./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2133819280 <...> Warning: Permanently added '10.128.1.134' (ECDSA) to the list of known hosts. execve("./syz-executor2133819280", ["./syz-executor2133819280"], 0x7ffd0ceb0eb0 /* 10 vars */) = 0 brk(NULL) = 0x555556038000 brk(0x555556038c40) = 0x555556038c40 arch_prctl(ARCH_SET_FS, 0x555556038300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555560385d0) = 288 set_robust_list(0x5555560385e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f2bd18376b0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f2bd1837d80}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f2bd1837750, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2bd1837d80}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2133819280", 4096) = 28 brk(0x555556059c40) = 0x555556059c40 brk(0x55555605a000) = 0x55555605a000 mprotect(0x7f2bd18f9000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 288 mkdir("./syzkaller.iOo19Z", 0700) = 0 chmod("./syzkaller.iOo19Z", 0777) = 0 chdir("./syzkaller.iOo19Z") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560385d0) = 290 ./strace-static-x86_64: Process 290 attached [pid 290] set_robust_list(0x5555560385e0, 24) = 0 [pid 290] chdir("./0") = 0 [pid 290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 290] setpgid(0, 0) = 0 [pid 290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 290] write(3, "1000", 4) = 4 [pid 290] close(3) = 0 [pid 290] symlink("/dev/binderfs", "./binderfs") = 0 [pid 290] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 290] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 290] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[291], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 291 [pid 290] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 291 attached [pid 291] set_robust_list(0x7f2bd18269e0, 24) = 0 [pid 291] memfd_create("syzkaller", 0) = 3 [pid 291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 291] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 291] munmap(0x7f2bc9406000, 262144) = 0 [pid 291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 291] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 291] close(3) = 0 [pid 291] mkdir("./file1", 0777) = 0 [ 23.191799][ T24] audit: type=1400 audit(1687684727.050:66): avc: denied { execmem } for pid=288 comm="syz-executor213" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.200818][ T24] audit: type=1400 audit(1687684727.060:67): avc: denied { read write } for pid=288 comm="syz-executor213" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.207260][ T24] audit: type=1400 audit(1687684727.060:68): avc: denied { open } for pid=288 comm="syz-executor213" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 291] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 291] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 291] chdir("./file1") = 0 [pid 291] ioctl(4, LOOP_CLR_FD) = 0 [ 23.224405][ T24] audit: type=1400 audit(1687684727.070:69): avc: denied { ioctl } for pid=288 comm="syz-executor213" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.250726][ T24] audit: type=1400 audit(1687684727.090:70): avc: denied { mounton } for pid=290 comm="syz-executor213" path="/root/syzkaller.iOo19Z/0/file1" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 23.251253][ T291] EXT4-fs (loop0): 1 orphan inode deleted [ 23.280407][ T291] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 291] close(4) = 0 [pid 291] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... futex resumed>) = 1 [pid 291] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 291] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bc9425000 [pid 290] mprotect(0x7f2bc9426000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 290] clone(child_stack=0x7f2bc94453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[295], tls=0x7f2bc9445700, child_tidptr=0x7f2bc94459d0) = 295 [pid 290] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... futex resumed>) = 1 [pid 291] fallocate(4, 0, 35143, 7) = 0 [pid 291] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 291] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 295 attached [pid 295] set_robust_list(0x7f2bc94459e0, 24) = 0 [pid 295] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 295] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... futex resumed>) = 0 [pid 291] sendmmsg(-1, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 291] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... futex resumed>) = 1 [pid 291] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 291] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... futex resumed>) = 0 [pid 290] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 290] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... futex resumed>) = 1 [pid 291] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190 [pid 295] <... futex resumed>) = 1 [pid 295] futex(0x7f2bd18ff7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 291] <... write resumed>) = 262144 [pid 291] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 290] <... futex resumed>) = 0 [pid 290] exit_group(0) = ? [pid 295] <... futex resumed>) = ? [pid 295] +++ exited with 0 +++ [pid 291] <... futex resumed>) = ? [pid 291] +++ exited with 0 +++ [pid 290] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=290, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556039620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 23.289344][ T24] audit: type=1400 audit(1687684727.150:71): avc: denied { mount } for pid=290 comm="syz-executor213" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 23.289353][ T291] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/0/file1 supports timestamps until 2038 (0x7fffffff) [ 23.323041][ T24] audit: type=1400 audit(1687684727.170:72): avc: denied { write } for pid=290 comm="syz-executor213" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 23.344977][ T296] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 23.345107][ T24] audit: type=1400 audit(1687684727.170:73): avc: denied { add_name } for pid=290 comm="syz-executor213" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556041660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556041660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x555556039620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560385d0) = 299 ./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x5555560385e0, 24) = 0 [pid 299] chdir("./1") = 0 [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 299] setpgid(0, 0) = 0 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 299] write(3, "1000", 4) = 4 [pid 299] close(3) = 0 [pid 299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 299] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 299] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 299] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[300], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 300 ./strace-static-x86_64: Process 300 attached [pid 299] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] set_robust_list(0x7f2bd18269e0, 24 [pid 299] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 300] <... set_robust_list resumed>) = 0 [pid 300] memfd_create("syzkaller", 0) = 3 [pid 300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 300] munmap(0x7f2bc9406000, 262144) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 300] close(3) = 0 [pid 300] mkdir("./file1", 0777) = 0 [ 23.378111][ T24] audit: type=1400 audit(1687684727.170:74): avc: denied { create } for pid=290 comm="syz-executor213" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 23.398240][ T24] audit: type=1400 audit(1687684727.170:75): avc: denied { read write open } for pid=290 comm="syz-executor213" path="/root/syzkaller.iOo19Z/0/file1/bus" dev="loop0" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [pid 300] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 300] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 300] chdir("./file1") = 0 [pid 300] ioctl(4, LOOP_CLR_FD) = 0 [pid 300] close(4) = 0 [pid 300] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 300] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] <... futex resumed>) = 0 [pid 299] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 299] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... futex resumed>) = 0 [pid 300] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 300] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = 0 [pid 299] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bc9425000 [pid 299] mprotect(0x7f2bc9426000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 299] clone(child_stack=0x7f2bc94453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[304], tls=0x7f2bc9445700, child_tidptr=0x7f2bc94459d0) = 304 [pid 299] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... futex resumed>) = 1 [pid 300] fallocate(4, 0, 35143, 7) = 0 [pid 300] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 304 attached ) = 0 [pid 304] set_robust_list(0x7f2bc94459e0, 24 [pid 300] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] <... set_robust_list resumed>) = 0 [pid 304] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 304] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = 0 [pid 299] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 299] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... futex resumed>) = 0 [pid 300] sendmmsg(-1, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 300] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = 0 [pid 299] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... futex resumed>) = 1 [pid 300] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 304] <... futex resumed>) = 1 [pid 304] futex(0x7f2bd18ff7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = 0 [pid 299] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... futex resumed>) = 1 [pid 300] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190) = 262144 [pid 300] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 299] <... futex resumed>) = 0 [pid 299] exit_group(0) = ? [pid 300] +++ exited with 0 +++ [pid 304] <... futex resumed>) = ? [pid 304] +++ exited with 0 +++ [pid 299] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=299, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556039620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 23.460085][ T300] EXT4-fs (loop0): 1 orphan inode deleted [ 23.465624][ T300] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.474771][ T300] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/1/file1 supports timestamps until 2038 (0x7fffffff) [ 23.503306][ T296] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556041660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556041660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x555556039620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560385d0) = 305 ./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x5555560385e0, 24) = 0 [pid 305] chdir("./2") = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 305] setpgid(0, 0) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 305] write(3, "1000", 4) = 4 [pid 305] close(3) = 0 [pid 305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 305] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 305] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 305] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[306], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 306 [pid 305] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x7f2bd18269e0, 24) = 0 [pid 306] memfd_create("syzkaller", 0) = 3 [pid 306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 306] munmap(0x7f2bc9406000, 262144) = 0 [pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 306] close(3) = 0 [pid 306] mkdir("./file1", 0777) = 0 [pid 306] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 306] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 306] chdir("./file1") = 0 [pid 306] ioctl(4, LOOP_CLR_FD) = 0 [pid 306] close(4) = 0 [pid 306] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... futex resumed>) = 1 [pid 306] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 306] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bc9425000 [pid 305] mprotect(0x7f2bc9426000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 305] clone(child_stack=0x7f2bc94453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[310], tls=0x7f2bc9445700, child_tidptr=0x7f2bc94459d0) = 310 [pid 305] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... futex resumed>) = 1 [pid 306] fallocate(4, 0, 35143, 7) = 0 [pid 306] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 310 