./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4193261030 <...> Warning: Permanently added '10.128.1.13' (ECDSA) to the list of known hosts. execve("./syz-executor4193261030", ["./syz-executor4193261030"], 0x7fff97001be0 /* 10 vars */) = 0 brk(NULL) = 0x555556d2c000 brk(0x555556d2cd40) = 0x555556d2cd40 arch_prctl(ARCH_SET_FS, 0x555556d2c400) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556d2c6d0) = 4994 set_robust_list(0x555556d2c6e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f025c30da10, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f025c30cf60}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f025c30dab0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f025c30cf60}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4193261030", 4096) = 28 brk(0x555556d4dd40) = 0x555556d4dd40 brk(0x555556d4e000) = 0x555556d4e000 mprotect(0x7f025c3d0000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 chmod("/dev/raw-gadget", 0666) = 0 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f025c3065c0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f025c30cf60}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f025c3065c0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f025c30cf60}, NULL, 8) = 0 getpid() = 4994 mkdir("./syzkaller.4yNqkR", 0700) = 0 chmod("./syzkaller.4yNqkR", 0777) = 0 chdir("./syzkaller.4yNqkR") = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4995 attached , child_tidptr=0x555556d2c6d0) = 4995 [pid 4995] set_robust_list(0x555556d2c6e0, 24) = 0 [pid 4995] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 4995] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3 [pid 4995] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4 [pid 4995] dup2(4, 202) = 202 [pid 4995] close(4) = 0 [pid 4995] write(202, "\xff\x00", 2) = 2 [pid 4995] read(202, "\xff\x00\x00\x00", 4) = 4 [pid 4995] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f025bafb000 [pid 4995] mprotect(0x7f025bafc000, 8388608, PROT_READ|PROT_WRITE) = 0 [pid 4995] clone(child_stack=0x7f025c2fb2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2], tls=0x7f025c2fb700, child_tidptr=0x7f025c2fb9d0) = 2 [pid 4995] ioctl(3, HCIDEVUP./strace-static-x86_64: Process 4999 attached [pid 4999] set_robust_list(0x7f025c2fb9e0, 24) = 0 [pid 4999] read(202, "\x01\x03\x0c\x00", 1024) = 4 [pid 4999] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 4999] read(202, "\x01\x03\x10\x00", 1024) = 4 [pid 4999] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 4999] read(202, "\x01\x01\x10\x00", 1024) = 4 [pid 4999] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 4999] read(202, "\x01\x09\x10\x00", 1024) = 4 [pid 4999] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13 [pid 4999] read(202, "\x01\x05\x10\x00", 1024) = 4 [pid 4999] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14 [pid 4999] read(202, "\x01\x23\x0c\x00", 1024) = 4 [pid 4999] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 4999] read(202, "\x01\x14\x0c\x00", 1024) = 4 [pid 4999] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 4999] read(202, "\x01\x25\x0c\x00", 1024) = 4 [pid 4999] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 4999] read(202, "\x01\x38\x0c\x00", 1024) = 4 [pid 4999] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 4999] read(202, "\x01\x39\x0c\x00", 1024) = 4 [pid 4999] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 4999] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6 [pid 4999] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 4999] read(202, [pid 4995] <... ioctl resumed>, 0) = -1 EALREADY (Operation already in progress) [ 67.077767][ T4998] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.086567][ T4998] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.095521][ T4998] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.106530][ T4998] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.115998][ T4998] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [pid 4995] ioctl(3, HCISETSCAN [pid 4999] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5 [pid 4999] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4) = 7 [pid 4999] madvise(0x7f025bafb000, 8372224, MADV_DONTNEED) = 0 [pid 4999] exit(0) = ? [pid 4999] +++ exited with 0 +++ [pid 4995] <... ioctl resumed>, 0x7ffee1f5fbb0) = 0 [pid 4995] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3) = 13 [pid 4995] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3) = 14 [pid 4995] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3) = 14 [pid 4995] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22 [pid 4995] close(3) = 0 [pid 4995] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4995] setsid() = 1 [pid 4995] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 4995] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 4995] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 4995] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 4995] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 4995] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 4995] unshare(CLONE_NEWNS) = 0 [pid 4995] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 4995] unshare(CLONE_NEWIPC) = 0 [pid 4995] unshare(CLONE_NEWCGROUP) = 0 [pid 4995] unshare(CLONE_NEWUTS) = 0 [pid 4995] unshare(CLONE_SYSVSEM) = 0 [pid 4995] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 4995] write(3, "16777216", 8) = 8 [pid 4995] close(3) = 0 [pid 4995] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 4995] write(3, "536870912", 9) = 9 [pid 4995] close(3) = 0 [pid 4995] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 4995] write(3, "1024", 4) = 4 [pid 4995] close(3) = 0 [pid 4995] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 4995] write(3, "8192", 4) = 4 [pid 4995] close(3) = 0 [pid 4995] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 4995] write(3, "1024", 4) = 4 [pid 4995] close(3) = 0 [pid 4995] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 4995] write(3, "1024", 4) = 4 [pid 4995] close(3) = 0 [pid 4995] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 4995] write(3, "1024 1048576 500 1024", 21) = 21 [pid 4995] close(3) = 0 [pid 4995] getpid() = 1 [pid 4995] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< 2 [pid 4995] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5001] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5002] <... futex resumed>) = 0 [pid 5001] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5002] memfd_create("syzkaller", 0) = 3 [pid 5002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02536da000 [pid 5002] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5002] munmap(0x7f02536da000, 1048576) = 0 [pid 5002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5002] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5002] close(3) = 0 [pid 5002] mkdir("./file2", 0777) = 0 [ 67.255488][ T5002] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5002 'syz-executor419' [ 67.286805][ T5002] loop0: detected capacity change from 0 to 2048 [pid 5002] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5002] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5002] chdir("./file2") = 0 [pid 5002] ioctl(4, LOOP_CLR_FD) = 0 [pid 5002] close(4) = 0 [pid 5002] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] <... futex resumed>) = 0 [pid 5001] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5001] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] <... futex resumed>) = 1 [pid 5002] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5002] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] <... futex resumed>) = 0 [pid 5001] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5001] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] <... futex resumed>) = 1 [ 67.309869][ T5003] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 67.330315][ T26] audit: type=1800 audit(1683666543.063:2): pid=5002 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor419" name="file2" dev="loop0" ino=16 res=0 errno=0 [pid 5002] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5002] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5002] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5001] <... futex resumed>) = 0 [pid 5001] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5001] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] <... futex resumed>) = 0 [pid 5002] ftruncate(5, 33587199) = 0 [pid 5002] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] <... futex resumed>) = 0 [pid 5001] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5001] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] <... futex resumed>) = 1 [pid 5002] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5002] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] <... futex resumed>) = 0 [pid 5001] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5001] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] <... futex resumed>) = 1 [pid 5002] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5002] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5001] <... futex resumed>) = 0 [pid 5001] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5001] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5002] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5001] <... futex resumed>) = 0 [pid 5001] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5001] <... futex resumed>) = 0 [pid 5001] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5002] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5001] <... futex resumed>) = 0 [pid 5002] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5001] close(3) = 0 [pid 5001] close(4) = 0 [pid 5001] close(5) = 0 [pid 5001] close(6) = -1 EBADF (Bad file descriptor) [pid 5001] close(7) = -1 EBADF (Bad file descriptor) [pid 5001] close(8) = -1 EBADF (Bad file descriptor) [pid 5001] close(9) = -1 EBADF (Bad file descriptor) [pid 5001] close(10) = -1 EBADF (Bad file descriptor) [pid 5001] close(11) = -1 EBADF (Bad file descriptor) [pid 5001] close(12) = -1 EBADF (Bad file descriptor) [pid 5001] close(13) = -1 EBADF (Bad file descriptor) [pid 5001] close(14) = -1 EBADF (Bad file descriptor) [pid 5001] close(15) = -1 EBADF (Bad file descriptor) [pid 5001] close(16) = -1 EBADF (Bad file descriptor) [pid 5001] close(17) = -1 EBADF (Bad file descriptor) [pid 5001] close(18) = -1 EBADF (Bad file descriptor) [pid 5001] close(19) = -1 EBADF (Bad file descriptor) [pid 5001] close(20) = -1 EBADF (Bad file descriptor) [pid 5001] close(21) = -1 EBADF (Bad file descriptor) [pid 5001] close(22) = -1 EBADF (Bad file descriptor) [pid 5001] close(23) = -1 EBADF (Bad file descriptor) [pid 5001] close(24) = -1 EBADF (Bad file descriptor) [pid 5001] close(25) = -1 EBADF (Bad file descriptor) [pid 5001] close(26) = -1 EBADF (Bad file descriptor) [pid 5001] close(27) = -1 EBADF (Bad file descriptor) [pid 5001] close(28) = -1 EBADF (Bad file descriptor) [pid 5001] close(29) = -1 EBADF (Bad file descriptor) [pid 5001] exit_group(0) = ? [pid 5002] <... futex resumed>) = ? [pid 5002] +++ exited with 0 +++ [pid 5001] +++ exited with 0 +++ [pid 4995] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 4995] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4995] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4995] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 4 entries */, 32768) = 112 [pid 4995] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4995] unlink("./0/binderfs") = 0 [ 67.360463][ T26] audit: type=1800 audit(1683666543.093:3): pid=5002 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor419" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 67.388348][ T5002] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 67.400015][ T5002] Remounting filesystem read-only [ 67.456030][ T4995] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 67.465127][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 67.471901][ T4995] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 67.479738][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.488927][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.497856][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.507285][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 67.514045][ T4995] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 67.521363][ T4995] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 67.528889][ T4995] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 67.536255][ T4995] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 67.543597][ T4995] NILFS (loop0): discard dirty page: offset=4096, ino=6 [pid 4995] umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4995] umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./0/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4995] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(4, 0x555556d35880 /* 2 entries */, 32768) = 48 [pid 4995] getdents64(4, 0x555556d35880 /* 0 entries */, 32768) = 0 [pid 4995] close(4) = 0 [pid 4995] rmdir("./0/file2") = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 0 entries */, 32768) = 0 [pid 4995] close(3) = 0 [pid 4995] rmdir("./0") = 0 [pid 4995] mkdir("./1", 0777) = 0 [pid 4995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4995] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4995] close(3) = 0 [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d2c6d0) = 5 ./strace-static-x86_64: Process 5004 attached [pid 5004] set_robust_list(0x555556d2c6e0, 24) = 0 [pid 5004] chdir("./1") = 0 [pid 5004] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5004] setpgid(0, 0) = 0 [pid 5004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5004] write(3, "1000", 4) = 4 [pid 5004] close(3) = 0 [pid 5004] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5004] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5004] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f025bada000 [pid 5004] mprotect(0x7f025badb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5004] clone(child_stack=0x7f025bafa2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5005 attached , parent_tid=[6], tls=0x7f025bafa700, child_tidptr=0x7f025bafa9d0) = 6 [pid 5005] set_robust_list(0x7f025bafa9e0, 24 [pid 5004] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] <... set_robust_list resumed>) = 0 [pid 5004] <... futex resumed>) = 0 [pid 5004] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5005] memfd_create("syzkaller", 0) = 3 [pid 5005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02536da000 [pid 5005] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5005] munmap(0x7f02536da000, 1048576) = 0 [pid 5005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 67.550633][ T4995] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 67.557976][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.566912][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.575829][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5005] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5005] close(3) = 0 [pid 5005] mkdir("./file2", 0777) = 0 [pid 5005] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5005] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5005] chdir("./file2") = 0 [pid 5005] ioctl(4, LOOP_CLR_FD) = 0 [pid 5005] close(4) = 0 [pid 5005] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5004] <... futex resumed>) = 0 [pid 5004] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5004] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5005] <... futex resumed>) = 1 [ 67.640457][ T5005] loop0: detected capacity change from 0 to 2048 [ 67.657110][ T5006] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5005] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5005] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5004] <... futex resumed>) = 0 [pid 5004] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5004] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5005] <... futex resumed>) = 1 [pid 5005] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5005] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5004] <... futex resumed>) = 0 [pid 5004] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5004] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5005] <... futex resumed>) = 1 [pid 5005] ftruncate(5, 33587199) = 0 [pid 5005] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5004] <... futex resumed>) = 0 [pid 5004] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5004] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5005] <... futex resumed>) = 1 [pid 5005] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5005] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5004] <... futex resumed>) = 0 [pid 5004] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5004] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5005] <... futex resumed>) = 1 [pid 5005] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5005] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5004] <... futex resumed>) = 0 [pid 5004] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5004] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5005] <... futex resumed>) = 1 [pid 5005] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5005] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5004] <... futex resumed>) = 0 [pid 5005] <... futex resumed>) = 1 [pid 5004] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5004] <... futex resumed>) = 0 [pid 5005] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5004] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5005] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5004] <... futex resumed>) = 0 [pid 5005] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5004] close(3) = 0 [pid 5004] close(4) = 0 [pid 5004] close(5) = 0 [pid 5004] close(6) = -1 EBADF (Bad file descriptor) [pid 5004] close(7) = -1 EBADF (Bad file descriptor) [pid 5004] close(8) = -1 EBADF (Bad file descriptor) [pid 5004] close(9) = -1 EBADF (Bad file descriptor) [pid 5004] close(10) = -1 EBADF (Bad file descriptor) [pid 5004] close(11) = -1 EBADF (Bad file descriptor) [pid 5004] close(12) = -1 EBADF (Bad file descriptor) [pid 5004] close(13) = -1 EBADF (Bad file descriptor) [pid 5004] close(14) = -1 EBADF (Bad file descriptor) [pid 5004] close(15) = -1 EBADF (Bad file descriptor) [pid 5004] close(16) = -1 EBADF (Bad file descriptor) [pid 5004] close(17) = -1 EBADF (Bad file descriptor) [pid 5004] close(18) = -1 EBADF (Bad file descriptor) [pid 5004] close(19) = -1 EBADF (Bad file descriptor) [pid 5004] close(20) = -1 EBADF (Bad file descriptor) [pid 