ 102.275459][ T5859] bn = 0, index = 0 [ 102.279925][ T5859] bn = 0, index = 0 [ 102.283767][ T5859] bn = 0, index = 0 [ 102.288452][ T5859] bn = 0, index = 0 [ 102.292494][ T5859] bn = 0, index = 0 [ 102.296339][ T5859] bn = 0, index = 0 [pid 5859] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5859] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 102.301112][ T5859] bn = 0, index = 0 [ 102.305277][ T5859] jfs_rename did not expect dtDelete to return rc = -5 [ 102.312722][ T5859] ERROR: (device loop0): jfs_rename: [ 102.312722][ T5859] [pid 5859] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] exit_group(0 [pid 5859] <... futex resumed>) = ? [pid 5857] <... exit_group resumed>) = ? [pid 5859] +++ exited with 0 +++ [pid 5858] <... write resumed>) = ? [pid 5858] +++ exited with 0 +++ [pid 5857] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5857, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=76 /* 0.76 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5860 attached , child_tidptr=0x5555559f0690) = 5860 [pid 5860] set_robust_list(0x5555559f06a0, 24) = 0 [pid 5860] chdir("./9") = 0 [pid 5860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5860] setpgid(0, 0) = 0 [pid 5860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5860] write(3, "1000", 4) = 4 [pid 5860] close(3) = 0 [pid 5860] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5860] write(1, "executing program\n", 18) = 18 [pid 5860] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5860] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5860] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5860] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5860] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5860] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5860] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5861 attached [pid 5861] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053 [pid 5860] <... clone3 resumed> => {parent_tid=[5861]}, 88) = 5861 [pid 5861] <... rseq resumed>) = 0 [pid 5861] set_robust_list(0x7f17d97ae9a0, 24) = 0 [pid 5861] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5861] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5860] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] <... futex resumed>) = 0 [pid 5860] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5861] memfd_create("syzkaller", 0) = 3 [pid 5861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5861] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5861] munmap(0x7f17d1200000, 138412032) = 0 [pid 5861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5861] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5861] close(3) = 0 [pid 5861] close(4) = 0 [pid 5861] mkdir("./file0", 0777) = 0 [pid 5861] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5861] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5861] chdir("./file0") = 0 [pid 5861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5861] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5860] <... futex resumed>) = 0 [pid 5861] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = 0 [pid 5860] <... futex resumed>) = 1 [pid 5861] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777 [pid 5860] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] <... openat resumed>) = 4 [pid 5861] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 103.849863][ T5861] loop0: detected capacity change from 0 to 32768 [pid 5861] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] <... futex resumed>) = 0 [pid 5860] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] <... futex resumed>) = 0 [pid 5861] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [pid 5860] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5860] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5860] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5860] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5860] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5860] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5862 attached => {parent_tid=[5862]}, 88) = 5862 [pid 5860] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5860] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5862] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053 [pid 5860] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5862] <... rseq resumed>) = 0 [pid 5862] set_robust_list(0x7f17d978d9a0, 24) = 0 [pid 5862] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5862] open_tree(AT_FDCWD, "./file0", 0) = 5 [pid 5862] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5862] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] <... futex resumed>) = 0 [pid 5860] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] <... futex resumed>) = 0 [pid 5860] <... futex resumed>) = 1 [pid 5862] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [pid 5860] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 104.018829][ T5862] ERROR: (device loop0): dtSearch: stack overrun! [ 104.018829][ T5862] [ 104.057003][ T5862] ERROR: (device loop0): remounting filesystem as read-only [ 104.070590][ T5862] btstack dump: [ 104.097168][ T5862] bn = 0, index = 0 [ 104.101764][ T5862] bn = 0, index = 0 [ 104.109687][ T5862] bn = 0, index = 0 [ 104.117708][ T5862] bn = 0, index = 0 [ 104.122418][ T5862] bn = 0, index = 0 [ 104.126272][ T5862] bn = 0, index = 0 [ 104.132447][ T5862] bn = 0, index = 0 [pid 5862] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5862] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 104.149923][ T5862] bn = 0, index = 0 [ 104.153824][ T5862] jfs_rename did not expect dtDelete to return rc = -5 [ 104.166210][ T5862] ERROR: (device loop0): jfs_rename: [ 104.166210][ T5862] [pid 5862] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] exit_group(0 [pid 5862] <... futex resumed>) = ? [pid 5860] <... exit_group resumed>) = ? [pid 5862] +++ exited with 0 +++ [pid 5861] <... write resumed>) = ? [pid 5861] +++ exited with 0 +++ [pid 5860] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5860, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=51 /* 0.51 s */} --- umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5863 attached , child_tidptr=0x5555559f0690) = 5863 [pid 5863] set_robust_list(0x5555559f06a0, 24) = 0 [pid 5863] chdir("./10") = 0 [pid 5863] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5863] setpgid(0, 0) = 0 [pid 5863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5863] write(3, "1000", 4) = 4 [pid 5863] close(3) = 0 [pid 5863] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5863] write(1, "executing program\n", 18) = 18 [pid 5863] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5863] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5863] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5863] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5863] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5863] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5864 attached [pid 5864] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053 [pid 5863] <... clone3 resumed> => {parent_tid=[5864]}, 88) = 5864 [pid 5864] <... rseq resumed>) = 0 [pid 5863] rt_sigprocmask(SIG_SETMASK, [], [pid 5864] set_robust_list(0x7f17d97ae9a0, 24 [pid 5863] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5864] <... set_robust_list resumed>) = 0 [pid 5863] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] rt_sigprocmask(SIG_SETMASK, [], [pid 5863] <... futex resumed>) = 0 [pid 5864] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5864] memfd_create("syzkaller", 0 [pid 5863] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5864] <... memfd_create resumed>) = 3 [pid 5864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5864] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5864] munmap(0x7f17d1200000, 138412032) = 0 [pid 5864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5864] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5864] close(3) = 0 [pid 5864] close(4) = 0 [pid 5864] mkdir("./file0", 0777) = 0 [pid 5864] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5864] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5864] chdir("./file0") = 0 [pid 5864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5864] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5863] <... futex resumed>) = 0 [pid 5864] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5863] <... futex resumed>) = 0 [pid 5864] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777 [pid 5863] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5864] <... openat resumed>) = 4 [pid 5864] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5863] <... futex resumed>) = 0 [pid 5864] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = 0 [pid 5863] <... futex resumed>) = 1 [ 105.382337][ T5864] loop0: detected capacity change from 0 to 32768 [pid 5863] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5864] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [pid 5863] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5863] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5863] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5863] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5863] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5865 attached [pid 5865] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053 [pid 5863] <... clone3 resumed> => {parent_tid=[5865]}, 88) = 5865 [pid 5865] <... rseq resumed>) = 0 [pid 5865] set_robust_list(0x7f17d978d9a0, 24 [pid 5863] rt_sigprocmask(SIG_SETMASK, [], [pid 5865] <... set_robust_list resumed>) = 0 [pid 5865] rt_sigprocmask(SIG_SETMASK, [], [pid 5863] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5865] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5863] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] open_tree(AT_FDCWD, "./file0", 0 [pid 5863] <... futex resumed>) = 0 [pid 5863] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5865] <... open_tree resumed>) = 5 [pid 5865] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5863] <... futex resumed>) = 0 [pid 5865] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5863] <... futex resumed>) = 0 [pid 5865] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [ 105.522411][ T5865] ERROR: (device loop0): dtSearch: stack overrun! [ 105.522411][ T5865] [ 105.532155][ T5865] ERROR: (device loop0): remounting filesystem as read-only [ 105.540099][ T5865] btstack dump: [ 105.543681][ T5865] bn = 0, index = 0 [ 105.547956][ T5865] bn = 0, index = 0 [ 105.551861][ T5865] bn = 0, index = 0 [ 105.555724][ T5865] bn = 0, index = 0 [ 105.559984][ T5865] bn = 0, index = 0 [ 105.563939][ T5865] bn = 0, index = 0 [ 105.568443][ T5865] bn = 0, index = 0 [pid 5863] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5865] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5865] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 105.572552][ T5865] bn = 0, index = 0 [ 105.576635][ T5865] jfs_rename did not expect dtDelete to return rc = -5 [ 105.584239][ T5865] ERROR: (device loop0): jfs_rename: [ 105.584239][ T5865] [pid 5865] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] exit_group(0 [pid 5865] <... futex resumed>) = ? [pid 5863] <... exit_group resumed>) = ? [pid 5865] +++ exited with 0 +++ [pid 5864] <... write resumed>) = ? [pid 5864] +++ exited with 0 +++ [pid 5863] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5863, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=71 /* 0.71 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5866 attached [pid 5866] set_robust_list(0x5555559f06a0, 24 [pid 5829] <... clone resumed>, child_tidptr=0x5555559f0690) = 5866 [pid 5866] <... set_robust_list resumed>) = 0 [pid 5866] chdir("./11") = 0 [pid 5866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5866] setpgid(0, 0) = 0 [pid 