attached [pid 310] set_robust_list(0x7f2bc94459e0, 24) = 0 [pid 310] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 310] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 305] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... futex resumed>) = 0 [pid 306] sendmmsg(-1, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 310] <... futex resumed>) = 1 [pid 306] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 310] futex(0x7f2bd18ff7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 306] <... open resumed>) = 5 [pid 306] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190) = 262144 [pid 306] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 305] <... futex resumed>) = 0 [pid 305] exit_group(0) = ? [pid 310] <... futex resumed>) = ? [pid 310] +++ exited with 0 +++ [pid 306] +++ exited with 0 +++ [pid 305] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556039620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 [ 23.620407][ T306] EXT4-fs (loop0): 1 orphan inode deleted [ 23.626064][ T306] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.635052][ T306] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/2/file1 supports timestamps until 2038 (0x7fffffff) umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556041660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556041660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x555556039620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560385d0) = 311 ./strace-static-x86_64: Process 311 attached [pid 311] set_robust_list(0x5555560385e0, 24) = 0 [pid 311] chdir("./3") = 0 [pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 311] setpgid(0, 0) = 0 [pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 311] write(3, "1000", 4) = 4 [pid 311] close(3) = 0 [pid 311] symlink("/dev/binderfs", "./binderfs") = 0 [pid 311] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 311] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 311] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[312], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 312 [pid 311] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 312 attached [pid 312] set_robust_list(0x7f2bd18269e0, 24) = 0 [pid 312] memfd_create("syzkaller", 0) = 3 [pid 312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 312] munmap(0x7f2bc9406000, 262144) = 0 [pid 312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 312] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 312] close(3) = 0 [pid 312] mkdir("./file1", 0777) = 0 [ 23.665643][ T296] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 312] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 312] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 312] chdir("./file1") = 0 [pid 312] ioctl(4, LOOP_CLR_FD) = 0 [pid 312] close(4) = 0 [pid 312] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... futex resumed>) = 0 [pid 311] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] <... futex resumed>) = 1 [pid 311] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 312] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 311] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 311] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bc9425000 [pid 311] mprotect(0x7f2bc9426000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 311] clone(child_stack=0x7f2bc94453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[316], tls=0x7f2bc9445700, child_tidptr=0x7f2bc94459d0) = 316 [pid 311] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] <... futex resumed>) = 0 [pid 312] fallocate(4, 0, 35143, 7) = 0 [pid 312] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 316 attached [pid 316] set_robust_list(0x7f2bc94459e0, 24) = 0 [pid 316] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 316] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 311] <... futex resumed>) = 0 [pid 316] futex(0x7f2bd18ff7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 311] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... futex resumed>) = 0 [pid 311] <... futex resumed>) = 1 [pid 312] sendmmsg(-1, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 312] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 311] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 311] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 311] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] <... futex resumed>) = 0 [pid 312] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 312] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... futex resumed>) = 0 [pid 311] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] <... futex resumed>) = 1 [pid 312] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190) = 262144 [pid 312] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... futex resumed>) = 0 [pid 311] exit_group(0) = ? [pid 312] <... futex resumed>) = ? [pid 312] +++ exited with 0 +++ [pid 316] <... futex resumed>) = ? [pid 316] +++ exited with 0 +++ [pid 311] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=311, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556039620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 23.720275][ T312] EXT4-fs (loop0): 1 orphan inode deleted [ 23.725823][ T312] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.734804][ T312] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/3/file1 supports timestamps until 2038 (0x7fffffff) [ 23.765656][ T296] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556041660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556041660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x555556039620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560385d0) = 317 ./strace-static-x86_64: Process 317 attached [pid 317] set_robust_list(0x5555560385e0, 24) = 0 [pid 317] chdir("./4") = 0 [pid 317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 317] setpgid(0, 0) = 0 [pid 317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 317] write(3, "1000", 4) = 4 [pid 317] close(3) = 0 [pid 317] symlink("/dev/binderfs", "./binderfs") = 0 [pid 317] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 317] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 317] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[318], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 318 [pid 317] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 317] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 318 attached [pid 318] set_robust_list(0x7f2bd18269e0, 24) = 0 [pid 318] memfd_create("syzkaller", 0) = 3 [pid 318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 318] munmap(0x7f2bc9406000, 262144) = 0 [pid 318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 318] close(3) = 0 [pid 318] mkdir("./file1", 0777) = 0 [pid 318] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 318] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 318] chdir("./file1") = 0 [pid 318] ioctl(4, LOOP_CLR_FD) = 0 [pid 318] close(4) = 0 [pid 318] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] <... futex resumed>) = 0 [pid 317] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 317] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... futex resumed>) = 1 [pid 318] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 318] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] <... futex resumed>) = 0 [pid 318] <... futex resumed>) = 1 [pid 317] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] fallocate(4, 0, 35143, 7 [pid 317] <... futex resumed>) = 0 [pid 318] <... fallocate resumed>) = 0 [pid 318] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 318] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 317] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 317] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... futex resumed>) = 0 [pid 318] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 318] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] <... futex resumed>) = 0 [pid 317] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... futex resumed>) = 1 [pid 317] <... futex resumed>) = 0 [pid 318] sendmmsg(-1, [pid 317] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... sendmmsg resumed>[{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 318] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] <... futex resumed>) = 0 [pid 317] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 317] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... futex resumed>) = 1 [pid 318] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 318] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] <... futex resumed>) = 0 [pid 317] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 317] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... futex resumed>) = 1 [pid 318] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190) = 262144 [pid 318] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] <... futex resumed>) = 0 [pid 318] <... futex resumed>) = 1 [pid 317] exit_group(0) = ? [pid 318] +++ exited with 0 +++ [pid 317] +++ exited with 0 +++ [ 23.870239][ T318] EXT4-fs (loop0): 1 orphan inode deleted [ 23.875780][ T318] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.884753][ T318] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/4/file1 supports timestamps until 2038 (0x7fffffff) --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=317, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556039620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556041660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556041660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x555556039620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560385d0) = 322 ./strace-static-x86_64: Process 322 attached [pid 322] set_robust_list(0x5555560385e0, 24) = 0 [pid 322] chdir("./5") = 0 [pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 322] setpgid(0, 0) = 0 [pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 322] write(3, "1000", 4) = 4 [pid 322] close(3) = 0 [pid 322] symlink("/dev/binderfs", "./binderfs") = 0 [pid 322] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 322] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 322] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[323], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 323 [ 23.914398][ T296] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 322] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 322] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 323 attached [pid 323] set_robust_list(0x7f2bd18269e0, 24) = 0 [pid 323] memfd_create("syzkaller", 0) = 3 [pid 323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 323] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 323] munmap(0x7f2bc9406000, 262144) = 0 [pid 323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 323] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 323] close(3) = 0 [pid 323] mkdir("./file1", 0777) = 0 [pid 323] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 323] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 323] chdir("./file1") = 0 [pid 323] ioctl(4, LOOP_CLR_FD) = 0 [pid 323] close(4) = 0 [pid 323] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] <... futex resumed>) = 0 [pid 322] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 322] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] <... futex resumed>) = 1 [pid 323] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 323] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] <... futex resumed>) = 0 [pid 322] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 322] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bc9425000 [pid 322] mprotect(0x7f2bc9426000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 322] clone(child_stack=0x7f2bc94453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[327], tls=0x7f2bc9445700, child_tidptr=0x7f2bc94459d0) = 327 [pid 322] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 322] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] <... futex resumed>) = 1 [pid 323] fallocate(4, 0, 35143, 7) = 0 [pid 323] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 323] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 327 attached [pid 327] set_robust_list(0x7f2bc94459e0, 24) = 0 [pid 327] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 327] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] <... futex resumed>) = 0 [pid 322] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 322] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] <... futex resumed>) = 0 [pid 323] sendmmsg(-1, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 323] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] <... futex resumed>) = 0 [pid 322] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 322] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] <... futex resumed>) = 1 [pid 323] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 323] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... futex resumed>) = 1 [pid 322] <... futex resumed>) = 0 [pid 322] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7f2bd18ff7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 323] <... futex resumed>) = 1 [pid 322] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190) = 262144 [pid 323] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] <... futex resumed>) = 0 [pid 322] exit_group(0) = ? [pid 323] <... futex resumed>) = ? [pid 323] +++ exited with 0 +++ [pid 327] <... futex resumed>) = ? [pid 327] +++ exited with 0 +++ [pid 322] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=322, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556039620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 [ 24.000370][ T323] EXT4-fs (loop0): 1 orphan inode deleted [ 24.005924][ T323] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 24.015092][ T323] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/5/file1 supports timestamps until 2038 (0x7fffffff) [ 24.053223][ T296] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556041660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556041660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x555556039620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560385d0) = 328 ./strace-static-x86_64: Process 328 attached [pid 328] set_robust_list(0x5555560385e0, 24) = 0 [pid 328] chdir("./6") = 0 [pid 328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 328] setpgid(0, 0) = 0 [pid 328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 328] write(3, "1000", 4) = 4 [pid 328] close(3) = 0 [pid 328] symlink("/dev/binderfs", "./binderfs") = 0 [pid 328] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 328] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 328] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[329], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 329 [pid 328] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 329 attached [pid 329] set_robust_list(0x7f2bd18269e0, 24) = 0 [pid 329] memfd_create("syzkaller", 0) = 3 [pid 329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 329] munmap(0x7f2bc9406000, 262144) = 0 [pid 329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 329] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 329] close(3) = 0 [pid 329] mkdir("./file1", 0777) = 0 [pid 329] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 329] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 329] chdir("./file1") = 0 [pid 329] ioctl(4, LOOP_CLR_FD) = 0 [pid 329] close(4) = 0 [pid 329] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 329] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 328] <... futex resumed>) = 0 [pid 328] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 328] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 329] <... futex resumed>) = 0 [pid 329] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 329] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... futex resumed>) = 0 [pid 328] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bc9425000 [pid 328] mprotect(0x7f2bc9426000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 328] clone(child_stack=0x7f2bc94453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[333], tls=0x7f2bc9445700, child_tidptr=0x7f2bc94459d0) = 333 [pid 328] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 329] <... futex resumed>) = 1 [pid 329] fallocate(4, 0, 35143, 7) = 0 [pid 329] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 333 attached ) = 0 [pid 333] set_robust_list(0x7f2bc94459e0, 24 [pid 329] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 333] <... set_robust_list resumed>) = 0 [pid 333] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 333] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 328] <... futex resumed>) = 0 [pid 328] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 328] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 329] <... futex resumed>) = 0 [pid 333] futex(0x7f2bd18ff7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 329] sendmmsg(-1, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 329] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 328] <... futex resumed>) = 0 [pid 329] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 328] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 329] <... open resumed>) = 5 [pid 329] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 328] <... futex resumed>) = 0 [pid 328] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 329] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190 [pid 328] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 329] <... write resumed>) = 262144 [pid 329] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 328] <... futex resumed>) = 0 [pid 329] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 328] exit_group(0) = ? [pid 333] <... futex resumed>) = ? [pid 333] +++ exited with 0 +++ [pid 329] <... futex resumed>) = ? [pid 329] +++ exited with 0 +++ [pid 328] +++ exited with 0 +++ [ 24.200617][ T329] EXT4-fs (loop0): 1 orphan inode deleted [ 24.206201][ T329] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 24.215274][ T329] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/6/file1 supports timestamps until 2038 (0x7fffffff) --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=328, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556039620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 [ 24.255197][ T296] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556041660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556041660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x555556039620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560385d0) = 334 ./strace-static-x86_64: Process 334 attached [pid 334] set_robust_list(0x5555560385e0, 24) = 0 [pid 334] chdir("./7") = 0 [pid 334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 334] setpgid(0, 0) = 0 [pid 334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 334] write(3, "1000", 4) = 4 [pid 334] close(3) = 0 [pid 334] symlink("/dev/binderfs", "./binderfs") = 0 [pid 334] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 334] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 334] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[335], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 335 [pid 334] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 335 attached [pid 335] set_robust_list(0x7f2bd18269e0, 24) = 0 [pid 335] memfd_create("syzkaller", 0) = 3 [pid 335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 335] munmap(0x7f2bc9406000, 262144) = 0 [pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 335] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 335] close(3) = 0 [pid 335] mkdir("./file1", 0777) = 0 [pid 335] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 335] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 335] chdir("./file1") = 0 [pid 335] ioctl(4, LOOP_CLR_FD) = 0 [pid 335] close(4) = 0 [pid 335] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 335] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 334] <... futex resumed>) = 0 [pid 334] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] <... futex resumed>) = 0 [pid 334] <... futex resumed>) = 1 [pid 335] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 334] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] <... open resumed>) = 4 [pid 335] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] <... futex resumed>) = 0 [pid 334] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] <... futex resumed>) = 1 [pid 334] <... futex resumed>) = 0 [pid 335] fallocate(4, 0, 35143, 7 [pid 334] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] <... fallocate resumed>) = 0 [pid 334] <... futex resumed>) = 0 [pid 335] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 335] <... futex resumed>) = 0 [pid 334] <... mmap resumed>) = 0x7f2bc9425000 [pid 335] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 334] mprotect(0x7f2bc9426000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 334] clone(child_stack=0x7f2bc94453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[339], tls=0x7f2bc9445700, child_tidptr=0x7f2bc94459d0) = 339 [pid 334] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x7f2bc94459e0, 24) = 0 [pid 339] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 339] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] <... futex resumed>) = 0 [pid 334] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] <... futex resumed>) = 0 [pid 334] <... futex resumed>) = 1 [pid 335] sendmmsg(-1, [pid 334] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] <... sendmmsg resumed>[{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 335] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 334] <... futex resumed>) = 0 [pid 335] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 334] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] <... open resumed>) = 5 [pid 334] <... futex resumed>) = 0 [pid 335] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] <... futex resumed>) = 0 [pid 334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 335] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190 [pid 334] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] <... futex resumed>) = 1 [pid 339] futex(0x7f2bd18ff7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 335] <... write resumed>) = 262144 [pid 335] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 334] <... futex resumed>) = 0 [pid 335] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 334] exit_group(0 [pid 339] <... futex resumed>) = ? [pid 335] <... futex resumed>) = ? [pid 334] <... exit_group resumed>) = ? [pid 335] +++ exited with 0 +++ [pid 339] +++ exited with 0 +++ [pid 334] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=334, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556039620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 [ 24.390436][ T335] EXT4-fs (loop0): 1 orphan inode deleted [ 24.396216][ T335] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 24.404967][ T335] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/7/file1 supports timestamps until 2038 (0x7fffffff) [ 24.438664][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556041660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556041660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = 0 getdents64(3, 0x555556039620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560385d0) = 341 ./strace-static-x86_64: Process 341 attached [pid 341] set_robust_list(0x5555560385e0, 24) = 0 [pid 341] chdir("./8") = 0 [pid 341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 341] setpgid(0, 0) = 0 [pid 341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 341] write(3, "1000", 4) = 4 [pid 341] close(3) = 0 [pid 341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 341] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 341] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 341] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[342], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 342 [pid 341] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 341] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 342 attached [pid 342] set_robust_list(0x7f2bd18269e0, 24) = 0 [pid 342] memfd_create("syzkaller", 0) = 3 [pid 342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 342] munmap(0x7f2bc9406000, 262144) = 0 [pid 342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 342] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 342] close(3) = 0 [pid 342] mkdir("./file1", 0777) = 0 [pid 342] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 342] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 342] chdir("./file1") = 0 [pid 342] ioctl(4, LOOP_CLR_FD) = 0 [pid 342] close(4) = 0 [pid 342] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 341] <... futex resumed>) = 0 [pid 341] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 341] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 342] <... futex resumed>) = 1 [pid 342] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 342] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 341] <... futex resumed>) = 0 [pid 341] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 341] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bc9425000 [pid 341] mprotect(0x7f2bc9426000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 