5004] close(21) = -1 EBADF (Bad file descriptor) [pid 5004] close(22) = -1 EBADF (Bad file descriptor) [pid 5004] close(23) = -1 EBADF (Bad file descriptor) [pid 5004] close(24) = -1 EBADF (Bad file descriptor) [pid 5004] close(25) = -1 EBADF (Bad file descriptor) [pid 5004] close(26) = -1 EBADF (Bad file descriptor) [pid 5004] close(27) = -1 EBADF (Bad file descriptor) [pid 5004] close(28) = -1 EBADF (Bad file descriptor) [pid 5004] close(29) = -1 EBADF (Bad file descriptor) [pid 5004] exit_group(0 [pid 5005] <... futex resumed>) = ? [pid 5004] <... exit_group resumed>) = ? [pid 5005] +++ exited with 0 +++ [pid 5004] +++ exited with 0 +++ [pid 4995] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 4995] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4995] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 4 entries */, 32768) = 112 [ 67.679321][ T26] audit: type=1800 audit(1683666543.413:4): pid=5005 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor419" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 67.705297][ T26] audit: type=1800 audit(1683666543.443:5): pid=5005 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor419" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 67.715719][ T5005] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 67.735760][ T5005] Remounting filesystem read-only [pid 4995] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4995] unlink("./1/binderfs") = 0 [ 67.775740][ T4995] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 67.784848][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 67.791544][ T4995] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 67.799088][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.808289][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.817241][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.826340][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 67.833019][ T4995] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 67.840363][ T4995] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 67.847698][ T4995] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 67.855034][ T4995] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 67.862360][ T4995] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 67.869445][ T4995] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [pid 4995] umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4995] umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./1/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4995] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(4, 0x555556d35880 /* 2 entries */, 32768) = 48 [pid 4995] getdents64(4, 0x555556d35880 /* 0 entries */, 32768) = 0 [pid 4995] close(4) = 0 [pid 4995] rmdir("./1/file2") = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 0 entries */, 32768) = 0 [pid 4995] close(3) = 0 [pid 4995] rmdir("./1") = 0 [pid 4995] mkdir("./2", 0777) = 0 [pid 4995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4995] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4995] close(3) = 0 [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d2c6d0) = 7 ./strace-static-x86_64: Process 5007 attached [pid 5007] set_robust_list(0x555556d2c6e0, 24) = 0 [pid 5007] chdir("./2") = 0 [pid 5007] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5007] setpgid(0, 0) = 0 [pid 5007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5007] write(3, "1000", 4) = 4 [pid 5007] close(3) = 0 [pid 5007] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5007] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5007] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f025bada000 [pid 5007] mprotect(0x7f025badb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5007] clone(child_stack=0x7f025bafa2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5008 attached [ 67.876813][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.885737][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.894626][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5008] set_robust_list(0x7f025bafa9e0, 24) = 0 [pid 5008] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5007] <... clone resumed>, parent_tid=[8], tls=0x7f025bafa700, child_tidptr=0x7f025bafa9d0) = 8 [pid 5007] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5008] <... futex resumed>) = 0 [pid 5007] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5008] memfd_create("syzkaller", 0) = 3 [pid 5008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02536da000 [pid 5008] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5008] munmap(0x7f02536da000, 1048576) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5008] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5008] close(3) = 0 [pid 5008] mkdir("./file2", 0777) = 0 [pid 5008] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5008] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5008] chdir("./file2") = 0 [pid 5008] ioctl(4, LOOP_CLR_FD) = 0 [pid 5008] close(4) = 0 [pid 5008] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5008] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5007] <... futex resumed>) = 0 [pid 5007] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... futex resumed>) = 0 [pid 5007] <... futex resumed>) = 1 [pid 5008] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [ 67.989527][ T5008] loop0: detected capacity change from 0 to 2048 [ 68.007279][ T5009] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5007] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] <... open resumed>) = 4 [pid 5008] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5008] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5007] <... futex resumed>) = 0 [pid 5007] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... futex resumed>) = 0 [pid 5007] <... futex resumed>) = 1 [pid 5008] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5007] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] <... open resumed>) = 5 [pid 5008] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5008] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5007] <... futex resumed>) = 0 [pid 5007] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5007] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] <... futex resumed>) = 0 [pid 5008] ftruncate(5, 33587199) = 0 [pid 5008] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5007] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5007] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... futex resumed>) = 0 [pid 5007] <... futex resumed>) = 1 [pid 5008] sendfile(4, 5, NULL, 281474978811908 [ 68.023060][ T26] audit: type=1800 audit(1683666543.753:6): pid=5008 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor419" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 68.046747][ T26] audit: type=1800 audit(1683666543.783:7): pid=5008 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor419" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 68.078314][ T5008] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [pid 5007] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5008] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5007] <... futex resumed>) = 0 [pid 5007] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000 [pid 5007] <... futex resumed>) = 0 [pid 5008] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5007] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5008] <... futex resumed>) = 0 [pid 5007] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5007] <... futex resumed>) = 0 [pid 5008] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5007] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5008] <... futex resumed>) = 0 [pid 5007] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5007] <... futex resumed>) = 0 [pid 5008] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5007] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5008] <... futex resumed>) = 0 [pid 5007] close(3 [pid 5008] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5007] <... close resumed>) = 0 [pid 5007] close(4) = 0 [pid 5007] close(5) = 0 [pid 5007] close(6) = -1 EBADF (Bad file descriptor) [pid 5007] close(7) = -1 EBADF (Bad file descriptor) [pid 5007] close(8) = -1 EBADF (Bad file descriptor) [pid 5007] close(9) = -1 EBADF (Bad file descriptor) [pid 5007] close(10) = -1 EBADF (Bad file descriptor) [pid 5007] close(11) = -1 EBADF (Bad file descriptor) [pid 5007] close(12) = -1 EBADF (Bad file descriptor) [pid 5007] close(13) = -1 EBADF (Bad file descriptor) [pid 5007] close(14) = -1 EBADF (Bad file descriptor) [pid 5007] close(15) = -1 EBADF (Bad file descriptor) [pid 5007] close(16) = -1 EBADF (Bad file descriptor) [pid 5007] close(17) = -1 EBADF (Bad file descriptor) [pid 5007] close(18) = -1 EBADF (Bad file descriptor) [pid 5007] close(19) = -1 EBADF (Bad file descriptor) [pid 5007] close(20) = -1 EBADF (Bad file descriptor) [pid 5007] close(21) = -1 EBADF (Bad file descriptor) [pid 5007] close(22) = -1 EBADF (Bad file descriptor) [pid 5007] close(23) = -1 EBADF (Bad file descriptor) [pid 5007] close(24) = -1 EBADF (Bad file descriptor) [pid 5007] close(25) = -1 EBADF (Bad file descriptor) [pid 5007] close(26) = -1 EBADF (Bad file descriptor) [pid 5007] close(27) = -1 EBADF (Bad file descriptor) [pid 5007] close(28) = -1 EBADF (Bad file descriptor) [pid 5007] close(29) = -1 EBADF (Bad file descriptor) [pid 5007] exit_group(0 [pid 5008] <... futex resumed>) = ? [pid 5007] <... exit_group resumed>) = ? [pid 5008] +++ exited with 0 +++ [pid 5007] +++ exited with 0 +++ [pid 4995] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 4995] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4995] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4995] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 4 entries */, 32768) = 112 [pid 4995] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4995] unlink("./2/binderfs") = 0 [ 68.088837][ T5008] Remounting filesystem read-only [ 68.117518][ T4995] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 68.126888][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 68.133770][ T4995] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 68.141317][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.150258][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.159600][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.168952][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 68.175692][ T4995] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 68.182990][ T4995] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 68.190703][ T4995] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 68.198130][ T4995] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 68.205574][ T4995] NILFS (loop0): discard dirty page: offset=4096, ino=6 [pid 4995] umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4995] umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./2/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./2/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4995] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(4, 0x555556d35880 /* 2 entries */, 32768) = 48 [pid 4995] getdents64(4, 0x555556d35880 /* 0 entries */, 32768) = 0 [pid 4995] close(4) = 0 [pid 4995] rmdir("./2/file2") = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 0 entries */, 32768) = 0 [pid 4995] close(3) = 0 [pid 4995] rmdir("./2") = 0 [pid 4995] mkdir("./3", 0777) = 0 [pid 4995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4995] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4995] close(3) = 0 [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d2c6d0) = 9 ./strace-static-x86_64: Process 5010 attached [pid 5010] set_robust_list(0x555556d2c6e0, 24) = 0 [pid 5010] chdir("./3") = 0 [pid 5010] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5010] setpgid(0, 0) = 0 [pid 5010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5010] write(3, "1000", 4) = 4 [pid 5010] close(3) = 0 [pid 5010] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5010] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5010] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f025bada000 [pid 5010] mprotect(0x7f025badb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5010] clone(child_stack=0x7f025bafa2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[10], tls=0x7f025bafa700, child_tidptr=0x7f025bafa9d0) = 10 [pid 5010] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5010] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5011 attached [pid 5011] set_robust_list(0x7f025bafa9e0, 24) = 0 [pid 5011] memfd_create("syzkaller", 0) = 3 [pid 5011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02536da000 [pid 5011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5011] munmap(0x7f02536da000, 1048576) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 68.212513][ T4995] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 68.219866][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.228812][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.237713][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5011] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5011] close(3) = 0 [pid 5011] mkdir("./file2", 0777) = 0 [pid 5011] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5011] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5011] chdir("./file2") = 0 [pid 5011] ioctl(4, LOOP_CLR_FD) = 0 [pid 5011] close(4) = 0 [pid 5011] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5011] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5010] <... futex resumed>) = 0 [pid 5010] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5010] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] <... futex resumed>) = 0 [ 68.292777][ T5011] loop0: detected capacity change from 0 to 2048 [ 68.310077][ T5012] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5011] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5011] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] <... futex resumed>) = 0 [pid 5010] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5010] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] <... futex resumed>) = 1 [pid 5011] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5011] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] <... futex resumed>) = 0 [pid 5010] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5010] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] <... futex resumed>) = 1 [pid 5011] ftruncate(5, 33587199) = 0 [pid 5011] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] <... futex resumed>) = 0 [pid 5010] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5010] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] <... futex resumed>) = 1 [ 68.334926][ T26] audit: type=1800 audit(1683666544.073:8): pid=5011 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor419" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 68.371087][ T26] audit: type=1800 audit(1683666544.093:9): pid=5011 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor419" name="bus" dev="loop0" ino=18 res=0 errno=0 [pid 5011] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5011] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5010] <... futex resumed>) = 0 [pid 5010] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000 [pid 5010] <... futex resumed>) = 0 [pid 5010] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5011] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5010] <... futex resumed>) = 0 [pid 5010] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5010] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5011] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] <... futex resumed>) = 0 [pid 5011] <... futex resumed>) = 1 [pid 5010] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5010] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5011] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5010] <... futex resumed>) = 0 [pid 5010] close(3) = 0 [pid 5010] close(4) = 0 [pid 5010] close(5) = 0 [pid 5010] close(6) = -1 EBADF (Bad file descriptor) [pid 5010] close(7) = -1 EBADF (Bad file descriptor) [pid 5010] close(8) = -1 EBADF (Bad file descriptor) [pid 5010] close(9) = -1 EBADF (Bad file descriptor) [pid 5010] close(10) = -1 EBADF (Bad file descriptor) [pid 5010] close(11) = -1 EBADF (Bad file descriptor) [pid 5010] close(12) = -1 EBADF (Bad file descriptor) [pid 5010] close(13) = -1 EBADF (Bad file descriptor) [pid 5010] close(14) = -1 EBADF (Bad file descriptor) [pid 5010] close(15) = -1 EBADF (Bad file descriptor) [pid 5010] close(16) = -1 EBADF (Bad file descriptor) [pid 5010] close(17) = -1 EBADF (Bad file descriptor) [pid 5010] close(18) = -1 EBADF (Bad file descriptor) [pid 5010] close(19) = -1 EBADF (Bad file descriptor) [pid 5010] close(20 [pid 5011] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5010] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5010] close(21) = -1 EBADF (Bad file descriptor) [pid 5010] close(22) = -1 EBADF (Bad file descriptor) [pid 5010] close(23) = -1 EBADF (Bad file descriptor) [pid 5010] close(24) = -1 EBADF (Bad file descriptor) [pid 5010] close(25) = -1 EBADF (Bad file descriptor) [pid 5010] close(26) = -1 EBADF (Bad file descriptor) [pid 5010] close(27) = -1 EBADF (Bad file descriptor) [pid 5010] close(28) = -1 EBADF (Bad file descriptor) [pid 5010] close(29) = -1 EBADF (Bad file descriptor) [pid 5010] exit_group(0 [pid 5011] <... futex resumed>) = ? [pid 5010] <... exit_group resumed>) = ? [pid 5011] +++ exited with 0 +++ [pid 5010] +++ exited with 0 +++ [pid 4995] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 4995] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4995] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4995] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 4 entries */, 32768) = 112 [pid 4995] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4995] unlink("./3/binderfs") = 0 [ 68.377077][ T5011] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 68.401198][ T5011] Remounting filesystem read-only [ 68.431190][ T4995] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 68.440185][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 68.446971][ T4995] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 68.454329][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.463261][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.472157][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.481270][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 68.488007][ T4995] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 