5866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5866] write(3, "1000", 4) = 4 [pid 5866] close(3) = 0 [pid 5866] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5866] write(1, "executing program\n", 18executing program ) = 18 [pid 5866] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5866] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5866] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5866] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5866] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5867 attached [pid 5867] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053) = 0 [pid 5867] set_robust_list(0x7f17d97ae9a0, 24 [pid 5866] <... clone3 resumed> => {parent_tid=[5867]}, 88) = 5867 [pid 5867] <... set_robust_list resumed>) = 0 [pid 5866] rt_sigprocmask(SIG_SETMASK, [], [pid 5867] rt_sigprocmask(SIG_SETMASK, [], [pid 5866] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5867] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5866] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] memfd_create("syzkaller", 0 [pid 5866] <... futex resumed>) = 0 [pid 5866] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5867] <... memfd_create resumed>) = 3 [pid 5867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5867] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5867] munmap(0x7f17d1200000, 138412032) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5867] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5867] close(3) = 0 [pid 5867] close(4) = 0 [pid 5867] mkdir("./file0", 0777) = 0 [pid 5867] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5867] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5867] chdir("./file0") = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5867] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5866] <... futex resumed>) = 0 [pid 5867] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... futex resumed>) = 0 [pid 5866] <... futex resumed>) = 1 [pid 5867] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777 [ 107.151992][ T5867] loop0: detected capacity change from 0 to 32768 [pid 5866] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... openat resumed>) = 4 [pid 5867] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5866] <... futex resumed>) = 0 [pid 5866] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [pid 5866] <... futex resumed>) = 0 [pid 5866] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5866] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5866] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5866] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5866] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5868 attached [pid 5868] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053 [pid 5866] <... clone3 resumed> => {parent_tid=[5868]}, 88) = 5868 [pid 5866] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] <... rseq resumed>) = 0 [pid 5868] set_robust_list(0x7f17d978d9a0, 24 [pid 5866] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] <... set_robust_list resumed>) = 0 [pid 5866] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] rt_sigprocmask(SIG_SETMASK, [], [pid 5866] <... futex resumed>) = 0 [pid 5868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5866] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] open_tree(AT_FDCWD, "./file0", 0) = 5 [pid 5868] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5866] <... futex resumed>) = 0 [pid 5868] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5866] <... futex resumed>) = 0 [pid 5868] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [pid 5866] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 107.309862][ T5868] ERROR: (device loop0): dtSearch: stack overrun! [ 107.309862][ T5868] [ 107.319991][ T5868] ERROR: (device loop0): remounting filesystem as read-only [ 107.328003][ T5868] btstack dump: [ 107.331704][ T5868] bn = 0, index = 0 [ 107.335543][ T5868] bn = 0, index = 0 [ 107.340158][ T5868] bn = 0, index = 0 [ 107.344005][ T5868] bn = 0, index = 0 [ 107.348334][ T5868] bn = 0, index = 0 [ 107.352584][ T5868] bn = 0, index = 0 [ 107.356419][ T5868] bn = 0, index = 0 [pid 5868] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5868] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 107.361512][ T5868] bn = 0, index = 0 [ 107.366144][ T5868] jfs_rename did not expect dtDelete to return rc = -5 [ 107.373676][ T5868] ERROR: (device loop0): jfs_rename: [ 107.373676][ T5868] [pid 5868] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] exit_group(0 [pid 5868] <... futex resumed>) = ? [pid 5866] <... exit_group resumed>) = ? [pid 5868] +++ exited with 0 +++ [pid 5867] <... write resumed>) = ? [pid 5867] +++ exited with 0 +++ [pid 5866] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5866, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=72 /* 0.72 s */} --- umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5869 attached [pid 5869] set_robust_list(0x5555559f06a0, 24 [pid 5829] <... clone resumed>, child_tidptr=0x5555559f0690) = 5869 [pid 5869] <... set_robust_list resumed>) = 0 [pid 5869] chdir("./12") = 0 [pid 5869] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5869] setpgid(0, 0) = 0 [pid 5869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5869] write(3, "1000", 4) = 4 [pid 5869] close(3) = 0 [pid 5869] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5869] write(1, "executing program\n", 18executing program ) = 18 [pid 5869] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5869] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5869] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5869] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5869] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5869] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5870 attached [pid 5870] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053) = 0 [pid 5869] <... clone3 resumed> => {parent_tid=[5870]}, 88) = 5870 [pid 5870] set_robust_list(0x7f17d97ae9a0, 24 [pid 5869] rt_sigprocmask(SIG_SETMASK, [], [pid 5870] <... set_robust_list resumed>) = 0 [pid 5869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5870] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5870] memfd_create("syzkaller", 0 [pid 5869] <... futex resumed>) = 0 [pid 5869] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5870] <... memfd_create resumed>) = 3 [pid 5870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5870] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5870] munmap(0x7f17d1200000, 138412032) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5870] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5870] close(3) = 0 [pid 5870] close(4) = 0 [pid 5870] mkdir("./file0", 0777) = 0 [pid 5870] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5870] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5870] chdir("./file0") = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5870] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5869] <... futex resumed>) = 0 [pid 5870] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777 [pid 5869] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] <... openat resumed>) = 4 [pid 5870] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... futex resumed>) = 0 [pid 5869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... futex resumed>) = 0 [pid 5870] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [ 108.931349][ T5870] loop0: detected capacity change from 0 to 32768 [pid 5869] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5869] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5869] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5869] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5869] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5871 attached [pid 5871] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053) = 0 [pid 5869] <... clone3 resumed> => {parent_tid=[5871]}, 88) = 5871 [pid 5871] set_robust_list(0x7f17d978d9a0, 24 [pid 5869] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] <... set_robust_list resumed>) = 0 [pid 5869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5871] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... futex resumed>) = 0 [pid 5869] <... futex resumed>) = 1 [pid 5871] open_tree(AT_FDCWD, "./file0", 0 [pid 5869] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... open_tree resumed>) = 5 [pid 5871] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5869] <... futex resumed>) = 0 [pid 5871] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... futex resumed>) = 0 [pid 5871] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [ 109.054806][ T5871] ERROR: (device loop0): dtSearch: stack overrun! [ 109.054806][ T5871] [ 109.064689][ T5871] ERROR: (device loop0): remounting filesystem as read-only [ 109.073192][ T5871] btstack dump: [ 109.077512][ T5871] bn = 0, index = 0 [ 109.081357][ T5871] bn = 0, index = 0 [ 109.085217][ T5871] bn = 0, index = 0 [ 109.089918][ T5871] bn = 0, index = 0 [ 109.093891][ T5871] bn = 0, index = 0 [ 109.098440][ T5871] bn = 0, index = 0 [pid 5869] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5871] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5871] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 109.102704][ T5871] bn = 0, index = 0 [ 109.108448][ T5871] bn = 0, index = 0 [ 109.112516][ T5871] jfs_rename did not expect dtDelete to return rc = -5 [ 109.120388][ T5871] ERROR: (device loop0): jfs_rename: [ 109.120388][ T5871] [pid 5871] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] exit_group(0 [pid 5871] <... futex resumed>) = ? [pid 5871] +++ exited with 0 +++ [pid 5869] <... exit_group resumed>) = ? [pid 5870] <... write resumed>) = ? [pid 5870] +++ exited with 0 +++ [pid 5869] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5869, si_uid=0, si_status=0, si_utime=0, si_stime=67 /* 0.67 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5872 attached [pid 5872] set_robust_list(0x5555559f06a0, 24 [pid 5829] <... clone resumed>, child_tidptr=0x5555559f0690) = 5872 [pid 5872] <... set_robust_list resumed>) = 0 [pid 5872] chdir("./13") = 0 [pid 5872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5872] setpgid(0, 0) = 0 [pid 5872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5872] write(3, "1000", 4) = 4 [pid 5872] close(3) = 0 [pid 5872] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5872] write(1, "executing program\n", 18) = 18 [pid 5872] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5872] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5872] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5873 attached [pid 5873] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053 [pid 5872] <... clone3 resumed> => {parent_tid=[5873]}, 88) = 5873 [pid 5873] <... rseq resumed>) = 0 [pid 5872] rt_sigprocmask(SIG_SETMASK, [], [pid 5873] set_robust_list(0x7f17d97ae9a0, 24 [pid 5872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5873] <... set_robust_list resumed>) = 0 [pid 5872] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] <... futex resumed>) = 0 [pid 5873] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5873] memfd_create("syzkaller", 0) = 3 [pid 5873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5873] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5873] munmap(0x7f17d1200000, 138412032) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5873] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5873] close(3) = 0 [pid 5873] close(4) = 0 [pid 5873] mkdir("./file0", 0777) = 0 [pid 5873] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5873] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5873] chdir("./file0") = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5873] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] <... futex resumed>) = 0 [pid 5873] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5872] <... futex