341] clone(child_stack=0x7f2bc94453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[346], tls=0x7f2bc9445700, child_tidptr=0x7f2bc94459d0) = 346 [pid 341] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 341] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 342] <... futex resumed>) = 1 [pid 342] fallocate(4, 0, 35143, 7) = 0 [pid 342] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 346 attached [pid 346] set_robust_list(0x7f2bc94459e0, 24) = 0 [pid 346] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 346] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 341] <... futex resumed>) = 0 [pid 341] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 341] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 342] <... futex resumed>) = 0 [pid 342] sendmmsg(-1, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 342] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 341] <... futex resumed>) = 0 [pid 341] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 341] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 342] <... futex resumed>) = 1 [pid 342] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 342] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 341] <... futex resumed>) = 0 [pid 341] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 341] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 342] <... futex resumed>) = 1 [pid 342] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190 [pid 346] <... futex resumed>) = 1 [pid 346] futex(0x7f2bd18ff7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 342] <... write resumed>) = 262144 [pid 342] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 341] <... futex resumed>) = 0 [pid 341] exit_group(0) = ? [pid 342] <... futex resumed>) = ? [pid 342] +++ exited with 0 +++ [pid 346] <... futex resumed>) = ? [pid 346] +++ exited with 0 +++ [pid 341] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=341, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556039620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 24.560261][ T342] EXT4-fs (loop0): 1 orphan inode deleted [ 24.566096][ T342] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 24.575123][ T342] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/8/file1 supports timestamps until 2038 (0x7fffffff) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 [ 24.607279][ T296] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556041660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556041660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = 0 getdents64(3, 0x555556039620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560385d0) = 347 ./strace-static-x86_64: Process 347 attached [pid 347] set_robust_list(0x5555560385e0, 24) = 0 [pid 347] chdir("./9") = 0 [pid 347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 347] setpgid(0, 0) = 0 [pid 347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 347] write(3, "1000", 4) = 4 [pid 347] close(3) = 0 [pid 347] symlink("/dev/binderfs", "./binderfs") = 0 [pid 347] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 347] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 347] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[348], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 348 [pid 347] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 347] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 348 attached [pid 348] set_robust_list(0x7f2bd18269e0, 24) = 0 [pid 348] memfd_create("syzkaller", 0) = 3 [pid 348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 348] munmap(0x7f2bc9406000, 262144) = 0 [pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 348] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 348] close(3) = 0 [pid 348] mkdir("./file1", 0777) = 0 [pid 348] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 348] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 348] chdir("./file1") = 0 [pid 348] ioctl(4, LOOP_CLR_FD) = 0 [pid 348] close(4) = 0 [pid 348] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 347] <... futex resumed>) = 0 [pid 347] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 347] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 348] <... futex resumed>) = 1 [pid 348] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 348] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 347] <... futex resumed>) = 0 [pid 347] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 347] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bc9425000 [pid 347] mprotect(0x7f2bc9426000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 347] clone(child_stack=0x7f2bc94453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[352], tls=0x7f2bc9445700, child_tidptr=0x7f2bc94459d0) = 352 [pid 347] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 347] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 348] <... futex resumed>) = 1 [pid 348] fallocate(4, 0, 35143, 7) = 0 [pid 348] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 348] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 352 attached [pid 352] set_robust_list(0x7f2bc94459e0, 24) = 0 [pid 352] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 352] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 347] <... futex resumed>) = 0 [pid 347] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 347] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 348] <... futex resumed>) = 0 [pid 348] sendmmsg(-1, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 348] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 347] <... futex resumed>) = 0 [pid 347] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 347] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 348] <... futex resumed>) = 1 [pid 348] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 348] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 347] <... futex resumed>) = 0 [pid 347] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 347] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 348] <... futex resumed>) = 1 [pid 348] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190 [pid 352] <... futex resumed>) = 1 [pid 352] futex(0x7f2bd18ff7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 348] <... write resumed>) = 262144 [pid 348] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 347] <... futex resumed>) = 0 [pid 347] exit_group(0) = ? [pid 348] <... futex resumed>) = ? [pid 348] +++ exited with 0 +++ [pid 352] <... futex resumed>) = ? [pid 352] +++ exited with 0 +++ [pid 347] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=347, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556039620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 24.720321][ T348] EXT4-fs (loop0): 1 orphan inode deleted [ 24.725921][ T348] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 24.734841][ T348] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/9/file1 supports timestamps until 2038 (0x7fffffff) unlink("./9/binderfs") = 0 [ 24.768020][ T190] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556041660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556041660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file1") = 0 getdents64(3, 0x555556039620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560385d0) = 353 ./strace-static-x86_64: Process 353 attached [pid 353] set_robust_list(0x5555560385e0, 24) = 0 [pid 353] chdir("./10") = 0 [pid 353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 353] setpgid(0, 0) = 0 [pid 353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 353] write(3, "1000", 4) = 4 [pid 353] close(3) = 0 [pid 353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 353] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 353] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 353] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[354], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 354 [pid 353] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 353] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 354 attached [pid 354] set_robust_list(0x7f2bd18269e0, 24) = 0 [pid 354] memfd_create("syzkaller", 0) = 3 [pid 354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 354] munmap(0x7f2bc9406000, 262144) = 0 [pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 354] close(3) = 0 [pid 354] mkdir("./file1", 0777) = 0 [pid 354] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 354] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 354] chdir("./file1") = 0 [pid 354] ioctl(4, LOOP_CLR_FD) = 0 [pid 354] close(4) = 0 [pid 354] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 354] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 353] <... futex resumed>) = 0 [pid 353] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 353] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 354] <... futex resumed>) = 0 [pid 354] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 354] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 353] <... futex resumed>) = 0 [pid 353] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 353] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bc9425000 [pid 353] mprotect(0x7f2bc9426000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 353] clone(child_stack=0x7f2bc94453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[358], tls=0x7f2bc9445700, child_tidptr=0x7f2bc94459d0) = 358 [pid 353] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 353] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 354] <... futex resumed>) = 1 [pid 354] fallocate(4, 0, 35143, 7) = 0 ./strace-static-x86_64: Process 358 attached [pid 354] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 354] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 358] set_robust_list(0x7f2bc94459e0, 24) = 0 [pid 358] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 358] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 353] <... futex resumed>) = 0 [pid 353] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 353] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 354] <... futex resumed>) = 0 [pid 354] sendmmsg(-1, [pid 358] <... futex resumed>) = 1 [pid 354] <... sendmmsg resumed>[{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 358] futex(0x7f2bd18ff7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 354] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 353] <... futex resumed>) = 0 [pid 353] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 353] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 354] <... futex resumed>) = 1 [pid 354] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 354] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 353] <... futex resumed>) = 0 [pid 353] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 353] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 354] <... futex resumed>) = 1 [pid 354] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190) = 262144 [pid 354] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 353] <... futex resumed>) = 0 [pid 353] exit_group(0) = ? [pid 358] <... futex resumed>) = ? [pid 358] +++ exited with 0 +++ [pid 354] +++ exited with 0 +++ [pid 353] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=353, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556039620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 [ 24.870449][ T354] EXT4-fs (loop0): 1 orphan inode deleted [ 24.876127][ T354] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 24.884997][ T354] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/10/file1 supports timestamps until 2038 (0x7fffffff) [ 24.915985][ T190] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556041660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556041660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = 0 getdents64(3, 0x555556039620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560385d0) = 359 ./strace-static-x86_64: Process 359 attached [pid 359] set_robust_list(0x5555560385e0, 24) = 0 [pid 359] chdir("./11") = 0 [pid 359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 359] setpgid(0, 0) = 0 [pid 359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 359] write(3, "1000", 4) = 4 [pid 359] close(3) = 0 [pid 359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 359] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 359] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 359] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[360], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 360 [pid 359] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 360 attached [pid 360] set_robust_list(0x7f2bd18269e0, 24) = 0 [pid 360] memfd_create("syzkaller", 0) = 3 [pid 360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 