68.495379][ T4995] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 68.502683][ T4995] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 68.510060][ T4995] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 68.517673][ T4995] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 68.524700][ T4995] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 68.532016][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4995] umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4995] umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./3/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./3/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4995] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(4, 0x555556d35880 /* 2 entries */, 32768) = 48 [pid 4995] getdents64(4, 0x555556d35880 /* 0 entries */, 32768) = 0 [pid 4995] close(4) = 0 [pid 4995] rmdir("./3/file2") = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 0 entries */, 32768) = 0 [pid 4995] close(3) = 0 [pid 4995] rmdir("./3") = 0 [pid 4995] mkdir("./4", 0777) = 0 [pid 4995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4995] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4995] close(3) = 0 [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5013 attached , child_tidptr=0x555556d2c6d0) = 11 [pid 5013] set_robust_list(0x555556d2c6e0, 24) = 0 [pid 5013] chdir("./4") = 0 [pid 5013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5013] setpgid(0, 0) = 0 [pid 5013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 68.541519][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.550452][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5013] write(3, "1000", 4) = 4 [pid 5013] close(3) = 0 [pid 5013] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5013] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5013] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f025bada000 [pid 5013] mprotect(0x7f025badb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5013] clone(child_stack=0x7f025bafa2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5014 attached , parent_tid=[12], tls=0x7f025bafa700, child_tidptr=0x7f025bafa9d0) = 12 [pid 5013] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5013] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5014] set_robust_list(0x7f025bafa9e0, 24) = 0 [pid 5014] memfd_create("syzkaller", 0) = 3 [pid 5014] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02536da000 [pid 5014] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5014] munmap(0x7f02536da000, 1048576) = 0 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5014] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5014] close(3) = 0 [pid 5014] mkdir("./file2", 0777) = 0 [pid 5014] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5014] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5014] chdir("./file2") = 0 [pid 5014] ioctl(4, LOOP_CLR_FD) = 0 [pid 5014] close(4) = 0 [pid 5014] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5013] <... futex resumed>) = 0 [pid 5013] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5013] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5014] <... futex resumed>) = 0 [pid 5014] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5014] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5013] <... futex resumed>) = 0 [pid 5013] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5013] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5014] <... futex resumed>) = 1 [pid 5014] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5014] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5013] <... futex resumed>) = 0 [pid 5013] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5013] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5014] <... futex resumed>) = 1 [pid 5014] ftruncate(5, 33587199) = 0 [pid 5014] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5013] <... futex resumed>) = 0 [pid 5013] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5013] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5014] <... futex resumed>) = 1 [ 68.630099][ T5014] loop0: detected capacity change from 0 to 2048 [ 68.646530][ T5015] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5014] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5014] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5013] <... futex resumed>) = 0 [pid 5013] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5013] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5014] <... futex resumed>) = 1 [pid 5014] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5014] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5013] <... futex resumed>) = 0 [pid 5013] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5013] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5014] <... futex resumed>) = 1 [pid 5014] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5014] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5013] <... futex resumed>) = 0 [pid 5013] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5013] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5014] <... futex resumed>) = 1 [pid 5014] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5014] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5013] <... futex resumed>) = 0 [pid 5013] close(3) = 0 [pid 5013] close(4) = 0 [pid 5013] close(5) = 0 [pid 5013] close(6) = -1 EBADF (Bad file descriptor) [pid 5013] close(7) = -1 EBADF (Bad file descriptor) [pid 5013] close(8) = -1 EBADF (Bad file descriptor) [pid 5013] close(9) = -1 EBADF (Bad file descriptor) [pid 5013] close(10) = -1 EBADF (Bad file descriptor) [pid 5013] close(11) = -1 EBADF (Bad file descriptor) [pid 5013] close(12) = -1 EBADF (Bad file descriptor) [pid 5013] close(13) = -1 EBADF (Bad file descriptor) [pid 5013] close(14) = -1 EBADF (Bad file descriptor) [pid 5013] close(15) = -1 EBADF (Bad file descriptor) [pid 5014] <... futex resumed>) = 1 [pid 5013] close(16) = -1 EBADF (Bad file descriptor) [pid 5013] close(17) = -1 EBADF (Bad file descriptor) [pid 5013] close(18) = -1 EBADF (Bad file descriptor) [pid 5013] close(19 [pid 5014] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5013] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5013] close(20) = -1 EBADF (Bad file descriptor) [pid 5013] close(21) = -1 EBADF (Bad file descriptor) [pid 5013] close(22) = -1 EBADF (Bad file descriptor) [pid 5013] close(23) = -1 EBADF (Bad file descriptor) [pid 5013] close(24) = -1 EBADF (Bad file descriptor) [pid 5013] close(25) = -1 EBADF (Bad file descriptor) [pid 5013] close(26) = -1 EBADF (Bad file descriptor) [pid 5013] close(27) = -1 EBADF (Bad file descriptor) [pid 5013] close(28) = -1 EBADF (Bad file descriptor) [pid 5013] close(29) = -1 EBADF (Bad file descriptor) [pid 5013] exit_group(0 [pid 5014] <... futex resumed>) = ? [pid 5013] <... exit_group resumed>) = ? [pid 5014] +++ exited with 0 +++ [pid 5013] +++ exited with 0 +++ [pid 4995] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 4995] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4995] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 4 entries */, 32768) = 112 [pid 4995] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4995] unlink("./4/binderfs") = 0 [ 68.663749][ T26] audit: type=1800 audit(1683666544.393:10): pid=5014 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor419" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 68.678963][ T5014] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 68.691976][ T26] audit: type=1800 audit(1683666544.403:11): pid=5014 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor419" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 68.694923][ T5014] Remounting filesystem read-only [ 68.748731][ T4995] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 68.757792][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 68.764680][ T4995] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 68.771965][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.780895][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.789797][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.798954][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 68.805703][ T4995] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 68.812985][ T4995] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 68.820419][ T4995] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 68.827812][ T4995] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 68.835218][ T4995] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 68.842174][ T4995] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [pid 4995] umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4995] umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./4/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./4/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4995] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(4, 0x555556d35880 /* 2 entries */, 32768) = 48 [pid 4995] getdents64(4, 0x555556d35880 /* 0 entries */, 32768) = 0 [pid 4995] close(4) = 0 [pid 4995] rmdir("./4/file2") = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 0 entries */, 32768) = 0 [pid 4995] close(3) = 0 [pid 4995] rmdir("./4") = 0 [pid 4995] mkdir("./5", 0777) = 0 [pid 4995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4995] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4995] close(3) = 0 [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d2c6d0) = 13 ./strace-static-x86_64: Process 5016 attached [pid 5016] set_robust_list(0x555556d2c6e0, 24) = 0 [pid 5016] chdir("./5") = 0 [pid 5016] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5016] setpgid(0, 0) = 0 [pid 5016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5016] write(3, "1000", 4) = 4 [pid 5016] close(3) = 0 [pid 5016] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5016] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5016] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f025bada000 [pid 5016] mprotect(0x7f025badb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5016] clone(child_stack=0x7f025bafa2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[14], tls=0x7f025bafa700, child_tidptr=0x7f025bafa9d0) = 14 ./strace-static-x86_64: Process 5017 attached [pid 5016] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5017] set_robust_list(0x7f025bafa9e0, 24 [pid 5016] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5017] <... set_robust_list resumed>) = 0 [pid 5017] memfd_create("syzkaller", 0) = 3 [pid 5017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02536da000 [ 68.849651][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.858866][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.867797][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5017] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5017] munmap(0x7f02536da000, 1048576) = 0 [pid 5017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5017] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5017] close(3) = 0 [pid 5017] mkdir("./file2", 0777) = 0 [pid 5017] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5017] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5017] chdir("./file2") = 0 [pid 5017] ioctl(4, LOOP_CLR_FD) = 0 [pid 5017] close(4) = 0 [pid 5017] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5016] <... futex resumed>) = 0 [pid 5016] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5016] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5017] <... futex resumed>) = 1 [pid 5017] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5017] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5016] <... futex resumed>) = 0 [pid 5017] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5016] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5016] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5017] <... futex resumed>) = 0 [pid 5017] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5017] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5016] <... futex resumed>) = 0 [pid 5016] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5017] ftruncate(5, 33587199) = 0 [pid 5017] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 68.938886][ T5017] loop0: detected capacity change from 0 to 2048 [ 68.955247][ T5018] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5017] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5016] <... futex resumed>) = 1 [pid 5016] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5016] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5016] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5017] <... futex resumed>) = 0 [pid 5017] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5017] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5016] <... futex resumed>) = 0 [pid 5017] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000 [pid 5016] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5016] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5017] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5017] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5016] <... futex resumed>) = 0 [pid 5016] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5017] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5016] <... futex resumed>) = 0 [pid 5016] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5017] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5017] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5016] <... futex resumed>) = 0 [pid 5017] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5016] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5017] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5016] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5017] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5017] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5016] <... futex resumed>) = 0 [pid 5017] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5016] close(3) = 0 [pid 5016] close(4) = 0 [pid 5016] close(5) = 0 [pid 5016] close(6) = -1 EBADF (Bad file descriptor) [pid 5016] close(7) = -1 EBADF (Bad file descriptor) [pid 5016] close(8) = -1 EBADF (Bad file descriptor) [pid 5016] close(9) = -1 EBADF (Bad file descriptor) [pid 5016] close(10) = -1 EBADF (Bad file descriptor) [pid 5016] close(11) = -1 EBADF (Bad file descriptor) [pid 5016] close(12) = -1 EBADF (Bad file descriptor) [pid 5016] close(13) = -1 EBADF (Bad file descriptor) [pid 5016] close(14) = -1 EBADF (Bad file descriptor) [pid 5016] close(15) = -1 EBADF (Bad file descriptor) [pid 5016] close(16) = -1 EBADF (Bad file descriptor) [pid 5016] close(17) = -1 EBADF (Bad file descriptor) [pid 5016] close(18) = -1 EBADF (Bad file descriptor) [pid 5016] close(19) = -1 EBADF (Bad file descriptor) [pid 5016] close(20) = -1 EBADF (Bad file descriptor) [pid 5016] close(21) = -1 EBADF (Bad file descriptor) [pid 5016] close(22) = -1 EBADF (Bad file descriptor) [pid 5016] close(23) = -1 EBADF (Bad file descriptor) [pid 5016] close(24) = -1 EBADF (Bad file descriptor) [pid 5016] close(25) = -1 EBADF (Bad file descriptor) [pid 5016] close(26) = -1 EBADF (Bad file descriptor) [pid 5016] close(27) = -1 EBADF (Bad file descriptor) [pid 5016] close(28) = -1 EBADF (Bad file descriptor) [pid 5016] close(29) = -1 EBADF (Bad file descriptor) [pid 5016] exit_group(0) = ? [pid 5017] <... futex resumed>) = ? [pid 5017] +++ exited with 0 +++ [pid 5016] +++ exited with 0 +++ [pid 4995] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=13, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 4995] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4995] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4995] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 4 entries */, 32768) = 112 [pid 4995] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4995] unlink("./5/binderfs") = 0 [ 68.998774][ T5017] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 69.009903][ T5017] Remounting filesystem read-only [ 69.037518][ T4995] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 69.046475][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 69.053158][ T4995] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 69.060490][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.069391][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.078290][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.087430][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 69.094168][ T4995] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 69.101487][ T4995] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 69.108910][ T4995] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 69.116273][ T4995] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 69.123606][ T4995] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 69.130839][ T4995] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 69.138198][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4995] umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4995] umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./5/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./5/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4995] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(4, 0x555556d35880 /* 2 entries */, 32768) = 48 [pid 4995] getdents64(4, 0x555556d35880 /* 0 entries */, 32768) = 0 [pid 4995] close(4) = 0 [pid 4995] rmdir("./5/file2") = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 0 entries */, 32768) = 0 [pid 4995] close(3) = 0 [pid 4995] rmdir("./5") = 0 [pid 4995] mkdir("./6", 0777) = 0 [pid 4995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4995] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4995] close(3) = 0 [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d2c6d0) = 15 ./strace-static-x86_64: Process 5019 attached [pid 5019] set_robust_list(0x555556d2c6e0, 24) = 0 [ 69.147116][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.154757][ T4998] Bluetooth: hci0: command 0x0409 tx timeout [ 69.156196][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5019] chdir("./6") = 0 [pid 5019] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5019] setpgid(0, 0) = 0 [pid 5019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5019] write(3, "1000", 4) = 4 [pid 5019] close(3) = 0 [pid 5019] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5019] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5019] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f025bada000 [pid 5019] mprotect(0x7f025badb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5019] clone(child_stack=0x7f025bafa2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5020 