resumed>) = 0 [pid 5872] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777) = 4 [pid 5873] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] <... futex resumed>) = 0 [pid 5873] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5872] <... futex resumed>) = 0 [pid 5873] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [ 110.591592][ T5873] loop0: detected capacity change from 0 to 32768 [pid 5872] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5872] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5872] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5874 attached [pid 5874] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053 [pid 5872] <... clone3 resumed> => {parent_tid=[5874]}, 88) = 5874 [pid 5874] <... rseq resumed>) = 0 [pid 5874] set_robust_list(0x7f17d978d9a0, 24 [pid 5872] rt_sigprocmask(SIG_SETMASK, [], [pid 5874] <... set_robust_list resumed>) = 0 [pid 5874] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5874] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... futex resumed>) = 0 [pid 5872] <... futex resumed>) = 1 [pid 5874] open_tree(AT_FDCWD, "./file0", 0 [pid 5872] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] <... open_tree resumed>) = 5 [pid 5874] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] <... futex resumed>) = 0 [pid 5874] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [pid 5872] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 110.739720][ T5874] ERROR: (device loop0): dtSearch: stack overrun! [ 110.739720][ T5874] [ 110.749744][ T5874] ERROR: (device loop0): remounting filesystem as read-only [ 110.757717][ T5874] btstack dump: [ 110.761246][ T5874] bn = 0, index = 0 [ 110.765123][ T5874] bn = 0, index = 0 [ 110.770270][ T5874] bn = 0, index = 0 [ 110.774164][ T5874] bn = 0, index = 0 [ 110.778449][ T5874] bn = 0, index = 0 [ 110.782316][ T5874] bn = 0, index = 0 [ 110.786274][ T5874] bn = 0, index = 0 [pid 5872] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5874] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5874] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 110.791087][ T5874] bn = 0, index = 0 [ 110.795798][ T5874] jfs_rename did not expect dtDelete to return rc = -5 [ 110.803553][ T5874] ERROR: (device loop0): jfs_rename: [ 110.803553][ T5874] [pid 5874] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] exit_group(0 [pid 5874] <... futex resumed>) = ? [pid 5873] <... write resumed>) = ? [pid 5872] <... exit_group resumed>) = ? [pid 5873] +++ exited with 0 +++ [pid 5874] +++ exited with 0 +++ [pid 5872] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5872, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=74 /* 0.74 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5875 attached , child_tidptr=0x5555559f0690) = 5875 [pid 5875] set_robust_list(0x5555559f06a0, 24) = 0 [pid 5875] chdir("./14") = 0 [pid 5875] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5875] setpgid(0, 0) = 0 [pid 5875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5875] write(3, "1000", 4) = 4 [pid 5875] close(3) = 0 [pid 5875] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5875] write(1, "executing program\n", 18) = 18 [pid 5875] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5875] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5875] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5875] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5875] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5875] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5875] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5876 attached [pid 5876] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053 [pid 5875] <... clone3 resumed> => {parent_tid=[5876]}, 88) = 5876 [pid 5876] <... rseq resumed>) = 0 [pid 5876] set_robust_list(0x7f17d97ae9a0, 24) = 0 [pid 5876] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5876] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5875] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5875] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = 0 [pid 5875] <... futex resumed>) = 1 [pid 5875] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5876] memfd_create("syzkaller", 0) = 3 [pid 5876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5876] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5876] munmap(0x7f17d1200000, 138412032) = 0 [pid 5876] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5876] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5876] close(3) = 0 [pid 5876] close(4) = 0 [pid 5876] mkdir("./file0", 0777) = 0 [pid 5876] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5876] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5876] chdir("./file0") = 0 [pid 5876] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5876] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5875] <... futex resumed>) = 0 [pid 5876] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5875] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = 0 [pid 5875] <... futex resumed>) = 1 [pid 5875] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5876] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777) = 4 [pid 5876] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5875] <... futex resumed>) = 0 [pid 5876] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5875] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5875] <... futex resumed>) = 0 [pid 5875] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 112.252050][ T5876] loop0: detected capacity change from 0 to 32768 [pid 5876] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [pid 5875] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5875] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5875] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5875] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5875] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5875] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5877 attached [pid 5877] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053) = 0 [pid 5875] <... clone3 resumed> => {parent_tid=[5877]}, 88) = 5877 [pid 5877] set_robust_list(0x7f17d978d9a0, 24 [pid 5875] rt_sigprocmask(SIG_SETMASK, [], [pid 5877] <... set_robust_list resumed>) = 0 [pid 5877] rt_sigprocmask(SIG_SETMASK, [], [pid 5875] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5877] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5875] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5875] <... futex resumed>) = 0 [pid 5877] open_tree(AT_FDCWD, "./file0", 0 [pid 5875] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] <... open_tree resumed>) = 5 [pid 5877] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5875] <... futex resumed>) = 0 [pid 5877] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5875] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5875] <... futex resumed>) = 0 [pid 5877] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [pid 5875] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 112.390481][ T5877] ERROR: (device loop0): dtSearch: stack overrun! [ 112.390481][ T5877] [ 112.400332][ T5877] ERROR: (device loop0): remounting filesystem as read-only [ 112.409029][ T5877] btstack dump: [ 112.412613][ T5877] bn = 0, index = 0 [ 112.416445][ T5877] bn = 0, index = 0 [ 112.420992][ T5877] bn = 0, index = 0 [ 112.424851][ T5877] bn = 0, index = 0 [ 112.429152][ T5877] bn = 0, index = 0 [ 112.433007][ T5877] bn = 0, index = 0 [pid 5877] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5877] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 112.437252][ T5877] bn = 0, index = 0 [ 112.441174][ T5877] bn = 0, index = 0 [ 112.445481][ T5877] jfs_rename did not expect dtDelete to return rc = -5 [ 112.452947][ T5877] ERROR: (device loop0): jfs_rename: [ 112.452947][ T5877] [pid 5877] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5875] exit_group(0 [pid 5877] <... futex resumed>) = ? [pid 5876] <... write resumed>) = ? [pid 5875] <... exit_group resumed>) = ? [pid 5876] +++ exited with 0 +++ [pid 5877] +++ exited with 0 +++ [pid 5875] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5875, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=75 /* 0.75 s */} --- umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5878 attached , child_tidptr=0x5555559f0690) = 5878 [pid 5878] set_robust_list(0x5555559f06a0, 24) = 0 [pid 5878] chdir("./15") = 0 [pid 5878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5878] setpgid(0, 0) = 0 [pid 5878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5878] write(3, "1000", 4) = 4 [pid 5878] close(3) = 0 [pid 5878] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5878] write(1, "executing program\n", 18) = 18 [pid 5878] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5878] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5878] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5878] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5878] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5878] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5879 attached [pid 5879] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053) = 0 [pid 5879] set_robust_list(0x7f17d97ae9a0, 24 [pid 5878] <... clone3 resumed> => {parent_tid=[5879]}, 88) = 5879 [pid 5879] <... set_robust_list resumed>) = 0 [pid 5878] rt_sigprocmask(SIG_SETMASK, [], [pid 5879] rt_sigprocmask(SIG_SETMASK, [], [pid 5878] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5879] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5878] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] memfd_create("syzkaller", 0 [pid 5878] <... futex resumed>) = 0 [pid 5879] <... memfd_create resumed>) = 3 [pid 5878] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5879] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5879] munmap(0x7f17d1200000, 138412032) = 0 [pid 5879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5879] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5879] close(3) = 0 [pid 5879] close(4) = 0 [pid 5879] mkdir("./file0", 0777) = 0 [pid 5879] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5879] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5879] chdir("./file0") = 0 [pid 5879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5879] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5878] <... futex resumed>) = 0 [pid 5879] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5878] <... futex resumed>) = 0 [pid 5879] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777 [pid 5878] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] <... openat resumed>) = 4 [ 114.108516][ T5879] loop0: detected capacity change from 0 to 32768 [pid 5879] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5878] <... futex resumed>) = 0 [pid 5879] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5879] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [pid 5878] <... futex resumed>) = 0 [pid 5878] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5878] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5878] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5878] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5878] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5880 attached [pid 5880] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053 [pid 5878] <... clone3 resumed> => {parent_tid=[5880]}, 88) = 5880 [pid 5880] <... rseq resumed>) = 0 [pid 5878] rt_sigprocmask(SIG_SETMASK, [], [pid 5880] set_robust_list(0x7f17d978d9a0, 24 [pid 5878] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5880] <... set_robust_list resumed>) = 0 [pid 5878] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] rt_sigprocmask(SIG_SETMASK, [], [pid 5878] <... futex resumed>) = 0 [pid 5880] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5878] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] open_tree(AT_FDCWD, "./file0", 