360] munmap(0x7f2bc9406000, 262144) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 360] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 360] close(3) = 0 [pid 360] mkdir("./file1", 0777) = 0 [pid 360] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 360] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 360] chdir("./file1") = 0 [pid 360] ioctl(4, LOOP_CLR_FD) = 0 [pid 360] close(4) = 0 [pid 360] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... futex resumed>) = 0 [pid 359] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... futex resumed>) = 1 [pid 360] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 360] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... futex resumed>) = 0 [pid 359] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bc9425000 [pid 359] mprotect(0x7f2bc9426000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 359] clone(child_stack=0x7f2bc94453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[364], tls=0x7f2bc9445700, child_tidptr=0x7f2bc94459d0) = 364 [pid 359] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... futex resumed>) = 1 [pid 360] fallocate(4, 0, 35143, 7) = 0 [pid 360] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 360] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 364 attached [pid 364] set_robust_list(0x7f2bc94459e0, 24) = 0 [pid 364] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 364] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... futex resumed>) = 0 [pid 359] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 359] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... futex resumed>) = 0 [pid 360] sendmmsg(-1, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 360] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 359] <... futex resumed>) = 0 [pid 359] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 364] <... futex resumed>) = 1 [pid 360] <... open resumed>) = 5 [pid 360] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 360] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 364] futex(0x7f2bd18ff7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 359] <... futex resumed>) = 0 [pid 359] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 359] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... futex resumed>) = 0 [pid 360] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190) = 262144 [pid 360] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... futex resumed>) = 0 [pid 359] exit_group(0) = ? [pid 360] <... futex resumed>) = ? [pid 364] <... futex resumed>) = ? [pid 360] +++ exited with 0 +++ [pid 364] +++ exited with 0 +++ [pid 359] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=359, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556039620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 [ 25.030486][ T360] EXT4-fs (loop0): 1 orphan inode deleted [ 25.036063][ T360] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 25.044875][ T360] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/11/file1 supports timestamps until 2038 (0x7fffffff) [ 25.075047][ T190] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556041660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556041660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file1") = 0 getdents64(3, 0x555556039620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560385d0) = 365 ./strace-static-x86_64: Process 365 attached [pid 365] set_robust_list(0x5555560385e0, 24) = 0 [pid 365] chdir("./12") = 0 [pid 365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 365] setpgid(0, 0) = 0 [pid 365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 365] write(3, "1000", 4) = 4 [pid 365] close(3) = 0 [pid 365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 365] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 365] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 365] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[366], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 366 [pid 365] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 366 attached [pid 366] set_robust_list(0x7f2bd18269e0, 24) = 0 [pid 366] memfd_create("syzkaller", 0) = 3 [pid 366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 366] munmap(0x7f2bc9406000, 262144) = 0 [pid 366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 366] close(3) = 0 [pid 366] mkdir("./file1", 0777) = 0 [pid 366] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 366] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 366] chdir("./file1") = 0 [pid 366] ioctl(4, LOOP_CLR_FD) = 0 [pid 366] close(4) = 0 [pid 366] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] <... futex resumed>) = 0 [pid 365] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] <... futex resumed>) = 1 [pid 366] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 366] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] <... futex resumed>) = 0 [pid 365] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bc9425000 [pid 365] mprotect(0x7f2bc9426000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 365] clone(child_stack=0x7f2bc94453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[370], tls=0x7f2bc9445700, child_tidptr=0x7f2bc94459d0) = 370 [pid 365] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] <... futex resumed>) = 1 [pid 366] fallocate(4, 0, 35143, 7) = 0 [pid 366] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 366] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 370 attached [pid 370] set_robust_list(0x7f2bc94459e0, 24) = 0 [pid 370] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 370] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] <... futex resumed>) = 0 [pid 365] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 365] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] <... futex resumed>) = 0 [pid 366] sendmmsg(-1, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 366] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 365] <... futex resumed>) = 0 [pid 365] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 366] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 365] <... futex resumed>) = 0 [pid 365] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190 [pid 370] <... futex resumed>) = 1 [pid 370] futex(0x7f2bd18ff7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 366] <... write resumed>) = 262144 [pid 366] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] <... futex resumed>) = 0 [pid 365] exit_group(0) = ? [pid 370] <... futex resumed>) = ? [pid 366] <... futex resumed>) = ? [pid 366] +++ exited with 0 +++ [pid 370] +++ exited with 0 +++ [pid 365] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=365, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556039620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 [ 25.190246][ T366] EXT4-fs (loop0): 1 orphan inode deleted [ 25.195792][ T366] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 25.204733][ T366] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/12/file1 supports timestamps until 2038 (0x7fffffff) [ 25.236160][ T190] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556041660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556041660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = 0 getdents64(3, 0x555556039620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560385d0) = 371 ./strace-static-x86_64: Process 371 attached [pid 371] set_robust_list(0x5555560385e0, 24) = 0 [pid 371] chdir("./13") = 0 [pid 371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 371] setpgid(0, 0) = 0 [pid 371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 371] write(3, "1000", 4) = 4 [pid 371] close(3) = 0 [pid 371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 371] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 371] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 371] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[372], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 372 [pid 371] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 372 attached [pid 372] set_robust_list(0x7f2bd18269e0, 24) = 0 [pid 372] memfd_create("syzkaller", 0) = 3 [pid 372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 372] munmap(0x7f2bc9406000, 262144) = 0 [pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 372] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 372] close(3) = 0 [pid 372] mkdir("./file1", 0777) = 0 [pid 372] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 372] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 372] chdir("./file1") = 0 [pid 372] ioctl(4, LOOP_CLR_FD) = 0 [pid 372] close(4) = 0 [pid 372] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 372] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 371] <... futex resumed>) = 0 [pid 371] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] <... futex resumed>) = 0 [pid 372] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 372] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] <... futex resumed>) = 0 [pid 371] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bc9425000 [pid 371] mprotect(0x7f2bc9426000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 371] clone(child_stack=0x7f2bc94453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[376], tls=0x7f2bc9445700, child_tidptr=0x7f2bc94459d0) = 376 [pid 371] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] <... futex resumed>) = 1 [pid 372] fallocate(4, 0, 35143, 7) = 0 [pid 372] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 372] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 376 attached [pid 376] set_robust_list(0x7f2bc94459e0, 24) = 0 [pid 376] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 376] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] <... futex resumed>) = 0 [pid 371] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] <... futex resumed>) = 1 [pid 372] <... futex resumed>) = 0 [pid 372] sendmmsg(-1, [pid 376] futex(0x7f2bd18ff7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 372] <... sendmmsg resumed>[{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 372] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] <... futex resumed>) = 0 [pid 371] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] <... futex resumed>) = 1 [pid 372] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 372] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] <... futex resumed>) = 0 [pid 371] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] <... futex resumed>) = 1 [pid 372] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190) = 262144 [pid 372] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] <... futex resumed>) = 0 [pid 371] exit_group(0) = ? [pid 376] <... futex resumed>) = ? [pid 376] +++ exited with 0 +++ [pid 372] <... futex resumed>) = ? [pid 372] +++ exited with 0 +++ [pid 371] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=371, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556039620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 [ 25.360123][ T372] EXT4-fs (loop0): 1 orphan inode deleted [ 25.365675][ T372] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 25.374604][ T372] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/13/file1 supports timestamps until 2038 (0x7fffffff) [ 25.405507][ T190] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556041660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556041660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = 0 getdents64(3, 0x555556039620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560385d0) = 378 ./strace-static-x86_64: Process 378 attached [pid 378] set_robust_list(0x5555560385e0, 24) = 0 [pid 378] chdir("./14") = 0 [pid 378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 378] setpgid(0, 0) = 0 [pid 378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 378] write(3, "1000", 4) = 4 [pid 378] close(3) = 0 [pid 378] symlink("/dev/binderfs", "./binderfs") = 0 [pid 378] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 378] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 378] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[379], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 379 [pid 378] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 378] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 379 attached [pid 379] set_robust_list(0x7f2bd18269e0, 24) = 0 [pid 379] memfd_create("syzkaller", 0) = 3 [pid 379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 379] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 379] munmap(0x7f2bc9406000, 262144) = 0 [pid 379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 379] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 379] close(3) = 