attached [pid 5020] set_robust_list(0x7f025bafa9e0, 24) = 0 [pid 5020] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5019] <... clone resumed>, parent_tid=[16], tls=0x7f025bafa700, child_tidptr=0x7f025bafa9d0) = 16 [pid 5019] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5020] <... futex resumed>) = 0 [pid 5019] <... futex resumed>) = 1 [pid 5020] memfd_create("syzkaller", 0) = 3 [pid 5020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02536da000 [pid 5019] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5020] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5020] munmap(0x7f02536da000, 1048576) = 0 [pid 5020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5020] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5020] close(3) = 0 [pid 5020] mkdir("./file2", 0777) = 0 [pid 5020] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5020] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5020] chdir("./file2") = 0 [pid 5020] ioctl(4, LOOP_CLR_FD) = 0 [pid 5020] close(4) = 0 [pid 5020] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5019] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5019] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... futex resumed>) = 1 [pid 5020] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5020] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5019] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5019] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... futex resumed>) = 1 [pid 5020] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5020] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5019] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5019] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... futex resumed>) = 1 [pid 5020] ftruncate(5, 33587199) = 0 [pid 5020] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5019] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5019] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... futex resumed>) = 1 [ 69.246410][ T5020] loop0: detected capacity change from 0 to 2048 [ 69.262094][ T5021] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5020] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5020] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5020] <... futex resumed>) = 1 [pid 5019] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5020] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000 [pid 5019] <... futex resumed>) = 0 [pid 5019] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5020] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5019] <... futex resumed>) = 0 [pid 5019] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5020] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5019] <... futex resumed>) = 0 [pid 5020] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5019] <... futex resumed>) = 0 [pid 5019] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5019] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5020] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5019] <... futex resumed>) = 0 [pid 5019] close(3) = 0 [pid 5019] close(4) = 0 [pid 5019] close(5) = 0 [pid 5019] close(6) = -1 EBADF (Bad file descriptor) [pid 5019] close(7) = -1 EBADF (Bad file descriptor) [pid 5019] close(8) = -1 EBADF (Bad file descriptor) [pid 5019] close(9) = -1 EBADF (Bad file descriptor) [pid 5019] close(10) = -1 EBADF (Bad file descriptor) [pid 5019] close(11) = -1 EBADF (Bad file descriptor) [pid 5019] close(12) = -1 EBADF (Bad file descriptor) [pid 5019] close(13) = -1 EBADF (Bad file descriptor) [pid 5019] close(14) = -1 EBADF (Bad file descriptor) [pid 5019] close(15) = -1 EBADF (Bad file descriptor) [pid 5019] close(16) = -1 EBADF (Bad file descriptor) [pid 5019] close(17) = -1 EBADF (Bad file descriptor) [pid 5019] close(18) = -1 EBADF (Bad file descriptor) [pid 5019] close(19) = -1 EBADF (Bad file descriptor) [pid 5019] close(20) = -1 EBADF (Bad file descriptor) [pid 5019] close(21) = -1 EBADF (Bad file descriptor) [pid 5019] close(22) = -1 EBADF (Bad file descriptor) [pid 5019] close(23) = -1 EBADF (Bad file descriptor) [pid 5019] close(24) = -1 EBADF (Bad file descriptor) [pid 5019] close(25) = -1 EBADF (Bad file descriptor) [pid 5019] close(26) = -1 EBADF (Bad file descriptor) [pid 5019] close(27 [pid 5020] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5019] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5019] close(28) = -1 EBADF (Bad file descriptor) [pid 5019] close(29) = -1 EBADF (Bad file descriptor) [pid 5019] exit_group(0) = ? [pid 5020] <... futex resumed>) = ? [pid 5020] +++ exited with 0 +++ [pid 5019] +++ exited with 0 +++ [pid 4995] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=15, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 4995] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4995] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4995] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 4 entries */, 32768) = 112 [pid 4995] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4995] unlink("./6/binderfs") = 0 [ 69.294646][ T5020] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 69.304840][ T5020] Remounting filesystem read-only [ 69.337146][ T4995] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 69.346109][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 69.352783][ T4995] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 69.360346][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.369366][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.378363][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.387560][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 69.394396][ T4995] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 69.401677][ T4995] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 69.409004][ T4995] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 69.416346][ T4995] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 69.423672][ T4995] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 69.430723][ T4995] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [pid 4995] umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4995] umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./6/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./6/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4995] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(4, 0x555556d35880 /* 2 entries */, 32768) = 48 [pid 4995] getdents64(4, 0x555556d35880 /* 0 entries */, 32768) = 0 [pid 4995] close(4) = 0 [pid 4995] rmdir("./6/file2") = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 0 entries */, 32768) = 0 [pid 4995] close(3) = 0 [pid 4995] rmdir("./6") = 0 [pid 4995] mkdir("./7", 0777) = 0 [pid 4995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4995] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4995] close(3) = 0 [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d2c6d0) = 17 ./strace-static-x86_64: Process 5022 attached [pid 5022] set_robust_list(0x555556d2c6e0, 24) = 0 [pid 5022] chdir("./7") = 0 [pid 5022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5022] setpgid(0, 0) = 0 [pid 5022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5022] write(3, "1000", 4) = 4 [pid 5022] close(3) = 0 [pid 5022] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5022] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5022] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f025bada000 [pid 5022] mprotect(0x7f025badb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5022] clone(child_stack=0x7f025bafa2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[18], tls=0x7f025bafa700, child_tidptr=0x7f025bafa9d0) = 18 [pid 5022] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5022] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5023 attached [pid 5023] set_robust_list(0x7f025bafa9e0, 24) = 0 [pid 5023] memfd_create("syzkaller", 0) = 3 [pid 5023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02536da000 [pid 5023] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5023] munmap(0x7f02536da000, 1048576) = 0 [pid 5023] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 69.438324][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.447272][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.456219][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5023] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5023] close(3) = 0 [pid 5023] mkdir("./file2", 0777) = 0 [pid 5023] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5023] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5023] chdir("./file2") = 0 [pid 5023] ioctl(4, LOOP_CLR_FD) = 0 [pid 5023] close(4) = 0 [pid 5023] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] <... futex resumed>) = 0 [pid 5022] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5022] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] <... futex resumed>) = 1 [pid 5023] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5023] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] <... futex resumed>) = 0 [pid 5022] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5022] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] <... futex resumed>) = 1 [pid 5023] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5023] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] <... futex resumed>) = 0 [pid 5022] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5022] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] <... futex resumed>) = 1 [pid 5023] ftruncate(5, 33587199) = 0 [pid 5023] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] <... futex resumed>) = 0 [pid 5022] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5022] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] <... futex resumed>) = 1 [ 69.512266][ T5023] loop0: detected capacity change from 0 to 2048 [ 69.528864][ T5024] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5023] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5023] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5022] <... futex resumed>) = 0 [pid 5022] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5022] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5023] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5022] <... futex resumed>) = 0 [pid 5023] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5022] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5022] <... futex resumed>) = 0 [pid 5023] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5022] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5023] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5022] <... futex resumed>) = 0 [pid 5022] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5022] <... futex resumed>) = 0 [pid 5023] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5022] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5023] <... futex resumed>) = 0 [pid 5022] close(3 [pid 5023] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5022] <... close resumed>) = 0 [pid 5022] close(4) = 0 [pid 5022] close(5) = 0 [pid 5022] close(6) = -1 EBADF (Bad file descriptor) [pid 5022] close(7) = -1 EBADF (Bad file descriptor) [pid 5022] close(8) = -1 EBADF (Bad file descriptor) [pid 5022] close(9) = -1 EBADF (Bad file descriptor) [pid 5022] close(10) = -1 EBADF (Bad file descriptor) [pid 5022] close(11) = -1 EBADF (Bad file descriptor) [pid 5022] close(12) = -1 EBADF (Bad file descriptor) [pid 5022] close(13) = -1 EBADF (Bad file descriptor) [pid 5022] close(14) = -1 EBADF (Bad file descriptor) [pid 5022] close(15) = -1 EBADF (Bad file descriptor) [pid 5022] close(16) = -1 EBADF (Bad file descriptor) [pid 5022] close(17) = -1 EBADF (Bad file descriptor) [pid 5022] close(18) = -1 EBADF (Bad file descriptor) [pid 5022] close(19) = -1 EBADF (Bad file descriptor) [pid 5022] close(20) = -1 EBADF (Bad file descriptor) [pid 5022] close(21) = -1 EBADF (Bad file descriptor) [pid 5022] close(22) = -1 EBADF (Bad file descriptor) [pid 5022] close(23) = -1 EBADF (Bad file descriptor) [pid 5022] close(24) = -1 EBADF (Bad file descriptor) [pid 5022] close(25) = -1 EBADF (Bad file descriptor) [pid 5022] close(26) = -1 EBADF (Bad file descriptor) [pid 5022] close(27) = -1 EBADF (Bad file descriptor) [pid 5022] close(28) = -1 EBADF (Bad file descriptor) [pid 5022] close(29) = -1 EBADF (Bad file descriptor) [pid 5022] exit_group(0) = ? [pid 5023] <... futex resumed>) = ? [pid 5023] +++ exited with 0 +++ [pid 5022] +++ exited with 0 +++ [pid 4995] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=17, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 4995] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4995] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4995] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 4 entries */, 32768) = 112 [pid 4995] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 69.555370][ T5023] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 69.566235][ T5023] Remounting filesystem read-only [pid 4995] lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4995] unlink("./7/binderfs") = 0 [ 69.607804][ T4995] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 69.617254][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 69.624112][ T4995] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 69.631426][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.640374][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.649396][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.658593][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 69.665483][ T4995] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 69.672768][ T4995] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 69.680135][ T4995] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 69.687481][ T4995] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 69.694879][ T4995] NILFS (loop0): discard dirty page: offset=4096, ino=6 [pid 4995] umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4995] umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./7/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./7/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4995] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(4, 0x555556d35880 /* 2 entries */, 32768) = 48 [pid 4995] getdents64(4, 0x555556d35880 /* 0 entries */, 32768) = 0 [pid 4995] close(4) = 0 [pid 4995] rmdir("./7/file2") = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 0 entries */, 32768) = 0 [pid 4995] close(3) = 0 [pid 4995] rmdir("./7") = 0 [pid 4995] mkdir("./8", 0777) = 0 [pid 4995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4995] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4995] close(3) = 0 [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d2c6d0) = 19 ./strace-static-x86_64: Process 5025 attached [pid 5025] set_robust_list(0x555556d2c6e0, 24) = 0 [pid 5025] chdir("./8") = 0 [pid 5025] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5025] setpgid(0, 0) = 0 [pid 5025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5025] write(3, "1000", 4) = 4 [pid 5025] close(3) = 0 [pid 5025] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5025] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f025bada000 [pid 5025] mprotect(0x7f025badb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5025] clone(child_stack=0x7f025bafa2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[20], tls=0x7f025bafa700, child_tidptr=0x7f025bafa9d0) = 20 [pid 5025] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5025] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5026 attached [pid 5026] set_robust_list(0x7f025bafa9e0, 24) = 0 [pid 5026] memfd_create("syzkaller", 0) = 3 [pid 5026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02536da000 [pid 5026] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [ 69.701828][ T4995] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 69.709160][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.718211][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.727152][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5026] munmap(0x7f02536da000, 1048576) = 0 [pid 5026] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5026] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5026] close(3) = 0 [pid 5026] mkdir("./file2", 0777) = 0 [pid 5026] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5026] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5026] chdir("./file2") = 0 [pid 5026] ioctl(4, LOOP_CLR_FD) = 0 [pid 5026] close(4) = 0 [pid 5026] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... futex resumed>) = 0 [pid 5026] <... futex resumed>) = 1 [pid 5025] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5025] <... futex resumed>) = 0 [pid 5025] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5026] <... open resumed>) = 4 [pid 5026] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... futex resumed>) = 0 [pid 5026] <... futex resumed>) = 1 [pid 5025] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5025] <... futex resumed>) = 0 [pid 5025] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5026] <... open resumed>) = 5 [pid 5026] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... futex resumed>) = 0 [pid 5026] <... futex resumed>) = 1 [pid 5025] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] ftruncate(5, 33587199 [pid 5025] <... futex resumed>) = 0 [pid 5026] <... ftruncate resumed>) = 0 [pid 5025] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5026] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5026] <... futex resumed>) = 0 [pid 5025] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] sendfile(4, 5, NULL, 281474978811908 [pid 5025] <... futex resumed>) = 0 [ 69.790569][ T5026] loop0: detected capacity change from 0 to 2048 [ 69.806990][ T5027] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5025] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5026] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5026] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5025] <... futex resumed>) = 0 [pid 5026] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5025] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5025] <... futex resumed>) = 0 [pid 5026] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000 [pid 5025] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5026] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5026] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5025] <... futex resumed>) = 0 [pid 5026] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5025] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5025] <... futex