0) = 5 [pid 5880] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] <... futex resumed>) = 0 [pid 5878] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... futex resumed>) = 1 [pid 5878] <... futex resumed>) = 0 [pid 5880] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [ 114.252532][ T5880] ERROR: (device loop0): dtSearch: stack overrun! [ 114.252532][ T5880] [ 114.262824][ T5880] ERROR: (device loop0): remounting filesystem as read-only [ 114.270340][ T5880] btstack dump: [ 114.273871][ T5880] bn = 0, index = 0 [ 114.277883][ T5880] bn = 0, index = 0 [ 114.281783][ T5880] bn = 0, index = 0 [ 114.285644][ T5880] bn = 0, index = 0 [ 114.289995][ T5880] bn = 0, index = 0 [ 114.293893][ T5880] bn = 0, index = 0 [ 114.298229][ T5880] bn = 0, index = 0 [pid 5878] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5880] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5880] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 114.304056][ T5880] bn = 0, index = 0 [ 114.308912][ T5880] jfs_rename did not expect dtDelete to return rc = -5 [ 114.316103][ T5880] ERROR: (device loop0): jfs_rename: [ 114.316103][ T5880] [pid 5880] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] exit_group(0 [pid 5880] <... futex resumed>) = ? [pid 5878] <... exit_group resumed>) = ? [pid 5880] +++ exited with 0 +++ [pid 5879] <... write resumed>) = ? [pid 5879] +++ exited with 0 +++ [pid 5878] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5878, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=71 /* 0.71 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5881 attached , child_tidptr=0x5555559f0690) = 5881 [pid 5881] set_robust_list(0x5555559f06a0, 24) = 0 [pid 5881] chdir("./16") = 0 [pid 5881] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5881] setpgid(0, 0) = 0 [pid 5881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5881] write(3, "1000", 4) = 4 [pid 5881] close(3) = 0 [pid 5881] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5881] write(1, "executing program\n", 18) = 18 [pid 5881] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5881] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5881] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5881] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5881] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5881] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5881] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5882 attached [pid 5882] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053) = 0 [pid 5881] <... clone3 resumed> => {parent_tid=[5882]}, 88) = 5882 [pid 5882] set_robust_list(0x7f17d97ae9a0, 24 [pid 5881] rt_sigprocmask(SIG_SETMASK, [], [pid 5882] <... set_robust_list resumed>) = 0 [pid 5881] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5882] rt_sigprocmask(SIG_SETMASK, [], [pid 5881] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5881] <... futex resumed>) = 0 [pid 5881] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5882] memfd_create("syzkaller", 0) = 3 [pid 5882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5882] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5882] munmap(0x7f17d1200000, 138412032) = 0 [pid 5882] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5882] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5882] close(3) = 0 [pid 5882] close(4) = 0 [pid 5882] mkdir("./file0", 0777) = 0 [pid 5882] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5882] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5882] chdir("./file0") = 0 [pid 5882] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5882] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5882] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] <... futex resumed>) = 0 [pid 5881] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5882] <... futex resumed>) = 0 [pid 5881] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777) = 4 [pid 5882] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5881] <... futex resumed>) = 0 [pid 5882] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5881] <... futex resumed>) = 0 [pid 5882] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [ 115.741577][ T5882] loop0: detected capacity change from 0 to 32768 [pid 5881] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5881] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5881] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5881] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5881] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5881] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5883 attached => {parent_tid=[5883]}, 88) = 5883 [pid 5883] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053 [pid 5881] rt_sigprocmask(SIG_SETMASK, [], [pid 5883] <... rseq resumed>) = 0 [pid 5883] set_robust_list(0x7f17d978d9a0, 24) = 0 [pid 5883] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5883] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5881] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... futex resumed>) = 0 [pid 5881] <... futex resumed>) = 1 [pid 5883] open_tree(AT_FDCWD, "./file0", 0 [pid 5881] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... open_tree resumed>) = 5 [pid 5883] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5881] <... futex resumed>) = 0 [pid 5883] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5881] <... futex resumed>) = 0 [pid 5883] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [pid 5881] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 115.879837][ T5883] ERROR: (device loop0): dtSearch: stack overrun! [ 115.879837][ T5883] [ 115.888942][ T5883] ERROR: (device loop0): remounting filesystem as read-only [ 115.896294][ T5883] btstack dump: [ 115.900927][ T5883] bn = 0, index = 0 [ 115.904805][ T5883] bn = 0, index = 0 [ 115.909211][ T5883] bn = 0, index = 0 [ 115.913083][ T5883] bn = 0, index = 0 [ 115.917943][ T5883] bn = 0, index = 0 [ 115.921795][ T5883] bn = 0, index = 0 [ 115.925664][ T5883] bn = 0, index = 0 [pid 5883] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5883] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 115.930179][ T5883] bn = 0, index = 0 [ 115.934433][ T5883] jfs_rename did not expect dtDelete to return rc = -5 [ 115.941803][ T5883] ERROR: (device loop0): jfs_rename: [ 115.941803][ T5883] [pid 5883] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] exit_group(0 [pid 5883] <... futex resumed>) = ? [pid 5882] <... write resumed>) = ? [pid 5881] <... exit_group resumed>) = ? [pid 5883] +++ exited with 0 +++ [pid 5882] +++ exited with 0 +++ [pid 5881] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5881, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=68 /* 0.68 s */} --- umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5884 attached , child_tidptr=0x5555559f0690) = 5884 [pid 5884] set_robust_list(0x5555559f06a0, 24) = 0 [pid 5884] chdir("./17") = 0 [pid 5884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5884] setpgid(0, 0) = 0 [pid 5884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5884] write(3, "1000", 4) = 4 [pid 5884] close(3) = 0 [pid 5884] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5884] write(1, "executing program\n", 18executing program ) = 18 [pid 5884] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5884] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5884] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5884] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5884] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5884] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5884] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5885 attached [pid 5885] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053) = 0 [pid 5884] <... clone3 resumed> => {parent_tid=[5885]}, 88) = 5885 [pid 5885] set_robust_list(0x7f17d97ae9a0, 24 [pid 5884] rt_sigprocmask(SIG_SETMASK, [], [pid 5885] <... set_robust_list resumed>) = 0 [pid 5884] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5885] rt_sigprocmask(SIG_SETMASK, [], [pid 5884] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5884] <... futex resumed>) = 0 [pid 5885] memfd_create("syzkaller", 0 [pid 5884] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5885] <... memfd_create resumed>) = 3 [pid 5885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5885] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5885] munmap(0x7f17d1200000, 138412032) = 0 [pid 5885] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5885] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5885] close(3) = 0 [pid 5885] close(4) = 0 [pid 5885] mkdir("./file0", 0777) = 0 [pid 5885] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5885] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5885] chdir("./file0") = 0 [pid 5885] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5885] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5884] <... futex resumed>) = 0 [pid 5885] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5884] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5885] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777) = 4 [pid 5885] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5884] <... futex resumed>) = 0 [ 117.431053][ T5885] loop0: detected capacity change from 0 to 32768 [pid 5884] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [pid 5884] <... futex resumed>) = 0 [pid 5884] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5884] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5884] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5884] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5884] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5884] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5886 attached => {parent_tid=[5886]}, 88) = 5886 [pid 5886] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053 [pid 5884] rt_sigprocmask(SIG_SETMASK, [], [pid 5886] <... rseq resumed>) = 0 [pid 5886] set_robust_list(0x7f17d978d9a0, 24 [pid 5884] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5886] <... set_robust_list resumed>) = 0 [pid 5884] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] rt_sigprocmask(SIG_SETMASK, [], [pid 5884] <... futex resumed>) = 0 [pid 5886] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5884] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] open_tree(AT_FDCWD, "./file0", 0) = 5 [pid 5886] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5884] <... futex resumed>) = 0 [pid 5886] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5884] <... futex resumed>) = 0 [pid 5886] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [pid 5884] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 117.576148][ T5886] ERROR: (device loop0): dtSearch: stack overrun! [ 117.576148][ T5886] [ 117.585522][ T5886] ERROR: (device loop0): remounting filesystem as read-only [ 117.593668][ T5886] btstack dump: [ 117.597762][ T5886] bn = 0, index = 0 [ 117.601669][ T5886] bn = 0, index = 0 [ 117.605552][ T5886] bn = 0, index = 0 [ 117.609994][ T5886] bn = 0, index = 0 [ 117.613943][ T5886] bn = 0, index = 0 [ 117.618290][ T5886] bn = 0, index = 0 [ 117.622304][ T5886] bn = 0, index = 0 [pid 5886] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5886] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 117.627373][ T5886] bn = 0, index = 0 [ 117.631242][ T5886] jfs_rename did not expect dtDelete to return rc = -5 [ 117.638635][ T5886] ERROR: (device loop0): jfs_rename: [ 117.638635][ T5886] [pid 5886] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] exit_group(0 [pid 5886] <... futex resumed>) = ? [pid 5886] +++ exited with 0 +++ [pid 5885] <... write resumed>) = ? [pid 5884] <... exit_group resumed>) = ? [pid 5885] +++ exited with 0 +++ [pid 5884] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5884, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=70 /* 0.70 s */} --- umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5887 attached , child_tidptr=0x5555559f0690) = 5887 [pid 5887] set_robust_list(0x5555559f06a0, 24) = 0 [pid 5887] chdir("./18") = 0 [pid 5887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5887] setpgid(0, 0) = 0 [pid 5887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5887] write(3, "1000", 4) = 4 [pid 5887] close(3) = 0 [pid 5887] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5887] write(1, "executing program\n", 18) = 18 [pid 5887] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5887] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5887] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5887] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5887] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5888 attached [pid 5888] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053) = 0 [pid 5888] set_robust_list(0x7f17d97ae9a0, 24 [pid 5887] <... clone3 resumed> => {parent_tid=[5888]}, 88) = 5888 [pid 5888] <... set_robust_list resumed>) = 0 [pid 5887] rt_sigprocmask(SIG_SETMASK, [], [pid 5888] rt_sigprocmask(SIG_SETMASK, [], [pid 5887] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5888] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5887] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5888] memfd_create("syzkaller", 0) = 3 [pid 5888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5888] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5888] munmap(0x7f17d1200000, 138412032) = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5888] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5888] close(3) = 0 [pid 5888] close(4) = 0 [pid 5888] mkdir("./file0", 0777) = 0 [pid 5888] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [ 119.258387][ T5888] loop0: detected capacity change from 0 to 32768 [pid 5888] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5888] chdir("./file0") = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5888] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5888] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5887] <... futex resumed>) = 0 [pid 5888] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777) = 4 [pid 5887] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5888] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5887] <... futex resumed>) = 0 [pid 5888] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [pid 5887] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5887] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5887] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5887] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5887] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5889 attached [pid 5889] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053) = 0 [pid 5889] set_robust_list(0x7f17d978d9a0, 24 [pid 5887] <... clone3 resumed> => {parent_tid=[5889]}, 88) = 5889 [pid 5889] <... set_robust_list resumed>) = 0 [pid 5889] rt_sigprocmask(SIG_SETMASK, [], [pid 5887] rt_sigprocmask(SIG_SETMASK, [], [pid 5889] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5889] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5887] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] <... futex resumed>) = 0 [pid 5887] <... futex resumed>) = 1 [pid 5887] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] open_tree(AT_FDCWD, "./file0", 0) = 5 [pid 5889] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5889] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 119.426432][ T5889] ERROR: (device loop0): dtSearch: stack overrun! [ 119.426432][ T5889] [ 119.437219][ T5889] ERROR: (device loop0): remounting filesystem as read-only [ 119.444580][ T5889] btstack dump: [ 119.448434][ T5889] bn = 0, index = 0 [ 119.452480][ T5889] bn = 0, index = 0 [ 119.456423][ T5889] bn = 0, index = 0 [ 119.460735][ T5889] bn = 0, index = 0 [ 119.464692][ T5889] bn = 0, index = 0 [ 119.469177][ T5889] bn = 0, index = 0 [pid 5889] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [pid 5887] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5889] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5889] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 119.473123][ T5889] bn = 0, index = 0 [ 119.477183][ T5889] bn = 0, index = 0 [ 119.481350][ T5889] jfs_rename did not expect dtDelete to return rc = -5 [ 119.488669][ T5889] ERROR: (device loop0): jfs_rename: [ 119.488669][ T5889] [pid 5889] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] exit_group(0) = ? [pid 5889] <... futex resumed>) = ? [pid 5889] +++ exited with 0 +++ [pid 5888] <... write resumed>) = ? [pid 5888] +++ exited with 0 +++ [pid 5887] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5887, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=74 /* 0.74 s */} --- umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5890 attached , child_tidptr=0x5555559f0690) = 5890 [pid 5890] set_robust_list(0x5555559f06a0, 24) = 0 [pid 5890] chdir("./19") = 0 [pid 5890] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5890] setpgid(0, 0) = 0 [pid 5890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5890] write(3, "1000", 4) = 4 [pid 5890] close(3) = 0 [pid 5890] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5890] write(1, "executing program\n", 18executing program ) = 18 [pid 5890] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5890] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5890] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5890] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5890] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5890] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5890] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5891 attached [pid 5891] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053) = 0 [pid 5891] set_robust_list(0x7f17d97ae9a0, 24) = 0 [pid 5890] <... clone3 resumed> => {parent_tid=[5891]}, 88) = 5891 [pid 5891] rt_sigprocmask(SIG_SETMASK, [], [pid 5890] rt_sigprocmask(SIG_SETMASK, [], [pid 5891] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5891] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5890] <... futex resumed>) = 0 [pid 5891] memfd_create("syzkaller", 0 [pid 5890] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5891] <... memfd_create resumed>) = 3 [pid 5891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5891] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5891] munmap(0x7f17d1200000, 138412032) = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5891] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5891] close(3) = 0 [pid 5891] close(4) = 0 [pid 5891] mkdir("./file0", 0777) = 0 [pid 5891] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5891] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5891] chdir("./file0") = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5891] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5891] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777 [pid 5890] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5890] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... openat resumed>) = 4 [pid 5891] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] <... futex resumed>) = 0 [pid 5891] <... futex resumed>) = 1 [pid 5890] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [pid 5890] <... futex resumed>) = 0 [ 121.118053][ T5891] loop0: detected capacity change from 0 to 32768 [pid 5890] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5890] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5890] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5890] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5890] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5890] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5893 attached => {parent_tid=[5893]}, 88) = 5893 [pid 5893] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053 [pid 5890] rt_sigprocmask(SIG_SETMASK, [], [pid 5893] <... rseq resumed>) = 0 [pid 5890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5893] set_robust_list(0x7f17d978d9a0, 24 [pid 5890] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... set_robust_list resumed>) = 0 [pid 5890] <... futex resumed>) = 0 [pid 5893] rt_sigprocmask(SIG_SETMASK, [], [pid 5890] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5893] open_tree(AT_FDCWD, "./file0", 0) = 5 [pid 5893] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5893] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [pid 5890] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 121.244176][ T5893] ERROR: (device loop0): dtSearch: stack overrun! [ 121.244176][ T5893] [ 121.253978][ T5893] ERROR: (device loop0): remounting filesystem as read-only [ 121.261859][ T5893] btstack dump: [ 121.265441][ T5893] bn = 0, index = 0 [ 121.270193][ T5893] bn = 0, index = 0 [ 121.274133][ T5893] bn = 0, index = 0 [ 121.278206][ T5893] bn = 0, index = 0 [ 121.282219][ T5893] bn = 0, index = 0 [ 121.286185][ T5893] bn = 0, index = 0 [ 121.290444][ T5893] bn = 0, index = 0 [pid 5890] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5893] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5893] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 121.294480][ T5893] bn = 0, index = 0 [ 121.298658][ T5893] jfs_rename did not expect dtDelete to return rc = -5 [ 121.305926][ T5893] ERROR: (device loop0): jfs_rename: [ 121.305926][ T5893] [pid 5893] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] exit_group(0 [pid 5893] <... futex resumed>) = ? [pid 5890] <... exit_group resumed>) = ? [pid 5891] <... write resumed>) = ? [pid 5891] +++ exited with 0 +++ [pid 5893] +++ exited with 0 +++ [pid 5890] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5890, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=69 /* 0.69 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5894 attached , child_tidptr=0x5555559f0690) = 5894 [pid 5894] set_robust_list(0x5555559f06a0, 24) = 0 [pid 5894] chdir("./20") = 0 [pid 5894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5894] setpgid(0, 0) = 0 [pid 5894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5894] write(3, "1000", 4) = 4 [pid 5894] close(3) = 0 [pid 5894] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5894] write(1, "executing program\n", 18executing program ) = 18 [pid 5894] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5894] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5894] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5894] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5894] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5894] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5895 attached [pid 5895] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053) = 0 [pid 5894] <... clone3 resumed> => {parent_tid=[5895]}, 88) = 5895 [pid 5895] set_robust_list(0x7f17d97ae9a0, 24 [pid 5894] rt_sigprocmask(SIG_SETMASK, [], [pid 5895] <... set_robust_list resumed>) = 0 [pid 5894] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5895] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5894] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] memfd_create("syzkaller", 0 [pid 5894] <... futex resumed>) = 0 [pid 5894] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5895] <... memfd_create resumed>) = 3 [pid 5895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5895] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5895] munmap(0x7f17d1200000, 138412032) = 0 [pid 5895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5895] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5895] close(3) = 0 [pid 5895] close(4) = 0 [pid 5895] mkdir("./file0", 0777) = 0 [pid 5895] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5895] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5895] chdir("./file0") = 0 [pid 