0 [pid 379] mkdir("./file1", 0777) = 0 [pid 379] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 379] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 379] chdir("./file1") = 0 [pid 379] ioctl(4, LOOP_CLR_FD) = 0 [pid 379] close(4) = 0 [pid 379] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 378] <... futex resumed>) = 0 [pid 378] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 378] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 379] <... futex resumed>) = 1 [pid 379] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 379] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 378] <... futex resumed>) = 0 [pid 378] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 378] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bc9425000 [pid 378] mprotect(0x7f2bc9426000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 379] <... futex resumed>) = 1 [pid 378] clone(child_stack=0x7f2bc94453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 383 attached [pid 379] fallocate(4, 0, 35143, 7 [pid 378] <... clone resumed>, parent_tid=[383], tls=0x7f2bc9445700, child_tidptr=0x7f2bc94459d0) = 383 [pid 378] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 378] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] set_robust_list(0x7f2bc94459e0, 24) = 0 [pid 383] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 383] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 378] <... futex resumed>) = 0 [pid 378] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 378] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 1 [pid 383] sendmmsg(-1, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 383] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 378] <... futex resumed>) = 0 [pid 378] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 378] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 1 [pid 383] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 383] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 378] <... futex resumed>) = 0 [pid 378] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 378] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 1 [pid 383] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190) = 262144 [pid 383] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 378] <... futex resumed>) = 0 [pid 383] <... futex resumed>) = 1 [ 25.520797][ T379] EXT4-fs (loop0): 1 orphan inode deleted [ 25.526345][ T379] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 25.535273][ T379] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/14/file1 supports timestamps until 2038 (0x7fffffff) [ 25.554761][ T379] EXT4-fs error (device loop0): ext4_map_blocks:602: inode #3: block 9: comm syz-executor213: lblock 0 mapped to illegal pblock 9 (length 1) [ 25.569452][ T379] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm syz-executor213: Invalid inode table block 0 in block_group 0 [ 25.583162][ T379] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5877: Corrupt filesystem [ 25.592824][ T379] EXT4-fs error (device loop0): ext4_dirty_inode:6087: inode #16: comm syz-executor213: mark_inode_dirty error [ 25.604906][ T379] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:437: comm syz-executor213: Invalid block bitmap block 0 in block_group 0 [ 25.618925][ T379] EXT4-fs error (device loop0): ext4_map_blocks:602: inode #3: block 9: comm syz-executor213: lblock 0 mapped to illegal pblock 9 (length 1) [ 25.633454][ T379] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm syz-executor213: Invalid inode table block 0 in block_group 0 [ 25.646605][ T379] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5877: Corrupt filesystem [ 25.656043][ T379] EXT4-fs error (device loop0): ext4_dirty_inode:6087: inode #16: comm syz-executor213: mark_inode_dirty error [pid 383] futex(0x7f2bd18ff7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] <... fallocate resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 379] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 378] exit_group(0 [pid 383] <... futex resumed>) = ? [pid 379] <... futex resumed>) = 230 [pid 378] <... exit_group resumed>) = ? [pid 383] +++ exited with 0 +++ [pid 379] +++ exited with 0 +++ [pid 378] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=378, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556039620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 [ 25.668269][ T379] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm syz-executor213: Invalid inode table block 0 in block_group 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556041660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556041660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = 0 getdents64(3, 0x555556039620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560385d0) = 384 ./strace-static-x86_64: Process 384 attached [pid 384] set_robust_list(0x5555560385e0, 24) = 0 [pid 384] chdir("./15") = 0 [pid 384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 384] setpgid(0, 0) = 0 [pid 384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 384] write(3, "1000", 4) = 4 [pid 384] close(3) = 0 [pid 384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 384] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 384] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 384] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[385], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 385 [pid 384] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 384] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 385 attached [pid 385] set_robust_list(0x7f2bd18269e0, 24) = 0 [pid 385] memfd_create("syzkaller", 0) = 3 [pid 385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 385] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 385] munmap(0x7f2bc9406000, 262144) = 0 [pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 385] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 385] close(3) = 0 [pid 385] mkdir("./file1", 0777) = 0 [pid 385] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 385] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 385] chdir("./file1") = 0 [pid 385] ioctl(4, LOOP_CLR_FD) = 0 [pid 385] close(4) = 0 [pid 385] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 384] <... futex resumed>) = 0 [pid 384] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 384] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 385] <... futex resumed>) = 1 [pid 385] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 385] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 384] <... futex resumed>) = 0 [pid 384] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 384] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bc9425000 [pid 384] mprotect(0x7f2bc9426000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 384] clone(child_stack=0x7f2bc94453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[389], tls=0x7f2bc9445700, child_tidptr=0x7f2bc94459d0) = 389 [pid 384] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 384] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 385] <... futex resumed>) = 1 [pid 385] fallocate(4, 0, 35143, 7./strace-static-x86_64: Process 389 attached ) = 0 [pid 389] set_robust_list(0x7f2bc94459e0, 24) = 0 [pid 389] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 389] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 389] <... futex resumed>) = 1 [pid 384] <... futex resumed>) = 0 [pid 385] <... futex resumed>) = 0 [pid 389] futex(0x7f2bd18ff7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 384] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] sendmmsg(-1, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 384] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 385] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 384] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 384] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 384] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 385] <... futex resumed>) = 0 [pid 385] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 385] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 384] <... futex resumed>) = 0 [pid 384] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 384] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 385] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190) = 262144 [pid 385] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 384] <... futex resumed>) = 0 [pid 384] exit_group(0) = ? [pid 389] <... futex resumed>) = ? [pid 389] +++ exited with 0 +++ [pid 385] <... futex resumed>) = ? [pid 385] +++ exited with 0 +++ [pid 384] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=384, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556039620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 [ 25.840246][ T385] EXT4-fs (loop0): 1 orphan inode deleted [ 25.845902][ T385] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 25.854785][ T385] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/15/file1 supports timestamps until 2038 (0x7fffffff) [ 25.890455][ T190] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556041660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556041660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file1") = 0 getdents64(3, 0x555556039620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560385d0) = 390 ./strace-static-x86_64: Process 390 attached [pid 390] set_robust_list(0x5555560385e0, 24) = 0 [pid 390] chdir("./16") = 0 [pid 390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 390] setpgid(0, 0) = 0 [pid 390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 390] write(3, "1000", 4) = 4 [pid 390] close(3) = 0 [pid 390] symlink("/dev/binderfs", "./binderfs") = 0 [pid 390] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 390] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 390] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[391], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 391 [pid 390] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 391 attached [pid 391] set_robust_list(0x7f2bd18269e0, 24) = 0 [pid 391] memfd_create("syzkaller", 0) = 3 [pid 391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 391] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 391] munmap(0x7f2bc9406000, 262144) = 0 [pid 391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 391] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 391] close(3) = 0 [pid 391] mkdir("./file1", 0777) = 0 [pid 391] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 391] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 391] chdir("./file1") = 0 [pid 391] ioctl(4, LOOP_CLR_FD) = 0 [pid 391] close(4) = 0 [pid 391] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = 0 [pid 390] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 391] <... futex resumed>) = 1 [pid 391] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 391] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = 0 [pid 391] <... futex resumed>) = 1 [pid 390] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] fallocate(4, 0, 35143, 7) = 0 [pid 391] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 390] <... futex resumed>) = 1 [pid 390] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 391] <... futex resumed>) = 0 [pid 391] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 391] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = 0 [pid 390] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 391] <... futex resumed>) = 1 [pid 391] sendmmsg(-1, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 391] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = 0 [pid 390] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 391] <... futex resumed>) = 1 [pid 391] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 391] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = 0 [pid 390] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 391] <... futex resumed>) = 1 [pid 391] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190) = 262144 [pid 391] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = 0 [pid 390] exit_group(0) = ? [pid 391] <... futex resumed>) = ? [pid 391] +++ exited with 0 +++ [pid 390] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=390, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556039620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 26.000594][ T391] EXT4-fs (loop0): 1 orphan inode deleted [ 26.006150][ T391] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 26.015424][ T391] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/16/file1 supports timestamps until 2038 (0x7fffffff) unlink("./16/binderfs") = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556041660 /* 2 entries */, 