resumed>) = 0 [pid 5026] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5026] <... futex resumed>) = 0 [pid 5025] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5026] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5025] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5025] <... futex resumed>) = 0 [pid 5026] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5025] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5026] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5026] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5025] <... futex resumed>) = 0 [pid 5026] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5025] close(3) = 0 [pid 5025] close(4) = 0 [pid 5025] close(5) = 0 [pid 5025] close(6) = -1 EBADF (Bad file descriptor) [pid 5025] close(7) = -1 EBADF (Bad file descriptor) [pid 5025] close(8) = -1 EBADF (Bad file descriptor) [pid 5025] close(9) = -1 EBADF (Bad file descriptor) [pid 5025] close(10) = -1 EBADF (Bad file descriptor) [pid 5025] close(11) = -1 EBADF (Bad file descriptor) [pid 5025] close(12) = -1 EBADF (Bad file descriptor) [pid 5025] close(13) = -1 EBADF (Bad file descriptor) [pid 5025] close(14) = -1 EBADF (Bad file descriptor) [pid 5025] close(15) = -1 EBADF (Bad file descriptor) [pid 5025] close(16) = -1 EBADF (Bad file descriptor) [pid 5025] close(17) = -1 EBADF (Bad file descriptor) [pid 5025] close(18) = -1 EBADF (Bad file descriptor) [pid 5025] close(19) = -1 EBADF (Bad file descriptor) [pid 5025] close(20) = -1 EBADF (Bad file descriptor) [pid 5025] close(21) = -1 EBADF (Bad file descriptor) [pid 5025] close(22) = -1 EBADF (Bad file descriptor) [pid 5025] close(23) = -1 EBADF (Bad file descriptor) [pid 5025] close(24) = -1 EBADF (Bad file descriptor) [pid 5025] close(25) = -1 EBADF (Bad file descriptor) [pid 5025] close(26) = -1 EBADF (Bad file descriptor) [pid 5025] close(27) = -1 EBADF (Bad file descriptor) [pid 5025] close(28) = -1 EBADF (Bad file descriptor) [pid 5025] close(29) = -1 EBADF (Bad file descriptor) [pid 5025] exit_group(0) = ? [pid 5026] <... futex resumed>) = ? [pid 5026] +++ exited with 0 +++ [pid 5025] +++ exited with 0 +++ [pid 4995] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=19, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 4995] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4995] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 4 entries */, 32768) = 112 [pid 4995] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4995] unlink("./8/binderfs") = 0 [ 69.831546][ T5026] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 69.841985][ T5026] Remounting filesystem read-only [ 69.884423][ T4995] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 69.893338][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 69.900369][ T4995] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 69.907823][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.916809][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.926223][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.935451][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 69.942156][ T4995] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 69.949520][ T4995] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 69.956917][ T4995] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 69.964273][ T4995] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 69.971587][ T4995] NILFS (loop0): discard dirty page: offset=4096, ino=6 [pid 4995] umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4995] umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./8/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./8/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4995] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(4, 0x555556d35880 /* 2 entries */, 32768) = 48 [pid 4995] getdents64(4, 0x555556d35880 /* 0 entries */, 32768) = 0 [pid 4995] close(4) = 0 [pid 4995] rmdir("./8/file2") = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 0 entries */, 32768) = 0 [pid 4995] close(3) = 0 [pid 4995] rmdir("./8") = 0 [pid 4995] mkdir("./9", 0777) = 0 [pid 4995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4995] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4995] close(3) = 0 [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d2c6d0) = 21 ./strace-static-x86_64: Process 5028 attached [pid 5028] set_robust_list(0x555556d2c6e0, 24) = 0 [pid 5028] chdir("./9") = 0 [pid 5028] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5028] setpgid(0, 0) = 0 [pid 5028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5028] write(3, "1000", 4) = 4 [pid 5028] close(3) = 0 [pid 5028] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5028] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f025bada000 [pid 5028] mprotect(0x7f025badb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5028] clone(child_stack=0x7f025bafa2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5029 attached , parent_tid=[22], tls=0x7f025bafa700, child_tidptr=0x7f025bafa9d0) = 22 [pid 5028] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5029] set_robust_list(0x7f025bafa9e0, 24) = 0 [pid 5029] memfd_create("syzkaller", 0) = 3 [pid 5029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02536da000 [ 69.978582][ T4995] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 69.985917][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.994830][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 70.003754][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5029] munmap(0x7f02536da000, 1048576) = 0 [pid 5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5029] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5029] close(3) = 0 [pid 5029] mkdir("./file2", 0777) = 0 [pid 5029] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5029] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5029] chdir("./file2") = 0 [pid 5029] ioctl(4, LOOP_CLR_FD) = 0 [pid 5029] close(4) = 0 [pid 5029] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5029] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5028] <... futex resumed>) = 0 [pid 5028] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5028] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... futex resumed>) = 0 [pid 5029] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5029] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = 0 [pid 5028] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... futex resumed>) = 1 [pid 5029] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5029] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = 0 [pid 5028] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... futex resumed>) = 1 [pid 5029] ftruncate(5, 33587199) = 0 [ 70.079728][ T5029] loop0: detected capacity change from 0 to 2048 [ 70.098075][ T5030] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5029] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5028] <... futex resumed>) = 0 [pid 5029] sendfile(4, 5, NULL, 281474978811908 [pid 5028] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5029] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = 0 [pid 5028] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... futex resumed>) = 1 [pid 5029] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5029] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = 0 [pid 5028] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... futex resumed>) = 1 [pid 5029] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5029] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = 0 [pid 5028] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... futex resumed>) = 1 [pid 5029] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5029] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... futex resumed>) = 0 [pid 5028] close(3) = 0 [pid 5028] close(4) = 0 [pid 5028] close(5) = 0 [pid 5028] close(6) = -1 EBADF (Bad file descriptor) [pid 5028] close(7) = -1 EBADF (Bad file descriptor) [pid 5028] close(8) = -1 EBADF (Bad file descriptor) [pid 5028] close(9) = -1 EBADF (Bad file descriptor) [pid 5028] close(10) = -1 EBADF (Bad file descriptor) [pid 5028] close(11) = -1 EBADF (Bad file descriptor) [pid 5028] close(12) = -1 EBADF (Bad file descriptor) [pid 5028] close(13) = -1 EBADF (Bad file descriptor) [pid 5028] close(14) = -1 EBADF (Bad file descriptor) [pid 5028] close(15) = -1 EBADF (Bad file descriptor) [pid 5028] close(16) = -1 EBADF (Bad file descriptor) [pid 5028] close(17) = -1 EBADF (Bad file descriptor) [pid 5028] close(18) = -1 EBADF (Bad file descriptor) [pid 5028] close(19) = -1 EBADF (Bad file descriptor) [pid 5028] close(20) = -1 EBADF (Bad file descriptor) [pid 5028] close(21) = -1 EBADF (Bad file descriptor) [pid 5028] close(22) = -1 EBADF (Bad file descriptor) [pid 5028] close(23) = -1 EBADF (Bad file descriptor) [pid 5028] close(24) = -1 EBADF (Bad file descriptor) [pid 5028] close(25) = -1 EBADF (Bad file descriptor) [pid 5028] close(26) = -1 EBADF (Bad file descriptor) [pid 5028] close(27) = -1 EBADF (Bad file descriptor) [pid 5028] close(28) = -1 EBADF (Bad file descriptor) [pid 5028] close(29) = -1 EBADF (Bad file descriptor) [pid 5028] exit_group(0) = ? [pid 5029] <... futex resumed>) = ? [pid 5029] +++ exited with 0 +++ [pid 5028] +++ exited with 0 +++ [pid 4995] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=21, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 4995] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4995] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4995] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 4 entries */, 32768) = 112 [pid 4995] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 70.128813][ T5029] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 70.140789][ T5029] Remounting filesystem read-only [pid 4995] unlink("./9/binderfs") = 0 [ 70.172707][ T4995] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 70.182044][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 70.189268][ T4995] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 70.196676][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 70.206081][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 70.215035][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 70.224214][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 70.230895][ T4995] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 70.238268][ T4995] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 70.245606][ T4995] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 70.252905][ T4995] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 70.260270][ T4995] NILFS (loop0): discard dirty page: offset=4096, ino=6 [pid 4995] umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4995] umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./9/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./9/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4995] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(4, 0x555556d35880 /* 2 entries */, 32768) = 48 [pid 4995] getdents64(4, 0x555556d35880 /* 0 entries */, 32768) = 0 [pid 4995] close(4) = 0 [pid 4995] rmdir("./9/file2") = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 0 entries */, 32768) = 0 [pid 4995] close(3) = 0 [pid 4995] rmdir("./9") = 0 [pid 4995] mkdir("./10", 0777) = 0 [pid 4995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4995] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4995] close(3) = 0 [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d2c6d0) = 23 ./strace-static-x86_64: Process 5031 attached [pid 5031] set_robust_list(0x555556d2c6e0, 24) = 0 [pid 5031] chdir("./10") = 0 [pid 5031] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5031] setpgid(0, 0) = 0 [pid 5031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5031] write(3, "1000", 4) = 4 [pid 5031] close(3) = 0 [pid 5031] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5031] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f025bada000 [pid 5031] mprotect(0x7f025badb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5031] clone(child_stack=0x7f025bafa2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5032 attached , parent_tid=[24], tls=0x7f025bafa700, child_tidptr=0x7f025bafa9d0) = 24 [pid 5032] set_robust_list(0x7f025bafa9e0, 24) = 0 [pid 5032] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5031] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] <... futex resumed>) = 0 [pid 5031] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5032] memfd_create("syzkaller", 0) = 3 [pid 5032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02536da000 [ 70.267250][ T4995] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 70.274652][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 70.283544][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 70.292482][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5032] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5032] munmap(0x7f02536da000, 1048576) = 0 [pid 5032] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5032] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5032] close(3) = 0 [pid 5032] mkdir("./file2", 0777) = 0 [pid 5032] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5032] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5032] chdir("./file2") = 0 [pid 5032] ioctl(4, LOOP_CLR_FD) = 0 [pid 5032] close(4) = 0 [pid 5032] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5031] <... futex resumed>) = 0 [pid 5031] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5031] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5032] <... futex resumed>) = 0 [pid 5032] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5032] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5031] <... futex resumed>) = 0 [pid 5031] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5031] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5032] <... futex resumed>) = 0 [pid 5032] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5032] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5031] <... futex resumed>) = 0 [pid 5031] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5031] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5032] ftruncate(5, 33587199) = 0 [pid 5032] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5031] <... futex resumed>) = 0 [pid 5031] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5031] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 70.364169][ T5032] loop0: detected capacity change from 0 to 2048 [ 70.379416][ T5033] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5032] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5032] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5031] <... futex resumed>) = 0 [pid 5031] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5031] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5032] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5032] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5031] <... futex resumed>) = 0 [pid 5032] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5031] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5031] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5032] <... futex resumed>) = 0 [pid 5032] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5032] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] <... futex resumed>) = 0 [pid 5031] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5031] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5032] <... futex resumed>) = 1 [pid 5032] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5032] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5031] <... futex resumed>) = 0 [pid 5032] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5031] close(3) = 0 [pid 5031] close(4) = 0 [pid 5031] close(5) = 0 [pid 5031] close(6) = -1 EBADF (Bad file descriptor) [pid 5031] close(7) = -1 EBADF (Bad file descriptor) [pid 5031] close(8) = -1 EBADF (Bad file descriptor) [pid 5031] close(9) = -1 EBADF (Bad file descriptor) [pid 5031] close(10) = -1 EBADF (Bad file descriptor) [pid 5031] close(11) = -1 EBADF (Bad file descriptor) [pid 5031] close(12) = -1 EBADF (Bad file descriptor) [pid 5031] close(13) = -1 EBADF (Bad file descriptor) [pid 5031] close(14) = -1 EBADF (Bad file descriptor) [pid 5031] close(15) = -1 EBADF (Bad file descriptor) [pid 5031] close(16) = -1 EBADF (Bad file descriptor) [pid 5031] close(17) = -1 EBADF (Bad file descriptor) [pid 5031] close(18) = -1 EBADF (Bad file descriptor) [pid 5031] close(19) = -1 EBADF (Bad file descriptor) [pid 5031] close(20) = -1 EBADF (Bad file descriptor) [pid 5031] close(21) = -1 EBADF (Bad file descriptor) [pid 5031] close(22) = -1 EBADF (Bad file descriptor) [pid 5031] close(23) = -1 EBADF (Bad file descriptor) [pid 5031] close(24) = -1 EBADF (Bad file descriptor) [pid 5031] close(25) = -1 EBADF (Bad file descriptor) [pid 5031] close(26) = -1 EBADF (Bad file descriptor) [pid 5031] close(27) = -1 EBADF (Bad file descriptor) [pid 5031] close(28) = -1 EBADF (Bad file descriptor) [pid 5031] close(29) = -1 EBADF (Bad file descriptor) [pid 5031] exit_group(0 [pid 5032] <... futex resumed>) = ? [pid 5031] <... exit_group resumed>) = ? [pid 5032] +++ exited with 0 +++ [pid 5031] +++ exited with 0 +++ [pid 4995] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=23, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 4995] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4995] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 4 entries */, 32768) = 112 [pid 4995] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4995] unlink("./10/binderfs") = 0 [ 70.419252][ T5032] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 70.429563][ T5032] Remounting filesystem read-only [ 70.484656][ T4995] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 70.493563][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 70.500801][ T4995] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 70.508225][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 70.517220][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 70.526160][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 70.535349][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 70.542057][ T4995] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 70.549391][ T4995] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 70.556772][ T4995] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 70.564097][ T4995] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 70.571415][ T4995] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 