5895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5895] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5894] <... futex resumed>) = 0 [pid 5894] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777 [pid 5894] <... futex resumed>) = 0 [pid 5894] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5895] <... openat resumed>) = 4 [pid 5895] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5894] <... futex resumed>) = 0 [pid 5895] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5894] <... futex resumed>) = 0 [pid 5895] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [ 122.717768][ T5895] loop0: detected capacity change from 0 to 32768 [pid 5894] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5894] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5894] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5894] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5894] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5896 attached [pid 5896] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053 [pid 5894] <... clone3 resumed> => {parent_tid=[5896]}, 88) = 5896 [pid 5894] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5894] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5896] <... rseq resumed>) = 0 [pid 5894] <... futex resumed>) = 0 [pid 5896] set_robust_list(0x7f17d978d9a0, 24) = 0 [pid 5894] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5896] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5896] open_tree(AT_FDCWD, "./file0", 0) = 5 [pid 5896] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5894] <... futex resumed>) = 0 [pid 5896] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5896] <... futex resumed>) = 0 [pid 5894] <... futex resumed>) = 1 [pid 5894] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 122.866697][ T5896] ERROR: (device loop0): dtSearch: stack overrun! [ 122.866697][ T5896] [ 122.876209][ T5896] ERROR: (device loop0): remounting filesystem as read-only [ 122.884166][ T5896] btstack dump: [ 122.889074][ T5896] bn = 0, index = 0 [ 122.893039][ T5896] bn = 0, index = 0 [ 122.897531][ T5896] bn = 0, index = 0 [ 122.901581][ T5896] bn = 0, index = 0 [ 122.906810][ T5896] bn = 0, index = 0 [ 122.910699][ T5896] bn = 0, index = 0 [pid 5896] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [pid 5894] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5896] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5896] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 122.914513][ T5896] bn = 0, index = 0 [ 122.918918][ T5896] bn = 0, index = 0 [ 122.922807][ T5896] jfs_rename did not expect dtDelete to return rc = -5 [ 122.930777][ T5896] ERROR: (device loop0): jfs_rename: [ 122.930777][ T5896] [pid 5896] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] exit_group(0 [pid 5896] <... futex resumed>) = ? [pid 5894] <... exit_group resumed>) = ? [pid 5896] +++ exited with 0 +++ [pid 5895] <... write resumed>) = ? [pid 5895] +++ exited with 0 +++ [pid 5894] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5894, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=60 /* 0.60 s */} --- umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5899 attached , child_tidptr=0x5555559f0690) = 5899 [pid 5899] set_robust_list(0x5555559f06a0, 24) = 0 [pid 5899] chdir("./21") = 0 [pid 5899] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5899] setpgid(0, 0) = 0 [pid 5899] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5899] write(3, "1000", 4) = 4 [pid 5899] close(3) = 0 [pid 5899] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5899] write(1, "executing program\n", 18) = 18 [pid 5899] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5899] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5899] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5899] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5899] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5899] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5899] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5901 attached => {parent_tid=[5901]}, 88) = 5901 [pid 5899] rt_sigprocmask(SIG_SETMASK, [], [pid 5901] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053 [pid 5899] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5901] <... rseq resumed>) = 0 [pid 5899] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] set_robust_list(0x7f17d97ae9a0, 24) = 0 [pid 5899] <... futex resumed>) = 0 [pid 5901] rt_sigprocmask(SIG_SETMASK, [], [pid 5899] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5901] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5901] memfd_create("syzkaller", 0) = 3 [pid 5901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5901] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5901] munmap(0x7f17d1200000, 138412032) = 0 [pid 5901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5901] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5901] close(3) = 0 [pid 5901] close(4) = 0 [pid 5901] mkdir("./file0", 0777) = 0 [pid 5901] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5901] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5901] chdir("./file0") = 0 [pid 5901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5901] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5899] <... futex resumed>) = 0 [pid 5901] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5899] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5899] <... futex resumed>) = 0 [ 124.580721][ T5901] loop0: detected capacity change from 0 to 32768 [pid 5901] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777 [pid 5899] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] <... openat resumed>) = 4 [pid 5901] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5899] <... futex resumed>) = 0 [pid 5901] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5899] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5899] <... futex resumed>) = 0 [pid 5901] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [pid 5899] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5899] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5899] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5899] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5899] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5899] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5902 attached [pid 5902] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053) = 0 [pid 5902] set_robust_list(0x7f17d978d9a0, 24) = 0 [pid 5902] rt_sigprocmask(SIG_SETMASK, [], [pid 5899] <... clone3 resumed> => {parent_tid=[5902]}, 88) = 5902 [pid 5902] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5902] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5899] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5899] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] <... futex resumed>) = 0 [pid 5899] <... futex resumed>) = 1 [pid 5902] open_tree(AT_FDCWD, "./file0", 0 [pid 5899] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5902] <... open_tree resumed>) = 5 [pid 5902] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5899] <... futex resumed>) = 0 [pid 5899] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5902] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [pid 5899] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5899] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 124.748356][ T5902] ERROR: (device loop0): dtSearch: stack overrun! [ 124.748356][ T5902] [ 124.758353][ T5902] ERROR: (device loop0): remounting filesystem as read-only [ 124.765736][ T5902] btstack dump: [ 124.770957][ T5902] bn = 0, index = 0 [ 124.774808][ T5902] bn = 0, index = 0 [ 124.779079][ T5902] bn = 0, index = 0 [ 124.783010][ T5902] bn = 0, index = 0 [ 124.787440][ T5902] bn = 0, index = 0 [ 124.791357][ T5902] bn = 0, index = 0 [pid 5902] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5902] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 124.795240][ T5902] bn = 0, index = 0 [ 124.800167][ T5902] bn = 0, index = 0 [ 124.804071][ T5902] jfs_rename did not expect dtDelete to return rc = -5 [ 124.811419][ T5902] ERROR: (device loop0): jfs_rename: [ 124.811419][ T5902] [pid 5902] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5899] exit_group(0) = ? [pid 5902] <... futex resumed>) = ? [pid 5902] +++ exited with 0 +++ [pid 5901] <... write resumed>) = ? [pid 5901] +++ exited with 0 +++ [pid 5899] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5899, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=65 /* 0.65 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5904 attached , child_tidptr=0x5555559f0690) = 5904 [pid 5904] set_robust_list(0x5555559f06a0, 24) = 0 [pid 5904] chdir("./22") = 0 [pid 5904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5904] setpgid(0, 0) = 0 [pid 5904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5904] write(3, "1000", 4) = 4 [pid 5904] close(3) = 0 [pid 5904] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5904] write(1, "executing program\n", 18executing program ) = 18 [pid 5904] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5904] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5904] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5904] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5904] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5905 attached [pid 5905] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053) = 0 [pid 5904] <... clone3 resumed> => {parent_tid=[5905]}, 88) = 5905 [pid 5905] set_robust_list(0x7f17d97ae9a0, 24 [pid 5904] rt_sigprocmask(SIG_SETMASK, [], [pid 5905] <... set_robust_list resumed>) = 0 [pid 5904] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5905] rt_sigprocmask(SIG_SETMASK, [], [pid 5904] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5905] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5904] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5905] memfd_create("syzkaller", 0) = 3 [pid 5905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5905] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5905] munmap(0x7f17d1200000, 138412032) = 0 [pid 5905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5905] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5905] close(3) = 0 [pid 5905] close(4) = 0 [pid 5905] mkdir("./file0", 0777) = 0 [pid 5905] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5905] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5905] chdir("./file0") = 0 [pid 5905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5905] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5904] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777 [pid 5904] <... futex resumed>) = 0 [pid 5904] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5905] <... openat resumed>) = 4 [pid 5905] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5905] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [pid 5904] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 126.364568][ T5905] loop0: detected capacity change from 0 to 32768 [pid 5904] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5904] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5904] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5904] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5904] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5904] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5906 attached [pid 5906] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053) = 0 [pid 5904] <... clone3 resumed> => {parent_tid=[5906]}, 88) = 5906 [pid 5906] set_robust_list(0x7f17d978d9a0, 24 [pid 5904] rt_sigprocmask(SIG_SETMASK, [], [pid 5906] <... set_robust_list resumed>) = 0 [pid 5904] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5906] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5904] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] open_tree(AT_FDCWD, "./file0", 0 [pid 5904] <... futex resumed>) = 0 [pid 5904] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] <... open_tree resumed>) = 5 [pid 5906] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5906] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5904] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [pid 5904] <... futex resumed>) = 0 [ 126.526435][ T5906] ERROR: (device loop0): dtSearch: stack overrun! [ 126.526435][ T5906] [ 126.536033][ T5906] ERROR: (device loop0): remounting filesystem as read-only [ 126.544452][ T5906] btstack dump: [ 126.548401][ T5906] bn = 0, index = 0 [ 126.552276][ T5906] bn = 0, index = 0 [ 126.556156][ T5906] bn = 0, index = 0 [ 126.561287][ T5906] bn = 0, index = 0 [ 126.565492][ T5906] bn = 0, index = 0 [ 126.570463][ T5906] bn = 0, index = 0 [pid 5904] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5906] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5906] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 126.574344][ T5906] bn = 0, index = 0 [ 126.579531][ T5906] bn = 0, index = 0 [ 126.583944][ T5906] jfs_rename did not expect dtDelete to return rc = -5 [ 126.591306][ T5906] ERROR: (device loop0): jfs_rename: [ 126.591306][ T5906] [pid 5906] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] exit_group(0) = ? [pid 5906] <... futex resumed>) = ? [pid 5906] +++ exited with 0 +++ [pid 5905] <... write resumed>) = ? [pid 5905] +++ exited with 0 +++ [pid 5904] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5904, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=69 /* 0.69 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5907 attached , child_tidptr=0x5555559f0690) = 5907 [pid 5907] set_robust_list(0x5555559f06a0, 24) = 0 [pid 5907] chdir("./23") = 0 [pid 5907] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5907] setpgid(0, 0) = 0 [pid 5907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5907] write(3, "1000", 4) = 4 [pid 5907] close(3) = 0 [pid 5907] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5907] write(1, "executing program\n", 18) = 18 [pid 5907] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5907] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5907] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5907] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5907] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5907] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5908 attached [pid 5908] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053) = 0 [pid 5907] <... clone3 resumed> => {parent_tid=[5908]}, 88) = 5908 [pid 5908] set_robust_list(0x7f17d97ae9a0, 24 [pid 5907] rt_sigprocmask(SIG_SETMASK, [], [pid 5908] <... set_robust_list resumed>) = 0 [pid 5907] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5908] rt_sigprocmask(SIG_SETMASK, [], [pid 5907] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5907] <... futex resumed>) = 0 [pid 5908] memfd_create("syzkaller", 0 [pid 5907] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5908] <... memfd_create resumed>) = 3 [pid 5908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5908] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5908] munmap(0x7f17d1200000, 138412032) = 0 [pid 5908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5908] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5908] close(3) = 0 [pid 5908] close(4) = 0 [pid 5908] mkdir("./file0", 0777) = 0 [pid 5908] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5908] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5908] chdir("./file0") = 0 [pid 5908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5908] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5907] <... futex resumed>) = 0 [pid 5908] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5907] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5907] <... futex resumed>) = 0 [pid 5908] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777 [pid 5907] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5908] <... openat resumed>) = 4 [pid 5908] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... futex resumed>) = 0 [pid 5908] <... futex resumed>) = 1 [ 128.020501][ T5908] loop0: detected capacity change from 0 to 32768 [pid 5907] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [pid 5907] <... futex resumed>) = 0 [pid 5907] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5907] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5907] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5907] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5907] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5909 attached [pid 5909] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053) = 0 [pid 5907] <... clone3 resumed> => {parent_tid=[5909]}, 88) = 5909 [pid 5909] set_robust_list(0x7f17d978d9a0, 24 [pid 5907] rt_sigprocmask(SIG_SETMASK, [], [pid 5909] <... set_robust_list resumed>) = 0 [pid 5907] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5909] rt_sigprocmask(SIG_SETMASK, [], [pid 5907] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5907] <... futex resumed>) = 0 [pid 5909] open_tree(AT_FDCWD, "./file0", 0 [pid 5907] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5909] <... open_tree resumed>) = 5 [pid 5909] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5907] <... futex resumed>) = 0 [pid 5909] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5907] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5907] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 128.167469][ T5909] ERROR: (device loop0): dtSearch: stack overrun! [ 128.167469][ T5909] [ 128.176619][ T5909] ERROR: (device loop0): remounting filesystem as read-only [ 128.185172][ T5909] btstack dump: [ 128.189302][ T5909] bn = 0, index = 0 [ 128.193151][ T5909] bn = 0, index = 0 [ 128.197432][ T5909] bn = 0, index = 0 [ 128.201365][ T5909] bn = 0, index = 0 [ 128.205200][ T5909] bn = 0, index = 0 [ 128.209831][ T5909] bn = 0, index = 0 [ 128.213686][ T5909] bn = 0, index = 0 [pid 5909] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [pid 5907] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5909] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5909] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 128.218020][ T5909] bn = 0, index = 0 [ 128.222398][ T5909] jfs_rename did not expect dtDelete to return rc = -5 [ 128.229917][ T5909] ERROR: (device loop0): jfs_rename: [ 128.229917][ T5909] [pid 5909] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5907] exit_group(0 [pid 5909] <... futex resumed>) = ? [pid 5908] <... write resumed>) = ? [pid 5907] <... exit_group resumed>) = ? [pid 5909] +++ exited with 0 +++ [pid 5908] +++ exited with 0 +++ [pid 5907] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5907, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=68 /* 0.68 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5910 attached , child_tidptr=0x5555559f0690) = 5910 [pid 5910] set_robust_list(0x5555559f06a0, 24) = 0 [pid 5910] chdir("./24") = 0 [pid 5910] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5910] setpgid(0, 0) = 0 [pid 5910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5910] write(3, "1000", 4) = 4 [pid 5910] close(3) = 0 [pid 5910] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5910] write(1, "executing program\n", 18) = 18 [pid 5910] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5910] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5910] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5910] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5910] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5910] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5910] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5911 attached [pid 5911] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053) = 0 [pid 5911] set_robust_list(0x7f17d97ae9a0, 24) = 0 [pid 5910] <... clone3 resumed> => {parent_tid=[5911]}, 88) = 5911 [pid 5911] rt_sigprocmask(SIG_SETMASK, [], [pid 5910] rt_sigprocmask(SIG_SETMASK, [], [pid 5911] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5910] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5911] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5910] <... futex resumed>) = 0 [pid 5911] memfd_create("syzkaller", 0 [pid 5910] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5911] <... memfd_create resumed>) = 3 [pid 5911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5911] munmap(0x7f17d1200000, 138412032) = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5911] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5911] close(3) = 0 [pid 5911] close(4) = 0 [pid 5911] mkdir("./file0", 0777) = 0 [pid 5911] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5911] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5911] chdir("./file0") = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5911] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5910] <... futex resumed>) = 0 [pid 5910] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777 [pid 5910] <... futex resumed>) = 0 [pid 5910] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] <... openat resumed>) = 4 [ 129.699054][ T5911] loop0: detected capacity change from 0 to 32768 [pid 5911] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5910] <... futex resumed>) = 0 [pid 5911] futex(0x7f17d98876c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5910] <... futex resumed>) = 0 [pid 5911] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [pid 5910] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5910] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5910] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5910] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5910] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5910] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5912 attached [pid 5912] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053) = 0 [pid 5912] set_robust_list(0x7f17d978d9a0, 24 [pid 5910] <... clone3 resumed> => {parent_tid=[5912]}, 88) = 5912 [pid 5910] rt_sigprocmask(SIG_SETMASK, [], [pid 5912] <... set_robust_list resumed>) = 0 [pid 5912] rt_sigprocmask(SIG_SETMASK, [], [pid 5910] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5912] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5910] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5912] open_tree(AT_FDCWD, "./file0", 0 [pid 5910] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] <... open_tree resumed>) = 5 [pid 5912] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5912] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] <... futex resumed>) = 0 [pid 5910] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... futex resumed>) = 0 [pid 5910] <... futex resumed>) = 1 [pid 5912] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [ 129.855410][ T5912] ERROR: (device loop0): dtSearch: stack overrun! [ 129.855410][ T5912] [ 129.864866][ T5912] ERROR: (device loop0): remounting filesystem as read-only [ 129.873529][ T5912] btstack dump: [ 129.877474][ T5912] bn = 0, index = 0 [ 129.881315][ T5912] bn = 0, index = 0 [ 129.885180][ T5912] bn = 0, index = 0 [ 129.889681][ T5912] bn = 0, index = 0 [ 129.893526][ T5912] bn = 0, index = 0 [ 129.898022][ T5912] bn = 0, index = 0 [ 129.901869][ T5912] bn = 0, index = 0 [pid 5910] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5912] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5912] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 129.905793][ T5912] bn = 0, index = 0 [ 129.910708][ T5912] jfs_rename did not expect dtDelete to return rc = -5 [ 129.918081][ T5912] ERROR: (device loop0): jfs_rename: [ 129.918081][ T5912] [pid 5912] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] exit_group(0 [pid 5912] <... futex resumed>) = ? [pid 5911] <... write resumed>) = ? [pid 5910] <... exit_group resumed>) = ? [pid 5912] +++ exited with 0 +++ [pid 5911] +++ exited with 0 +++ [pid 