70.578437][ T4995] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [pid 4995] umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4995] umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./10/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./10/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4995] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(4, 0x555556d35880 /* 2 entries */, 32768) = 48 [pid 4995] getdents64(4, 0x555556d35880 /* 0 entries */, 32768) = 0 [pid 4995] close(4) = 0 [pid 4995] rmdir("./10/file2") = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 0 entries */, 32768) = 0 [pid 4995] close(3) = 0 [pid 4995] rmdir("./10") = 0 [pid 4995] mkdir("./11", 0777) = 0 [pid 4995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4995] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4995] close(3) = 0 [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d2c6d0) = 25 ./strace-static-x86_64: Process 5034 attached [pid 5034] set_robust_list(0x555556d2c6e0, 24) = 0 [pid 5034] chdir("./11") = 0 [pid 5034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5034] setpgid(0, 0) = 0 [pid 5034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5034] write(3, "1000", 4) = 4 [pid 5034] close(3) = 0 [pid 5034] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5034] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f025bada000 [pid 5034] mprotect(0x7f025badb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5034] clone(child_stack=0x7f025bafa2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[26], tls=0x7f025bafa700, child_tidptr=0x7f025bafa9d0) = 26 [pid 5034] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5035 attached [pid 5035] set_robust_list(0x7f025bafa9e0, 24) = 0 [pid 5035] memfd_create("syzkaller", 0) = 3 [pid 5035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02536da000 [ 70.585809][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 70.594835][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 70.603754][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5035] munmap(0x7f02536da000, 1048576) = 0 [pid 5035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5035] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5035] close(3) = 0 [pid 5035] mkdir("./file2", 0777) = 0 [pid 5035] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5035] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5035] chdir("./file2") = 0 [pid 5035] ioctl(4, LOOP_CLR_FD) = 0 [pid 5035] close(4) = 0 [pid 5035] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = 0 [pid 5034] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... futex resumed>) = 1 [pid 5035] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5035] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = 0 [pid 5034] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... futex resumed>) = 1 [pid 5035] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5035] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = 0 [pid 5034] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... futex resumed>) = 1 [pid 5035] ftruncate(5, 33587199) = 0 [pid 5035] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = 0 [pid 5034] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... futex resumed>) = 1 [ 70.683113][ T5035] loop0: detected capacity change from 0 to 2048 [ 70.698666][ T5036] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5035] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5035] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = 0 [pid 5034] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... futex resumed>) = 1 [pid 5035] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5035] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = 0 [pid 5034] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... futex resumed>) = 1 [pid 5035] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5035] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = 0 [pid 5034] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... futex resumed>) = 1 [pid 5035] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5035] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = 0 [pid 5034] close(3) = 0 [pid 5034] close(4) = 0 [pid 5034] close(5) = 0 [pid 5034] close(6) = -1 EBADF (Bad file descriptor) [pid 5034] close(7) = -1 EBADF (Bad file descriptor) [pid 5034] close(8 [pid 5035] <... futex resumed>) = 1 [pid 5034] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5035] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] close(9) = -1 EBADF (Bad file descriptor) [pid 5034] close(10) = -1 EBADF (Bad file descriptor) [pid 5034] close(11) = -1 EBADF (Bad file descriptor) [pid 5034] close(12) = -1 EBADF (Bad file descriptor) [pid 5034] close(13) = -1 EBADF (Bad file descriptor) [pid 5034] close(14) = -1 EBADF (Bad file descriptor) [pid 5034] close(15) = -1 EBADF (Bad file descriptor) [pid 5034] close(16) = -1 EBADF (Bad file descriptor) [pid 5034] close(17) = -1 EBADF (Bad file descriptor) [pid 5034] close(18) = -1 EBADF (Bad file descriptor) [pid 5034] close(19) = -1 EBADF (Bad file descriptor) [pid 5034] close(20) = -1 EBADF (Bad file descriptor) [pid 5034] close(21) = -1 EBADF (Bad file descriptor) [pid 5034] close(22) = -1 EBADF (Bad file descriptor) [pid 5034] close(23) = -1 EBADF (Bad file descriptor) [pid 5034] close(24) = -1 EBADF (Bad file descriptor) [pid 5034] close(25) = -1 EBADF (Bad file descriptor) [pid 5034] close(26) = -1 EBADF (Bad file descriptor) [pid 5034] close(27) = -1 EBADF (Bad file descriptor) [pid 5034] close(28) = -1 EBADF (Bad file descriptor) [pid 5034] close(29) = -1 EBADF (Bad file descriptor) [pid 5034] exit_group(0 [pid 5035] <... futex resumed>) = ? [pid 5034] <... exit_group resumed>) = ? [pid 5035] +++ exited with 0 +++ [pid 5034] +++ exited with 0 +++ [pid 4995] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=25, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 4995] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4995] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4995] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 4 entries */, 32768) = 112 [pid 4995] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4995] unlink("./11/binderfs") = 0 [ 70.745930][ T5035] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 70.756568][ T5035] Remounting filesystem read-only [ 70.802035][ T4995] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 70.811154][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 70.818039][ T4995] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 70.825512][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 70.834641][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 70.843578][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 70.852785][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 70.859551][ T4995] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 70.867436][ T4995] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 70.875232][ T4995] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 70.882542][ T4995] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 70.890098][ T4995] NILFS (loop0): discard dirty page: offset=4096, ino=6 [pid 4995] umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4995] umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./11/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./11/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4995] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(4, 0x555556d35880 /* 2 entries */, 32768) = 48 [pid 4995] getdents64(4, 0x555556d35880 /* 0 entries */, 32768) = 0 [pid 4995] close(4) = 0 [pid 4995] rmdir("./11/file2") = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 0 entries */, 32768) = 0 [pid 4995] close(3) = 0 [pid 4995] rmdir("./11") = 0 [pid 4995] mkdir("./12", 0777) = 0 [pid 4995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4995] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4995] close(3) = 0 [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d2c6d0) = 27 ./strace-static-x86_64: Process 5037 attached [pid 5037] set_robust_list(0x555556d2c6e0, 24) = 0 [pid 5037] chdir("./12") = 0 [pid 5037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5037] setpgid(0, 0) = 0 [pid 5037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5037] write(3, "1000", 4) = 4 [pid 5037] close(3) = 0 [pid 5037] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5037] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f025bada000 [pid 5037] mprotect(0x7f025badb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5037] clone(child_stack=0x7f025bafa2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5038 attached , parent_tid=[28], tls=0x7f025bafa700, child_tidptr=0x7f025bafa9d0) = 28 [pid 5037] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5038] set_robust_list(0x7f025bafa9e0, 24) = 0 [ 70.897222][ T4995] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 70.904696][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 70.913543][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 70.922797][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5038] memfd_create("syzkaller", 0) = 3 [pid 5038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02536da000 [pid 5038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5038] munmap(0x7f02536da000, 1048576) = 0 [pid 5038] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5038] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5038] close(3) = 0 [pid 5038] mkdir("./file2", 0777) = 0 [pid 5038] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5038] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5038] chdir("./file2") = 0 [pid 5038] ioctl(4, LOOP_CLR_FD) = 0 [pid 5038] close(4) = 0 [pid 5038] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5037] <... futex resumed>) = 0 [pid 5037] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5037] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5038] <... open resumed>) = 4 [pid 5038] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5037] <... futex resumed>) = 0 [pid 5037] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5037] <... futex resumed>) = 0 [pid 5037] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5038] <... open resumed>) = 5 [pid 5038] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... futex resumed>) = 0 [pid 5037] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5038] <... futex resumed>) = 1 [pid 5038] ftruncate(5, 33587199) = 0 [pid 5038] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5037] <... futex resumed>) = 0 [pid 5037] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] sendfile(4, 5, NULL, 281474978811908 [pid 5037] <... futex resumed>) = 0 [ 71.011771][ T5038] loop0: detected capacity change from 0 to 2048 [ 71.027776][ T5039] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5037] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5038] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5038] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5037] <... futex resumed>) = 0 [pid 5038] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5037] <... futex resumed>) = 0 [pid 5038] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000 [pid 5037] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5038] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5038] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5037] <... futex resumed>) = 0 [pid 5038] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5037] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5037] <... futex resumed>) = 0 [pid 5037] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5038] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... futex resumed>) = 0 [pid 5038] <... futex resumed>) = 1 [pid 5037] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5037] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5038] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5038] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5037] <... futex resumed>) = 0 [pid 5038] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] close(3) = 0 [pid 5037] close(4) = 0 [pid 5037] close(5) = 0 [pid 5037] close(6) = -1 EBADF (Bad file descriptor) [pid 5037] close(7) = -1 EBADF (Bad file descriptor) [pid 5037] close(8) = -1 EBADF (Bad file descriptor) [pid 5037] close(9) = -1 EBADF (Bad file descriptor) [pid 5037] close(10) = -1 EBADF (Bad file descriptor) [pid 5037] close(11) = -1 EBADF (Bad file descriptor) [pid 5037] close(12) = -1 EBADF (Bad file descriptor) [pid 5037] close(13) = -1 EBADF (Bad file descriptor) [pid 5037] close(14) = -1 EBADF (Bad file descriptor) [pid 5037] close(15) = -1 EBADF (Bad file descriptor) [pid 5037] close(16) = -1 EBADF (Bad file descriptor) [pid 5037] close(17) = -1 EBADF (Bad file descriptor) [pid 5037] close(18) = -1 EBADF (Bad file descriptor) [pid 5037] close(19) = -1 EBADF (Bad file descriptor) [pid 5037] close(20) = -1 EBADF (Bad file descriptor) [pid 5037] close(21) = -1 EBADF (Bad file descriptor) [pid 5037] close(22) = -1 EBADF (Bad file descriptor) [pid 5037] close(23) = -1 EBADF (Bad file descriptor) [pid 5037] close(24) = -1 EBADF (Bad file descriptor) [pid 5037] close(25) = -1 EBADF (Bad file descriptor) [pid 5037] close(26) = -1 EBADF (Bad file descriptor) [pid 5037] close(27) = -1 EBADF (Bad file descriptor) [pid 5037] close(28) = -1 EBADF (Bad file descriptor) [pid 5037] close(29) = -1 EBADF (Bad file descriptor) [pid 5037] exit_group(0 [pid 5038] <... futex resumed>) = ? [pid 5037] <... exit_group resumed>) = ? [pid 5038] +++ exited with 0 +++ [pid 5037] +++ exited with 0 +++ [pid 4995] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=27, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 4995] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4995] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 4 entries */, 32768) = 112 [pid 4995] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4995] unlink("./12/binderfs") = 0 [ 71.071400][ T5038] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 71.082033][ T5038] Remounting filesystem read-only [ 71.112899][ T4995] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 71.121999][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 71.128889][ T4995] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 71.136294][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 71.145967][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 71.155062][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 71.164369][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 71.171068][ T4995] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 71.178533][ T4995] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 71.185926][ T4995] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 71.193236][ T4995] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 71.200607][ T4995] NILFS (loop0): discard dirty page: offset=4096, ino=6 [pid 4995] umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4995] umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./12/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./12/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4995] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(4, 0x555556d35880 /* 2 entries */, 32768) = 48 [pid 4995] getdents64(4, 0x555556d35880 /* 0 entries */, 32768) = 0 [pid 4995] close(4) = 0 [pid 4995] rmdir("./12/file2") = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 0 entries */, 32768) = 0 [pid 4995] close(3) = 0 [pid 4995] rmdir("./12") = 0 [pid 4995] mkdir("./13", 0777) = 0 [pid 4995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4995] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4995] close(3) = 0 [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d2c6d0) = 29 ./strace-static-x86_64: Process 5040 attached [pid 5040] set_robust_list(0x555556d2c6e0, 24) = 0 [pid 5040] chdir("./13") = 0 [pid 5040] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5040] setpgid(0, 0) = 0 [pid 5040] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5040] write(3, "1000", 4) = 4 [pid 5040] close(3) = 0 [pid 5040] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5040] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5040] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f025bada000 [ 71.207660][ T4995] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 71.215017][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 71.224193][ T4998] Bluetooth: hci0: command 0x041b tx timeout [ 71.224197][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 71.224221][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5040] mprotect(0x7f025badb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5040] clone(child_stack=0x7f025bafa2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[30], tls=0x7f025bafa700, child_tidptr=0x7f025bafa9d0) = 30 ./strace-static-x86_64: Process 5041 attached [pid 5040] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5040] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5041] set_robust_list(0x7f025bafa9e0, 24) = 0 [pid 5041] memfd_create("syzkaller", 0) = 3 [pid 5041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02536da000 [pid 5041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5041] munmap(0x7f02536da000, 1048576) = 0 [pid 5041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5041] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5041] close(3) = 0 [pid 5041] mkdir("./file2", 0777) = 0 [pid 5041] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5041] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5041] chdir("./file2") = 0 [pid 5041] ioctl(4, LOOP_CLR_FD) = 0 [pid 5041] close(4) = 0 [pid 5041] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5040] <... futex resumed>) = 0 [pid 5040] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... futex resumed>) = 0 [pid 5040] <... futex resumed>) = 1 [pid 5041] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5040] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] <... open resumed>) = 4 [pid 5041] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... futex resumed>) = 0 [pid 5040] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5040] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] <... futex resumed>) = 1 [pid 5041] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5041] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... futex resumed>) = 0 [pid 5040] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5040] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] <... futex resumed>) = 1 [pid 