5910] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5910, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=71 /* 0.71 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555559f9770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555559f9770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x5555559f1730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5913 attached , child_tidptr=0x5555559f0690) = 5913 [pid 5913] set_robust_list(0x5555559f06a0, 24) = 0 [pid 5913] chdir("./25") = 0 [pid 5913] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5913] setpgid(0, 0) = 0 [pid 5913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5913] write(3, "1000", 4) = 4 [pid 5913] close(3) = 0 [pid 5913] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5913] write(1, "executing program\n", 18) = 18 [pid 5913] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] rt_sigaction(SIGRT_1, {sa_handler=0x7f17d98200b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17d9811260}, NULL, 8) = 0 [pid 5913] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d978e000 [pid 5913] mprotect(0x7f17d978f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5913] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5913] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d97ae990, parent_tid=0x7f17d97ae990, exit_signal=0, stack=0x7f17d978e000, stack_size=0x20300, tls=0x7f17d97ae6c0}./strace-static-x86_64: Process 5914 attached [pid 5914] rseq(0x7f17d97aefe0, 0x20, 0, 0x53053053 [pid 5913] <... clone3 resumed> => {parent_tid=[5914]}, 88) = 5914 [pid 5914] <... rseq resumed>) = 0 [pid 5914] set_robust_list(0x7f17d97ae9a0, 24 [pid 5913] rt_sigprocmask(SIG_SETMASK, [], [pid 5914] <... set_robust_list resumed>) = 0 [pid 5913] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5914] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5913] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] memfd_create("syzkaller", 0 [pid 5913] <... futex resumed>) = 0 [pid 5913] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5914] <... memfd_create resumed>) = 3 [pid 5914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17d1200000 [pid 5914] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5914] munmap(0x7f17d1200000, 138412032) = 0 [pid 5914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5914] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5914] close(3) = 0 [pid 5914] close(4) = 0 [pid 5914] mkdir("./file0", 0777) = 0 [pid 5914] mount("/dev/loop0", "./file0", "jfs", MS_NOSUID|MS_NODIRATIME|MS_REC|MS_SILENT|MS_POSIXACL|MS_STRICTATIME|MS_LAZYTIME, "") = 0 [pid 5914] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5914] chdir("./file0") = 0 [pid 5914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5914] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] <... futex resumed>) = 0 [pid 5914] <... futex resumed>) = 1 [pid 5913] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0777 [pid 5913] <... futex resumed>) = 0 [pid 5913] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5914] <... openat resumed>) = 4 [ 131.347531][ T5914] loop0: detected capacity change from 0 to 32768 [pid 5914] futex(0x7f17d98876cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5913] <... futex resumed>) = 0 [pid 5914] write(4, "\x7e\x72\x26\xce\x9b\x4d\x69\x20\x92\xff\xa2\xb5\x79\xf0\xff\x57\x93\x01\x2c\x97\x38\xa9\xbe\x19\xff\x3e\x69\xa6\x83\xa0\xa1\xbb\xac\xe0\xdc\x38\x53\xc6\x61\xa4\xe1\x01\x9e\x7a\x1f\x3a\xf6\x03\x50\x12\x6c\xb9\x9c\x5f\x3a\xce\x6f\x56\x16\xc0\x0e\x0f\xb3\x0b\x28\x32\x39\x8f\xed\x62\x33\xb8\x63\x2a\x00\x1d\xd0\xa8\x46\xcb\xb8\xa5\xd7\x7e\x32\x08\xdb\x48\x6b\x05\x5e\xdb\x6a\xe7\x91\x7f\x07\xcc\xf4\xb6"..., 4294966982 [pid 5913] futex(0x7f17d98876c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] futex(0x7f17d98876cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5913] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17d976d000 [pid 5913] mprotect(0x7f17d976e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5913] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5913] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17d978d990, parent_tid=0x7f17d978d990, exit_signal=0, stack=0x7f17d976d000, stack_size=0x20300, tls=0x7f17d978d6c0}./strace-static-x86_64: Process 5915 attached [pid 5915] rseq(0x7f17d978dfe0, 0x20, 0, 0x53053053) = 0 [pid 5915] set_robust_list(0x7f17d978d9a0, 24) = 0 [pid 5913] <... clone3 resumed> => {parent_tid=[5915]}, 88) = 5915 [pid 5915] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5913] rt_sigprocmask(SIG_SETMASK, [], [pid 5915] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5913] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5913] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] <... futex resumed>) = 0 [pid 5913] <... futex resumed>) = 1 [pid 5915] open_tree(AT_FDCWD, "./file0", 0 [pid 5913] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] <... open_tree resumed>) = 5 [pid 5915] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5913] <... futex resumed>) = 0 [pid 5915] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5913] futex(0x7f17d98876d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5915] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5913] futex(0x7f17d98876dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] renameat2(5, "./file1", 5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0 [pid 5913] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 131.507544][ T5915] ERROR: (device loop0): dtSearch: stack overrun! [ 131.507544][ T5915] [ 131.516435][ T5915] ERROR: (device loop0): remounting filesystem as read-only [ 131.524747][ T5915] btstack dump: [ 131.528887][ T5915] bn = 0, index = 0 [ 131.532737][ T5915] bn = 0, index = 0 [ 131.536669][ T5915] bn = 0, index = 0 [ 131.541347][ T5915] bn = 0, index = 0 [ 131.545213][ T5915] bn = 0, index = 0 [ 131.549882][ T5915] bn = 0, index = 0 [ 131.553862][ T5915] bn = 0, index = 0 [pid 5915] <... renameat2 resumed>) = -1 EIO (Input/output error) [pid 5915] futex(0x7f17d98876dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 131.558683][ T5915] bn = 0, index = 0 [ 131.562795][ T5915] jfs_rename did not expect dtDelete to return rc = -5 [ 131.570498][ T5915] ERROR: (device loop0): jfs_rename: [ 131.570498][ T5915] [pid 5915] futex(0x7f17d98876d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5913] exit_group(0 [pid 5915] <... futex resumed>) = ? [pid 5913] <... exit_group resumed>) = ? [pid 5915] +++ exited with 0 +++ [pid 5914] <... write resumed>) = ? [pid 5914] +++ exited with 0 +++ [pid 5913] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5913, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=69 /* 0.69 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555559f1730 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 [ 132.195352][ T5829] ------------[ cut here ]------------ [ 132.200994][ T5829] kernel BUG at fs/jfs/inode.c:169! [ 132.206233][ T5829] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 132.212492][ T5829] CPU: 0 UID: 0 PID: 5829 Comm: syz-executor494 Not tainted 6.15.0-rc2-syzkaller-00404-g8560697b23dc #0 PREEMPT(full) [ 132.224925][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 132.234988][ T5829] RIP: 0010:jfs_evict_inode+0x437/0x440 [ 132.240537][ T5829] Code: df e8 8d 2f d3 fe e9 1d fe ff ff e8 43 81 6b fe 48 c7 c7 00 f3 15 8f 4c 89 ee e8 04 c8 e0 01 e9 8f fd ff ff e8 2a 81 6b fe 90 <0f> 0b 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 132.260161][ T5829] RSP: 0018:ffffc90003f2f958 EFLAGS: 00010293 [ 132.266231][ T5829] RAX: ffffffff83573a16 RBX: ffff8880746eca78 RCX: ffff888076040000 [ 132.274201][ T5829] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8880746ecdf0 [ 132.282230][ T5829] RBP: ffffc90003f2fad0 R08: ffffffff8260ec43 R09: 1ffffffff20bd76e [ 132.290201][ T5829] R10: dffffc0000000000 R11: ffffffff835716c0 R12: ffff8880746ecdf0 [ 132.298172][ T5829] R13: ffff8880746ecdf0 R14: dffffc0000000000 R15: ffffc90003f2fa20 [ 132.306138][ T5829] FS: 00005555559f03c0(0000) GS:ffff888124fcf000(0000) knlGS:0000000000000000 [ 132.315166][ T5829] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.321748][ T5829] CR2: 00007ffea4540ec8 CR3: 0000000030982000 CR4: 00000000003526f0 [ 132.329722][ T5829] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 132.337690][ T5829] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 132.345659][ T5829] Call Trace: [ 132.348956][ T5829] [ 132.351884][ T5829] ? __pfx_jfs_evict_inode+0x10/0x10 [ 132.357169][ T5829] evict+0x4f9/0x9b0 [ 132.361074][ T5829] ? __pfx_evict+0x10/0x10 [ 132.365493][ T5829] ? do_raw_spin_unlock+0x13c/0x8b0 [ 132.370691][ T5829] evict_inodes+0x6f8/0x7a0 [ 132.375193][ T5829] ? __pfx_evict_inodes+0x10/0x10 [ 132.380221][ T5829] ? dput+0x37/0x2b0 [ 132.384113][ T5829] generic_shutdown_super+0xa0/0x2d0 [ 132.389407][ T5829] kill_block_super+0x44/0x90 [ 132.394080][ T5829] deactivate_locked_super+0xc4/0x130 [ 132.399456][ T5829] cleanup_mnt+0x422/0x4c0 [ 132.403872][ T5829] ? lockdep_hardirqs_on+0x9d/0x150 [ 132.409077][ T5829] task_work_run+0x251/0x310 [ 132.413668][ T5829] ? __pfx_task_work_run+0x10/0x10 [ 132.418796][ T5829] ? path_umount+0x251/0xfb0 [ 132.423501][ T5829] ptrace_notify+0x2dc/0x390 [ 132.428107][ T5829] ? __x64_sys_umount+0x122/0x170 [ 132.433226][ T5829] ? user_path_at+0x44/0x60 [ 132.437773][ T5829] ? __pfx_ptrace_notify+0x10/0x10 [ 132.442890][ T5829] ? kmem_cache_free+0x197/0x410 [ 132.447838][ T5829] ? __x64_sys_umount+0x122/0x170 [ 132.452864][ T5829] syscall_exit_work+0xc7/0x1d0 [ 132.457723][ T5829] syscall_exit_to_user_mode+0x24a/0x340 [ 132.463375][ T5829] do_syscall_64+0x100/0x210 [ 132.467968][ T5829] ? clear_bhb_loop+0x45/0xa0 [ 132.472646][ T5829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.478536][ T5829] RIP: 0033:0x7f17d97faef7 [ 132.482954][ T5829] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 132.502559][ T5829] RSP: 002b:00007ffea4541678 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 132.510972][ T5829] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f17d97faef7 [ 132.519383][ T5829] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffea4541730 [ 132.527380][ T5829] RBP: 00007ffea4541730 R08: 0000000000000000 R09: 0000000000000000 [ 132.535383][ T5829] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffea45427f0 [ 132.543371][ T5829] R13: 00005555559f1700 R14: 431bde82d7b634db R15: 00007ffea4542794 [ 132.551389][ T5829] [ 132.554423][ T5829] Modules linked in: [ 132.558614][ T5829] ---[ end trace 0000000000000000 ]--- [ 132.564240][ T5829] RIP: 0010:jfs_evict_inode+0x437/0x440 [ 132.569875][ T5829] Code: df e8 8d 2f d3 fe e9 1d fe ff ff e8 43 81 6b fe 48 c7 c7 00 f3 15 8f 4c 89 ee e8 04 c8 e0 01 e9 8f fd ff ff e8 2a 81 6b fe 90 <0f> 0b 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 132.590711][ T5829] RSP: 0018:ffffc90003f2f958 EFLAGS: 00010293 [ 132.596845][ T5829] RAX: ffffffff83573a16 RBX: ffff8880746eca78 RCX: ffff888076040000 [ 132.604851][ T5829] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8880746ecdf0 [ 132.612875][ T5829] RBP: ffffc90003f2fad0 R08: ffffffff8260ec43 R09: 1ffffffff20bd76e [ 132.620901][ T5829] R10: dffffc0000000000 R11: ffffffff835716c0 R12: ffff8880746ecdf0 [ 132.628916][ T5829] R13: ffff8880746ecdf0 R14: dffffc0000000000 R15: ffffc90003f2fa20 [ 132.636936][ T5829] FS: 00005555559f03c0(0000) GS:ffff888124fcf000(0000) knlGS:0000000000000000 [ 132.645876][ T5829] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.652512][ T5829] CR2: 00007ffea4540ec8 CR3: 0000000030982000 CR4: 00000000003526f0 [ 132.660629][ T5829] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 132.668647][ T5829] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 132.676800][ T5829] Kernel panic - not syncing: Fatal exception [ 132.683161][ T5829] Kernel Offset: disabled [ 132.687487][ T5829] Rebooting in 86400 seconds..