5041] ftruncate(5, 33587199) = 0 [pid 5041] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... futex resumed>) = 0 [pid 5040] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5040] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] <... futex resumed>) = 1 [ 71.314244][ T5041] loop0: detected capacity change from 0 to 2048 [ 71.330996][ T5042] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5041] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5041] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... futex resumed>) = 0 [pid 5041] <... futex resumed>) = 1 [pid 5040] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000 [pid 5040] <... futex resumed>) = 0 [pid 5040] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5041] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5040] <... futex resumed>) = 0 [pid 5040] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5040] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5041] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5040] <... futex resumed>) = 0 [pid 5040] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5040] <... futex resumed>) = 0 [pid 5040] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5041] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5040] <... futex resumed>) = 0 [pid 5041] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5040] close(3) = 0 [pid 5040] close(4) = 0 [pid 5040] close(5) = 0 [pid 5040] close(6) = -1 EBADF (Bad file descriptor) [pid 5040] close(7) = -1 EBADF (Bad file descriptor) [pid 5040] close(8) = -1 EBADF (Bad file descriptor) [pid 5040] close(9) = -1 EBADF (Bad file descriptor) [pid 5040] close(10) = -1 EBADF (Bad file descriptor) [pid 5040] close(11) = -1 EBADF (Bad file descriptor) [pid 5040] close(12) = -1 EBADF (Bad file descriptor) [pid 5040] close(13) = -1 EBADF (Bad file descriptor) [pid 5040] close(14) = -1 EBADF (Bad file descriptor) [pid 5040] close(15) = -1 EBADF (Bad file descriptor) [pid 5040] close(16) = -1 EBADF (Bad file descriptor) [pid 5040] close(17) = -1 EBADF (Bad file descriptor) [pid 5040] close(18) = -1 EBADF (Bad file descriptor) [pid 5040] close(19) = -1 EBADF (Bad file descriptor) [pid 5040] close(20) = -1 EBADF (Bad file descriptor) [pid 5040] close(21) = -1 EBADF (Bad file descriptor) [pid 5040] close(22) = -1 EBADF (Bad file descriptor) [pid 5040] close(23) = -1 EBADF (Bad file descriptor) [pid 5040] close(24) = -1 EBADF (Bad file descriptor) [pid 5040] close(25) = -1 EBADF (Bad file descriptor) [pid 5040] close(26) = -1 EBADF (Bad file descriptor) [pid 5040] close(27) = -1 EBADF (Bad file descriptor) [pid 5040] close(28) = -1 EBADF (Bad file descriptor) [pid 5040] close(29) = -1 EBADF (Bad file descriptor) [pid 5040] exit_group(0) = ? [pid 5041] <... futex resumed>) = ? [pid 5041] +++ exited with 0 +++ [pid 5040] +++ exited with 0 +++ [pid 4995] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=29, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 4995] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4995] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4995] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 4 entries */, 32768) = 112 [pid 4995] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4995] unlink("./13/binderfs") = 0 [ 71.357643][ T5041] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 71.368416][ T5041] Remounting filesystem read-only [ 71.405099][ T4995] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 71.414315][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 71.420999][ T4995] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 71.428579][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 71.437789][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 71.446920][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 71.456360][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 71.463097][ T4995] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 71.470476][ T4995] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 71.477820][ T4995] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 71.485155][ T4995] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 71.492466][ T4995] NILFS (loop0): discard dirty page: offset=4096, ino=6 [pid 4995] umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4995] umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./13/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./13/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4995] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(4, 0x555556d35880 /* 2 entries */, 32768) = 48 [pid 4995] getdents64(4, 0x555556d35880 /* 0 entries */, 32768) = 0 [pid 4995] close(4) = 0 [pid 4995] rmdir("./13/file2") = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 0 entries */, 32768) = 0 [pid 4995] close(3) = 0 [pid 4995] rmdir("./13") = 0 [pid 4995] mkdir("./14", 0777) = 0 [pid 4995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4995] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4995] close(3) = 0 [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d2c6d0) = 31 ./strace-static-x86_64: Process 5043 attached [pid 5043] set_robust_list(0x555556d2c6e0, 24) = 0 [pid 5043] chdir("./14") = 0 [pid 5043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5043] setpgid(0, 0) = 0 [pid 5043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5043] write(3, "1000", 4) = 4 [pid 5043] close(3) = 0 [pid 5043] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5043] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f025bada000 [pid 5043] mprotect(0x7f025badb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5043] clone(child_stack=0x7f025bafa2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5044 attached , parent_tid=[32], tls=0x7f025bafa700, child_tidptr=0x7f025bafa9d0) = 32 [pid 5043] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5044] set_robust_list(0x7f025bafa9e0, 24) = 0 [pid 5044] memfd_create("syzkaller", 0) = 3 [pid 5044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02536da000 [ 71.499470][ T4995] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 71.506806][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 71.515878][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 71.524783][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5044] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5044] munmap(0x7f02536da000, 1048576) = 0 [pid 5044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5044] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5044] close(3) = 0 [pid 5044] mkdir("./file2", 0777) = 0 [pid 5044] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5044] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5044] chdir("./file2") = 0 [pid 5044] ioctl(4, LOOP_CLR_FD) = 0 [pid 5044] close(4) = 0 [pid 5044] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] <... futex resumed>) = 0 [pid 5043] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5044] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] <... futex resumed>) = 0 [pid 5043] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5044] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] <... futex resumed>) = 0 [pid 5043] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] ftruncate(5, 33587199) = 0 [pid 5044] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] <... futex resumed>) = 0 [pid 5043] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 71.590014][ T5044] loop0: detected capacity change from 0 to 2048 [ 71.606254][ T5045] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5044] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5044] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... futex resumed>) = 0 [pid 5043] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] <... futex resumed>) = 1 [pid 5044] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5044] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... futex resumed>) = 0 [pid 5043] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] <... futex resumed>) = 1 [pid 5044] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5044] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... futex resumed>) = 0 [pid 5043] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] <... futex resumed>) = 1 [pid 5044] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5044] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... futex resumed>) = 0 [pid 5043] close(3) = 0 [pid 5043] close(4) = 0 [pid 5043] close(5) = 0 [pid 5043] close(6) = -1 EBADF (Bad file descriptor) [pid 5043] close(7) = -1 EBADF (Bad file descriptor) [pid 5043] close(8) = -1 EBADF (Bad file descriptor) [pid 5043] close(9) = -1 EBADF (Bad file descriptor) [pid 5043] close(10) = -1 EBADF (Bad file descriptor) [pid 5043] close(11) = -1 EBADF (Bad file descriptor) [pid 5043] close(12) = -1 EBADF (Bad file descriptor) [pid 5043] close(13) = -1 EBADF (Bad file descriptor) [pid 5043] close(14) = -1 EBADF (Bad file descriptor) [pid 5043] close(15) = -1 EBADF (Bad file descriptor) [pid 5043] close(16) = -1 EBADF (Bad file descriptor) [pid 5043] close(17) = -1 EBADF (Bad file descriptor) [pid 5043] close(18) = -1 EBADF (Bad file descriptor) [pid 5043] close(19) = -1 EBADF (Bad file descriptor) [pid 5043] close(20) = -1 EBADF (Bad file descriptor) [pid 5043] close(21) = -1 EBADF (Bad file descriptor) [pid 5043] close(22) = -1 EBADF (Bad file descriptor) [pid 5043] close(23) = -1 EBADF (Bad file descriptor) [pid 5043] close(24) = -1 EBADF (Bad file descriptor) [pid 5043] close(25) = -1 EBADF (Bad file descriptor) [pid 5044] <... futex resumed>) = 1 [pid 5043] close(26 [pid 5044] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5043] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 5043] close(27) = -1 EBADF (Bad file descriptor) [pid 5043] close(28) = -1 EBADF (Bad file descriptor) [pid 5043] close(29) = -1 EBADF (Bad file descriptor) [pid 5043] exit_group(0 [pid 5044] <... futex resumed>) = ? [pid 5043] <... exit_group resumed>) = ? [pid 5044] +++ exited with 0 +++ [pid 5043] +++ exited with 0 +++ [pid 4995] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=31, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 4995] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4995] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 4 entries */, 32768) = 112 [pid 4995] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4995] unlink("./14/binderfs") = 0 [ 71.650942][ T5044] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 71.661523][ T5044] Remounting filesystem read-only [ 71.694620][ T4995] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 71.703521][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 71.710539][ T4995] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 71.718121][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 71.727541][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 71.736639][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 71.746109][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 71.752796][ T4995] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 71.760405][ T4995] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 71.767914][ T4995] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 71.775467][ T4995] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 71.782770][ T4995] NILFS (loop0): discard dirty page: offset=4096, ino=6 [pid 4995] umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4995] umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./14/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./14/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4995] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(4, 0x555556d35880 /* 2 entries */, 32768) = 48 [pid 4995] getdents64(4, 0x555556d35880 /* 0 entries */, 32768) = 0 [pid 4995] close(4) = 0 [pid 4995] rmdir("./14/file2") = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 0 entries */, 32768) = 0 [pid 4995] close(3) = 0 [pid 4995] rmdir("./14") = 0 [pid 4995] mkdir("./15", 0777) = 0 [pid 4995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4995] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4995] close(3) = 0 [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5046 attached , child_tidptr=0x555556d2c6d0) = 33 [pid 5046] set_robust_list(0x555556d2c6e0, 24) = 0 [pid 5046] chdir("./15") = 0 [pid 5046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5046] setpgid(0, 0) = 0 [pid 5046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5046] write(3, "1000", 4) = 4 [pid 5046] close(3) = 0 [pid 5046] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5046] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 71.790215][ T4995] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 71.797930][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 71.807046][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 71.816113][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f025bada000 [pid 5046] mprotect(0x7f025badb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5046] clone(child_stack=0x7f025bafa2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5047 attached [pid 5047] set_robust_list(0x7f025bafa9e0, 24) = 0 [pid 5047] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5046] <... clone resumed>, parent_tid=[34], tls=0x7f025bafa700, child_tidptr=0x7f025bafa9d0) = 34 [pid 5046] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5046] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5047] memfd_create("syzkaller", 0) = 3 [pid 5047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02536da000 [pid 5047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5047] munmap(0x7f02536da000, 1048576) = 0 [pid 5047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5047] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5047] close(3) = 0 [pid 5047] mkdir("./file2", 0777) = 0 [pid 5047] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5047] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5047] chdir("./file2") = 0 [pid 5047] ioctl(4, LOOP_CLR_FD) = 0 [pid 5047] close(4) = 0 [pid 5047] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5046] <... futex resumed>) = 0 [pid 5046] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5046] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] <... futex resumed>) = 0 [pid 5047] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5047] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5046] <... futex resumed>) = 0 [pid 5047] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5046] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] <... open resumed>) = 5 [pid 5047] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5046] <... futex resumed>) = 0 [pid 5047] ftruncate(5, 33587199 [pid 5046] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] <... ftruncate resumed>) = 0 [pid 5047] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5046] <... futex resumed>) = 0 [pid 5047] sendfile(4, 5, NULL, 281474978811908 [pid 5046] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 71.912956][ T5047] loop0: detected capacity change from 0 to 2048 [ 71.929457][ T5048] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5046] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5047] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... futex resumed>) = 0 [pid 5047] <... futex resumed>) = 1 [pid 5046] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000 [pid 5046] <... futex resumed>) = 0 [pid 5046] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5047] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... futex resumed>) = 0 [pid 5047] <... futex resumed>) = 1 [pid 5046] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5046] <... futex resumed>) = 0 [pid 5047] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5046] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5047] <... futex resumed>) = 0 [pid 5046] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5046] <... futex resumed>) = 0 [pid 5047] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5046] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5047] <... futex resumed>) = 0 [pid 5046] close(3 [pid 5047] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5046] <... close resumed>) = 0 [pid 5046] close(4) = 0 [pid 5046] close(5) = 0 [pid 5046] close(6) = -1 EBADF (Bad file descriptor) [pid 5046] close(7) = -1 EBADF (Bad file descriptor) [pid 5046] close(8) = -1 EBADF (Bad file descriptor) [pid 5046] close(9) = -1 EBADF (Bad file descriptor) [pid 5046] close(10) = -1 EBADF (Bad file descriptor) [pid 5046] close(11) = -1 EBADF (Bad file descriptor) [pid 5046] close(12) = -1 EBADF (Bad file descriptor) [pid 5046] close(13) = -1 EBADF (Bad file descriptor) [pid 5046] close(14) = -1 EBADF (Bad file descriptor) [pid 5046] close(15) = -1 EBADF (Bad file descriptor) [pid 5046] close(16) = -1 EBADF (Bad file descriptor) [pid 5046] close(17) = -1 EBADF (Bad file descriptor) [pid 5046] close(18) = -1 EBADF (Bad file descriptor) [pid 5046] close(19) = -1 EBADF (Bad file descriptor) [pid 5046] close(20) = -1 EBADF (Bad file descriptor) [pid 5046] close(21) = -1 EBADF (Bad file descriptor) [pid 5046] close(22) = -1 EBADF (Bad file descriptor) [pid 5046] close(23) = -1 EBADF (Bad file descriptor) [pid 5046] close(24) = -1 EBADF (Bad file descriptor) [pid 5046] close(25) = -1 EBADF (Bad file descriptor) [pid 5046] close(26) = -1 EBADF (Bad file descriptor) [pid 5046] close(27) = -1 EBADF (Bad file descriptor) [pid 5046] close(28) = -1 EBADF (Bad file descriptor) [pid 5046] close(29) = -1 EBADF (Bad file descriptor) [pid 5046] exit_group(0) = ? [pid 5047] <... futex resumed>) = ? [pid 5047] +++ exited with 0 +++ [pid 5046] +++ exited with 0 +++ [pid 4995] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=33, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 4995] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4995] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4995] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 4 entries */, 32768) = 112 [pid 4995] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 71.964095][ T5047] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 71.974865][ T5047] Remounting filesystem read-only [pid 4995] unlink("./15/binderfs") = 0 [ 72.054432][ T4995] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 72.063379][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 72.070173][ T4995] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 72.077647][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 72.086691][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 72.095805][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 72.104956][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 72.111660][ T4995] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 72.119033][ T4995] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 72.126671][ T4995] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 72.134040][ T4995] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 72.141379][ T4995] NILFS (loop0): discard dirty page: offset=4096, ino=6 [pid 4995] umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4995] umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./15/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./15/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4995] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(4, 0x555556d35880 /* 2 entries */, 32768) = 48 [pid 4995] getdents64(4, 0x555556d35880 /* 0 entries */, 32768) = 0 [pid 4995] close(4) = 0 [pid 4995] rmdir("./15/file2") = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 0 entries */, 32768) = 0 [pid 4995] close(3) = 0 [pid 4995] rmdir("./15") = 0 [pid 4995] mkdir("./16", 0777) = 0 [pid 4995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4995] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4995] close(3) = 0 [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5049 attached , child_tidptr=0x555556d2c6d0) = 35 [pid 5049] set_robust_list(0x555556d2c6e0, 24) = 0 [pid 5049] chdir("./16") = 0 [pid 5049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5049] setpgid(0, 0) = 0 [pid 5049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5049] write(3, "1000", 4) = 4 [pid 5049] close(3) = 0 [pid 5049] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5049] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f025bada000 [pid 5049] mprotect(0x7f025badb000, 131072, PROT_READ|PROT_WRITE) = 0 [ 72.148386][ T4995] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 72.155728][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 72.164620][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 72.173488][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5049] clone(child_stack=0x7f025bafa2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[36], tls=0x7f025bafa700, child_tidptr=0x7f025bafa9d0) = 36 ./strace-static-x86_64: Process 5050 attached [pid 5049] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] set_robust_list(0x7f025bafa9e0, 24) = 0 [pid 5049] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5050] memfd_create("syzkaller", 0) = 3 [pid 5050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02536da000 [pid 5050] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5050] munmap(0x7f02536da000, 1048576) = 0 [pid 5050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5050] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5050] close(3) = 0 [pid 5050] mkdir("./file2", 0777) = 0 [pid 5050] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5050] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5050] chdir("./file2") = 0 [pid 5050] ioctl(4, LOOP_CLR_FD) = 0 [pid 5050] close(4) = 0 [pid 5050] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... futex resumed>) = 1 [pid 5050] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5050] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... futex resumed>) = 1 [pid 5050] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5050] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... futex resumed>) = 1 [pid 5050] ftruncate(5, 33587199) = 0 [pid 5050] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... futex resumed>) = 1 [ 72.259853][ T5050] loop0: detected capacity change from 0 to 2048 [ 72.277004][ T5051] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5050] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5050] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... futex resumed>) = 1 [pid 5050] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5050] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... futex resumed>) = 1 [pid 5050] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5050] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... futex resumed>) = 1 [pid 5050] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5050] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] <... futex resumed>) = 0 [pid 5050] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] close(3) = 0 [pid 5049] close(4) = 0 [pid 5049] close(5) = 0 [pid 5049] close(6) = -1 EBADF (Bad file descriptor) [pid 5049] close(7) = -1 EBADF (Bad file descriptor) [pid 5049] close(8) = -1 EBADF (Bad file descriptor) [pid 5049] close(9) = -1 EBADF (Bad file descriptor) [pid 5049] close(10) = -1 EBADF (Bad file descriptor) [pid 5049] close(11) = -1 EBADF (Bad file descriptor) [pid 5049] close(12) = -1 EBADF (Bad file descriptor) [pid 5049] close(13) = -1 EBADF (Bad file descriptor) [pid 5049] close(14) = -1 EBADF (Bad file descriptor) [pid 5049] close(15) = -1 EBADF (Bad file descriptor) [pid 5049] close(16) = -1 EBADF (Bad file descriptor) [pid 5049] close(17) = -1 EBADF (Bad file descriptor) [pid 5049] close(18) = -1 EBADF (Bad file descriptor) [pid 5049] close(19) = -1 EBADF (Bad file descriptor) [pid 5049] close(20) = -1 EBADF (Bad file descriptor) [pid 5049] close(21) = -1 EBADF (Bad file descriptor) [pid 5049] close(22) = -1 EBADF (Bad file descriptor) [pid 5049] close(23) = -1 EBADF (Bad file descriptor) [pid 5049] close(24) = -1 EBADF (Bad file descriptor) [pid 5049] close(25) = -1 EBADF (Bad file descriptor) [pid 5049] close(26) = -1 EBADF (Bad file descriptor) [pid 5049] close(27) = -1 EBADF (Bad file descriptor) [pid 5049] close(28) = -1 EBADF (Bad file descriptor) [pid 5049] close(29) = -1 EBADF (Bad file descriptor) [pid 5049] exit_group(0 [pid 5050] <... futex resumed>) = ? [pid 5049] <... exit_group resumed>) = ? [pid 5050] +++ exited with 0 +++ [pid 5049] +++ exited with 0 +++ [pid 4995] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=35, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 4995] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4995] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 4 entries */, 32768) = 112 [pid 4995] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4995] unlink("./16/binderfs") = 0 [ 72.320872][ T5050] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 72.332457][ T5050] Remounting filesystem read-only [ 72.368061][ T4995] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 72.377152][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 72.383971][ T4995] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 72.391472][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 72.401003][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 72.410243][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 72.419789][ T4995] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 72.426728][ T4995] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 72.434139][ T4995] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 72.442140][ T4995] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 72.449611][ T4995] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 72.456998][ T4995] NILFS (loop0): discard dirty page: offset=4096, ino=6 [pid 4995] umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 4995] umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./16/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./16/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4995] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(4, 0x555556d35880 /* 2 entries */, 32768) = 48 [pid 4995] getdents64(4, 0x555556d35880 /* 0 entries */, 32768) = 0 [pid 4995] close(4) = 0 [pid 4995] rmdir("./16/file2") = 0 [pid 4995] getdents64(3, 0x555556d2d840 /* 0 entries */, 32768) = 0 [pid 4995] close(3) = 0 [pid 4995] rmdir("./16") = 0 [pid 4995] mkdir("./17", 0777) = 0 [pid 4995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4995] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4995] close(3) = 0 [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d2c6d0) = 37 ./strace-static-x86_64: Process 5052 attached [pid 5052] set_robust_list(0x555556d2c6e0, 24) = 0 [pid 5052] chdir("./17") = 0 [pid 5052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5052] setpgid(0, 0) = 0 [pid 5052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5052] write(3, "1000", 4) = 4 [pid 5052] close(3) = 0 [pid 5052] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5052] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f025bada000 [pid 5052] mprotect(0x7f025badb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5052] clone(child_stack=0x7f025bafa2f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[38], tls=0x7f025bafa700, child_tidptr=0x7f025bafa9d0) = 38 [pid 5052] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 72.464264][ T4995] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 72.471585][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 72.480493][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 72.489429][ T4995] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5052] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5053 attached [pid 5053] set_robust_list(0x7f025bafa9e0, 24) = 0 [pid 5053] memfd_create("syzkaller", 0) = 3 [pid 5053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02536da000 [pid 5053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5053] munmap(0x7f02536da000, 1048576) = 0 [pid 5053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5053] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5053] close(3) = 0 [pid 5053] mkdir("./file2", 0777) = 0 [pid 5053] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5053] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5053] chdir("./file2") = 0 [pid 5053] ioctl(4, LOOP_CLR_FD) = 0 [pid 5053] close(4) = 0 [pid 5053] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] <... futex resumed>) = 1 [pid 5053] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5053] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] <... futex resumed>) = 1 [pid 5053] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5053] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] <... futex resumed>) = 1 [pid 5053] ftruncate(5, 33587199) = 0 [pid 5053] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] <... futex resumed>) = 1 [ 72.569040][ T5053] loop0: detected capacity change from 0 to 2048 [ 72.584908][ T5054] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 72.604810][ T26] kauditd_printk_skb: 24 callbacks suppressed [pid 5053] sendfile(4, 5, NULL, 281474978811908 [pid 5052] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5052] futex(0x7f025c3d67bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f02537b9000 [pid 5052] mprotect(0x7f02537ba000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5052] clone(child_stack=0x7f02537d92f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[39], tls=0x7f02537d9700, child_tidptr=0x7f02537d99d0) = 39 [pid 5052] futex(0x7f025c3d67b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7f025c3d67bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5055 attached [pid 5055] set_robust_list(0x7f02537d99e0, 24) = 0 [pid 5055] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = 6 [ 72.604826][ T26] audit: type=1800 audit(1683666548.343:36): pid=5053 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor419" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 72.615993][ T5053] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 72.640039][ T26] audit: type=1800 audit(1683666548.343:37): pid=5053 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor419" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 72.642172][ T5053] Remounting filesystem read-only [pid 5055] futex(0x7f025c3d67bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7f025c3d67b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7f025c3d67bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... futex resumed>) = 1 [pid 5055] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5053] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5053] futex(0x7f025c3d67ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 72.674142][ T26] audit: type=1800 audit(1683666548.413:38): pid=5055 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor419" name="file0" dev="loop0" ino=19 res=0 errno=0 [ 72.684417][ T5055] NILFS (loop0): discard dirty page: offset=0, ino=19 [ 72.701276][ T5055] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 72.708654][ T5055] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5053] futex(0x7f025c3d67a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5052] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5052] futex(0x7f025c3d67a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... futex resumed>) = 0 [pid 5052] <... futex resumed>) = 1 [pid 5055] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5053] write(6, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5052] futex(0x7f025c3d67ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] futex(0x7f025c3d67bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 72.717698][ T5055] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 72.726709][ T5055] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 72.738059][ T5053] NILFS (loop0): nilfs_get_block (ino=19): a race condition while inserting a data block at offset=0 [ 72.749913][ T5053] ------------[ cut here ]------------ [ 72.755516][ T5053] kernel BUG at fs/buffer.c:2741! [ 72.760747][ T5053] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 72.766856][ T5053] CPU: 0 PID: 5053 Comm: syz-executor419 Not tainted 6.4.0-rc1-syzkaller-00011-g1dc3731daf1f #0 [ 72.777370][ T5053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 72.787451][ T5053] RIP: 0010:submit_bh_wbc+0x4c0/0x4e0 [ 72.792850][ T5053] Code: 02 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c be fe ff ff 48 89 ef e8 71 a0 df ff e9 b1 fe ff ff e8 a7 d2 87 ff 0f 0b e8 a0 d2 87 ff <0f> 0b e8 99 d2 87 ff 0f 0b e8 92 d2 87 ff 0f 0b e8 8b d2 87 ff 0f [ 72.812464][ T5053] RSP: 0018:ffffc90003c1f860 EFLAGS: 00010293 [ 72.818633][ T5053] RAX: ffffffff820394a0 RBX: 0000000000000000 RCX: ffff888022e40000 [ 72.826631][ T5053] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 72.834608][ T5053] RBP: ffffc90003c1fa48 R08: ffffffff8203907d R09: ffffed100ea760e9 [ 72.842588][ T5053] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1100ea760e8 [ 72.850565][ T5053] R13: ffff8880753b0740 R14: 0000000000000000 R15: 0000000000000000 [ 72.858544][ T5053] FS: 00007f025bafa700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 72.867478][ T5053] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.874152][ T5053] CR2: 00007f02537d9718 CR3: 000000001f3e4000 CR4: 00000000003506f0 [ 72.882220][ T5053] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 72.890217][ T5053] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.898372][ T5053] Call Trace: [ 72.901655][ T5053] [ 72.904612][ T5053] __block_write_begin_int+0x12c9/0x1a50 [ 72.910280][ T5053] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 72.915678][ T5053] ? PageUptodate+0x290/0x290 [ 72.920361][ T5053] ? folio_test_hugetlb+0xa0/0x1d0 [ 72.925483][ T5053] ? pagecache_get_page+0xeb/0x220 [ 72.930600][ T5053] ? nilfs_inode_sub_blocks+0xe0/0xe0 [ 72.935983][ T5053] block_write_begin+0x9c/0x1f0 [ 72.940845][ T5053] nilfs_write_begin+0xa0/0x110 [ 72.945709][ T5053] generic_perform_write+0x300/0x5e0 [ 72.951006][ T5053] ? generic_file_direct_write+0x460/0x460 [ 72.956822][ T5053] ? generic_file_direct_write+0x40f/0x460 [ 72.962639][ T5053] __generic_file_write_iter+0x29b/0x400 [ 72.968281][ T5053] generic_file_write_iter+0xaf/0x310 [ 72.973663][ T5053] vfs_write+0x790/0xb20 [ 72.977928][ T5053] ? file_end_write+0x250/0x250 [ 72.982797][ T5053] ? mutex_lock_nested+0x1b/0x20 [ 72.987929][ T5053] ? __fdget_pos+0x254/0x2f0 [ 72.992525][ T5053] ? ksys_write+0x7b/0x2c0 [ 72.996976][ T5053] ksys_write+0x1a0/0x2c0 [ 73.001340][ T5053] ? __ia32_sys_read+0x90/0x90 [ 73.006116][ T5053] ? syscall_enter_from_user_mode+0x32/0x230 [ 73.012106][ T5053] ? syscall_enter_from_user_mode+0x8c/0x230 [ 73.018094][ T5053] do_syscall_64+0x41/0xc0 [ 73.022524][ T5053] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 73.028428][ T5053] RIP: 0033:0x7f025c350929 [ 73.032850][ T5053] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 73.052586][ T5053] RSP: 002b:00007f025bafa208 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 73.061006][ T5053] RAX: ffffffffffffffda RBX: 00007f025c3d67a8 RCX: 00007f025c350929 [pid 5055] futex(0x7f025c3d67b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5052] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 73.068983][ T5053] RDX: 00000000000000a0 RSI: 0000000020000380 RDI: 0000000000000006 [ 73.076960][ T5053] RBP: 00007f025c3d67a0 R08: 0000000000000000 R09: 0000000000000000 [ 73.084939][ T5053] R10: 0000000000000098 R11: 0000000000000246 R12: 00007f025c3d67ac [ 73.092917][ T5053] R13: 00007ffee1f5f8ff R14: 00007f025bafa300 R15: 0000000000022000 [ 73.100907][ T5053] [ 73.104450][ T5053] Modules linked in: [ 73.109161][ T5053] ---[ end trace 0000000000000000 ]--- [ 73.114832][ T5053] RIP: 0010:submit_bh_wbc+0x4c0/0x4e0 [ 73.120244][ T5053] Code: 02 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c be fe ff ff 48 89 ef e8 71 a0 df ff e9 b1 fe ff ff e8 a7 d2 87 ff 0f 0b e8 a0 d2 87 ff <0f> 0b e8 99 d2 87 ff 0f 0b e8 92 d2 87 ff 0f 0b e8 8b d2 87 ff 0f [ 73.140105][ T5053] RSP: 0018:ffffc90003c1f860 EFLAGS: 00010293 [ 73.146230][ T5053] RAX: ffffffff820394a0 RBX: 0000000000000000 RCX: ffff888022e40000 [ 73.154270][ T5053] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 73.162264][ T5053] RBP: ffffc90003c1fa48 R08: ffffffff8203907d R09: ffffed100ea760e9 [ 73.170452][ T5053] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1100ea760e8 [ 73.178482][ T5053] R13: ffff8880753b0740 R14: 0000000000000000 R15: 0000000000000000 [ 73.186766][ T5053] FS: 00007f025bafa700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 73.195756][ T5053] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.202375][ T5053] CR2: 00007f025c392060 CR3: 000000001f3e4000 CR4: 00000000003506f0 [ 73.210481][ T5053] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 73.218545][ T5053] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 73.226593][ T5053] Kernel panic - not syncing: Fatal exception [ 73.232903][ T5053] Kernel Offset: disabled [ 73.237240][ T5053] Rebooting in 86400 seconds..