32768) = 48 [ 26.042331][ T190] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 getdents64(4, 0x555556041660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file1") = 0 getdents64(3, 0x555556039620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560385d0) = 395 ./strace-static-x86_64: Process 395 attached [pid 395] set_robust_list(0x5555560385e0, 24) = 0 [pid 395] chdir("./17") = 0 [pid 395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 395] setpgid(0, 0) = 0 [pid 395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 395] write(3, "1000", 4) = 4 [pid 395] close(3) = 0 [pid 395] symlink("/dev/binderfs", "./binderfs") = 0 [pid 395] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 395] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 395] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[396], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 396 [pid 395] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 396 attached [pid 396] set_robust_list(0x7f2bd18269e0, 24) = 0 [pid 396] memfd_create("syzkaller", 0) = 3 [pid 396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 396] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 396] munmap(0x7f2bc9406000, 262144) = 0 [pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 396] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 396] close(3) = 0 [pid 396] mkdir("./file1", 0777) = 0 [pid 396] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 396] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 396] chdir("./file1") = 0 [pid 396] ioctl(4, LOOP_CLR_FD) = 0 [pid 396] close(4) = 0 [pid 396] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] <... futex resumed>) = 1 [pid 396] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 396] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bc9425000 [pid 395] mprotect(0x7f2bc9426000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 395] clone(child_stack=0x7f2bc94453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[400], tls=0x7f2bc9445700, child_tidptr=0x7f2bc94459d0) = 400 [pid 395] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] <... futex resumed>) = 1 [pid 396] fallocate(4, 0, 35143, 7) = 0 [pid 396] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 400 attached [pid 400] set_robust_list(0x7f2bc94459e0, 24) = 0 [pid 400] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 400] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 395] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] <... futex resumed>) = 0 [pid 396] sendmmsg(-1, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 396] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] <... futex resumed>) = 1 [pid 396] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 396] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] <... futex resumed>) = 1 [pid 400] <... futex resumed>) = 1 [pid 396] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190 [pid 400] futex(0x7f2bd18ff7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 396] <... write resumed>) = 262144 [pid 396] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 395] <... futex resumed>) = 0 [pid 396] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 395] exit_group(0) = ? [pid 400] <... futex resumed>) = ? [pid 396] <... futex resumed>) = ? [pid 400] +++ exited with 0 +++ [pid 396] +++ exited with 0 +++ [pid 395] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=395, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556039620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 [ 26.120673][ T396] EXT4-fs (loop0): 1 orphan inode deleted [ 26.126478][ T396] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 26.135453][ T396] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/17/file1 supports timestamps until 2038 (0x7fffffff) [ 26.173388][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556041660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556041660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = 0 getdents64(3, 0x555556039620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560385d0) = 401 ./strace-static-x86_64: Process 401 attached [pid 401] set_robust_list(0x5555560385e0, 24) = 0 [pid 401] chdir("./18") = 0 [pid 401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 401] setpgid(0, 0) = 0 [pid 401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 401] write(3, "1000", 4) = 4 [pid 401] close(3) = 0 [pid 401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 401] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 401] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 401] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[402], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 402 [pid 401] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 402 attached [pid 402] set_robust_list(0x7f2bd18269e0, 24) = 0 [pid 402] memfd_create("syzkaller", 0) = 3 [pid 402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 402] munmap(0x7f2bc9406000, 262144) = 0 [pid 402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 402] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 402] close(3) = 0 [pid 402] mkdir("./file1", 0777) = 0 [pid 402] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 402] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 402] chdir("./file1") = 0 [pid 402] ioctl(4, LOOP_CLR_FD) = 0 [pid 402] close(4) = 0 [pid 402] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] <... futex resumed>) = 1 [pid 402] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 402] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bc9425000 [pid 401] mprotect(0x7f2bc9426000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 401] clone(child_stack=0x7f2bc94453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[406], tls=0x7f2bc9445700, child_tidptr=0x7f2bc94459d0) = 406 [pid 401] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] <... futex resumed>) = 1 [pid 402] fallocate(4, 0, 35143, 7) = 0 [pid 402] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 406 attached [pid 406] set_robust_list(0x7f2bc94459e0, 24) = 0 [pid 406] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 406] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 401] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... futex resumed>) = 1 [pid 406] futex(0x7f2bd18ff7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 402] <... futex resumed>) = 0 [pid 402] sendmmsg(-1, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 402] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] <... futex resumed>) = 1 [pid 402] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 402] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] <... futex resumed>) = 1 [pid 402] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190) = 262144 [pid 402] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 401] <... futex resumed>) = 0 [pid 401] exit_group(0) = ? [pid 406] <... futex resumed>) = ? [pid 406] +++ exited with 0 +++ [pid 402] <... futex resumed>) = ? [pid 402] +++ exited with 0 +++ [pid 401] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=401, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556039620 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 [ 26.270277][ T402] EXT4-fs (loop0): 1 orphan inode deleted [ 26.276044][ T402] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 26.285015][ T402] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/18/file1 supports timestamps until 2038 (0x7fffffff) [ 26.312165][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556041660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556041660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file1") = 0 getdents64(3, 0x555556039620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560385d0) = 407 ./strace-static-x86_64: Process 407 attached [pid 407] set_robust_list(0x5555560385e0, 24) = 0 [pid 407] chdir("./19") = 0 [pid 407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 407] setpgid(0, 0) = 0 [pid 407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 407] write(3, "1000", 4) = 4 [pid 407] close(3) = 0 [pid 407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 407] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 407] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 407] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[408], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 408 [pid 407] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 408 attached [pid 408] set_robust_list(0x7f2bd18269e0, 24) = 0 [pid 408] memfd_create("syzkaller", 0) = 3 [pid 408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 408] munmap(0x7f2bc9406000, 262144) = 0 [pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 408] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 408] close(3) = 0 [pid 408] mkdir("./file1", 0777) = 0 [pid 408] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 408] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 408] chdir("./file1") = 0 [pid 408] ioctl(4, LOOP_CLR_FD) = 0 [pid 408] close(4) = 0 [pid 408] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = 1 [pid 408] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 408] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bc9425000 [pid 407] mprotect(0x7f2bc9426000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 407] clone(child_stack=0x7f2bc94453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[413], tls=0x7f2bc9445700, child_tidptr=0x7f2bc94459d0) = 413 [pid 407] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = 1 [pid 408] fallocate(4, 0, 35143, 7) = 0 [pid 408] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 413 attached [pid 413] set_robust_list(0x7f2bc94459e0, 24) = 0 [pid 413] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 413] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 407] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = 0 [pid 408] sendmmsg(-1, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 413] <... futex resumed>) = 1 [pid 408] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = 1 [pid 408] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 408] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = 1 [pid 408] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190 [pid 413] futex(0x7f2bd18ff7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 408] <... write resumed>) = 262144 [pid 408] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 407] <... futex resumed>) = 0 [pid 408] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] exit_group(0) = ? [pid 413] <... futex resumed>) = ? [pid 408] <... futex resumed>) = ? [pid 408] +++ exited with 0 +++ [pid 413] +++ exited with 0 +++ [pid 407] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=407, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556039620 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 [ 26.430965][ T408] EXT4-fs (loop0): 1 orphan inode deleted [ 26.436636][ T408] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 26.445630][ T408] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/19/file1 supports timestamps until 2038 (0x7fffffff) [ 26.478520][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556041660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556041660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file1") = 0 getdents64(3, 0x555556039620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560385d0) = 414 ./strace-static-x86_64: Process 414 attached [pid 414] set_robust_list(0x5555560385e0, 24) = 0 [pid 414] chdir("./20") = 0 [pid 414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 414] setpgid(0, 0) = 0 [pid 414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 414] write(3, "1000", 4) = 4 [pid 414] close(3) = 0 [pid 414] symlink("/dev/binderfs", "./binderfs") = 0 [pid 414] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 414] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 414] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[415], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 415 [pid 414] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 415 attached [pid 415] set_robust_list(0x7f2bd18269e0, 24) = 0 [pid 415] memfd_create("syzkaller", 0) = 3 [pid 415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 415] munmap(0x7f2bc9406000, 262144) = 0 [pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 415] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 415] close(3) = 0 [pid 415] mkdir("./file1", 0777) = 0 [pid 415] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 415] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 415] chdir("./file1") = 0 [pid 415] ioctl(4, LOOP_CLR_FD) = 0 [pid 415] close(4) = 0 [pid 415] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 415] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... futex resumed>) = 0 [pid 415] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 415] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bc9425000 [pid 414] mprotect(0x7f2bc9426000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 414] clone(child_stack=0x7f2bc94453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[419], tls=0x7f2bc9445700, child_tidptr=0x7f2bc94459d0) = 419 [pid 414] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] fallocate(4, 0, 35143, 7./strace-static-x86_64: Process 419 attached ) = 0 [pid 415] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 419] set_robust_list(0x7f2bc94459e0, 24) = 0 [pid 419] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 419] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... futex resumed>) = 0 [pid 419] <... futex resumed>) = 1 [pid 415] sendmmsg(-1, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 415] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 415] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 419] futex(0x7f2bd18ff7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... futex resumed>) = 0 [pid 415] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 415] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... futex resumed>) = 1 [pid 415] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190) = 262144 [pid 415] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 414] <... futex resumed>) = 0 [pid 414] exit_group(0) = ? [pid 419] <... futex resumed>) = ? [pid 419] +++ exited with 0 +++ [pid 415] <... futex resumed>) = ? [pid 415] +++ exited with 0 +++ [pid 414] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=414, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556039620 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 [ 26.600596][ T415] EXT4-fs (loop0): 1 orphan inode deleted [ 26.606202][ T415] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 26.615201][ T415] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/20/file1 supports timestamps until 2038 (0x7fffffff) [ 26.644236][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556041660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556041660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = 0 getdents64(3, 0x555556039620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560385d0) = 420 ./strace-static-x86_64: Process 420 attached [pid 420] set_robust_list(0x5555560385e0, 24) = 0 [pid 420] chdir("./21") = 0 [pid 420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 420] setpgid(0, 0) = 0 [pid 420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 420] write(3, "1000", 4) = 4 [pid 420] close(3) = 0 [pid 420] symlink("/dev/binderfs", "./binderfs") = 0 [pid 420] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 420] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 420] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[421], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 421 [pid 420] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 421 attached [pid 421] set_robust_list(0x7f2bd18269e0, 24) = 0 [pid 421] memfd_create("syzkaller", 0) = 3 [pid 421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 421] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 421] munmap(0x7f2bc9406000, 262144) = 0 [pid 421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 421] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 421] close(3) = 0 [pid 421] mkdir("./file1", 0777) = 0 [pid 421] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 421] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 421] chdir("./file1") = 0 [pid 421] ioctl(4, LOOP_CLR_FD) = 0 [pid 421] close(4) = 0 [pid 421] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 1 [pid 421] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 421] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bc9425000 [pid 420] mprotect(0x7f2bc9426000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 420] clone(child_stack=0x7f2bc94453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[425], tls=0x7f2bc9445700, child_tidptr=0x7f2bc94459d0) = 425 [pid 420] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 1 [pid 421] fallocate(4, 0, 35143, 7) = 0 ./strace-static-x86_64: Process 425 attached [pid 421] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] set_robust_list(0x7f2bc94459e0, 24 [pid 421] <... futex resumed>) = 0 [pid 425] <... set_robust_list resumed>) = 0 [pid 425] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 421] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 425] <... mount resumed>) = 0 [pid 425] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 425] futex(0x7f2bd18ff7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 0 [pid 421] sendmmsg(-1, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 421] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 1 [pid 421] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 421] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 1 [pid 421] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190) = 262144 [pid 421] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... futex resumed>) = 0 [pid 420] exit_group(0) = ? [pid 425] <... futex resumed>) = ? [pid 425] +++ exited with 0 +++ [pid 421] <... futex resumed>) = ? [pid 421] +++ exited with 0 +++ [pid 420] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=420, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556039620 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 [ 26.760664][ T421] EXT4-fs (loop0): 1 orphan inode deleted [ 26.766255][ T421] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 26.775289][ T421] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/21/file1 supports timestamps until 2038 (0x7fffffff) umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556041660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556041660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file1") = 0 getdents64(3, 0x555556039620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 426 attached , child_tidptr=0x5555560385d0) = 426 [pid 426] set_robust_list(0x5555560385e0, 24) = 0 [pid 426] chdir("./22") = 0 [pid 426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 426] setpgid(0, 0) = 0 [pid 426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 426] write(3, "1000", 4) = 4 [pid 426] close(3) = 0 [pid 426] symlink("/dev/binderfs", "./binderfs") = 0 [pid 426] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 426] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 426] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[427], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 427 [pid 426] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 427 attached [pid 426] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 427] set_robust_list(0x7f2bd18269e0, 24) = 0 [pid 427] memfd_create("syzkaller", 0) = 3 [pid 427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 427] munmap(0x7f2bc9406000, 262144) = 0 [pid 427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 427] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 427] close(3) = 0 [pid 427] mkdir("./file1", 0777) = 0 [ 26.806845][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 427] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 427] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 427] chdir("./file1") = 0 [pid 427] ioctl(4, LOOP_CLR_FD) = 0 [pid 427] close(4) = 0 [pid 427] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = 0 [pid 426] <... futex resumed>) = 1 [pid 427] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 426] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... open resumed>) = 4 [pid 427] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 426] <... futex resumed>) = 0 [pid 427] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 426] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 426] <... futex resumed>) = 0 [pid 427] fallocate(4, 0, 35143, 7 [pid 426] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... fallocate resumed>) = 0 [pid 426] <... futex resumed>) = 0 [pid 427] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 427] <... futex resumed>) = 0 [pid 426] <... mmap resumed>) = 0x7f2bc9425000 [pid 427] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 426] mprotect(0x7f2bc9426000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 426] clone(child_stack=0x7f2bc94453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[431], tls=0x7f2bc9445700, child_tidptr=0x7f2bc94459d0) = 431 [pid 426] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 431 attached [pid 431] set_robust_list(0x7f2bc94459e0, 24) = 0 [pid 431] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL) = 0 [pid 431] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = 0 [pid 426] <... futex resumed>) = 1 [pid 427] sendmmsg(-1, [pid 426] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... sendmmsg resumed>[{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 427] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 426] <... futex resumed>) = 0 [pid 427] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 426] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... open resumed>) = 5 [pid 426] <... futex resumed>) = 0 [pid 427] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 426] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... futex resumed>) = 0 [pid 426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 427] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190 [pid 426] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 431] <... futex resumed>) = 1 [pid 431] futex(0x7f2bd18ff7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 427] <... write resumed>) = 262144 [pid 427] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 426] <... futex resumed>) = 0 [pid 426] exit_group(0) = ? [pid 427] +++ exited with 0 +++ [pid 431] <... futex resumed>) = ? [pid 431] +++ exited with 0 +++ [pid 426] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=426, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556039620 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 [ 26.870625][ T427] EXT4-fs (loop0): 1 orphan inode deleted [ 26.876225][ T427] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 26.885062][ T427] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/22/file1 supports timestamps until 2038 (0x7fffffff) [ 26.918320][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556041660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556041660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file1") = 0 getdents64(3, 0x555556039620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560385d0) = 432 ./strace-static-x86_64: Process 432 attached [pid 432] set_robust_list(0x5555560385e0, 24) = 0 [pid 432] chdir("./23") = 0 [pid 432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 432] setpgid(0, 0) = 0 [pid 432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 432] write(3, "1000", 4) = 4 [pid 432] close(3) = 0 [pid 432] symlink("/dev/binderfs", "./binderfs") = 0 [pid 432] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 432] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 432] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 433 attached , parent_tid=[433], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 433 [pid 432] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 433] set_robust_list(0x7f2bd18269e0, 24) = 0 [pid 433] memfd_create("syzkaller", 0) = 3 [pid 433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 433] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 433] munmap(0x7f2bc9406000, 262144) = 0 [pid 433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 433] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 433] close(3) = 0 [pid 433] mkdir("./file1", 0777) = 0 [pid 433] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 433] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 433] chdir("./file1") = 0 [pid 433] ioctl(4, LOOP_CLR_FD) = 0 [pid 433] close(4) = 0 [pid 433] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 433] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] <... futex resumed>) = 0 [pid 433] fallocate(4, 0, 35143, 7 [pid 432] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 433] <... fallocate resumed>) = 0 [pid 432] <... futex resumed>) = 0 [pid 433] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 433] <... futex resumed>) = 0 [pid 432] <... mmap resumed>) = 0x7f2bc9425000 [pid 433] futex(0x7f2bd18ff7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 432] mprotect(0x7f2bc9426000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 432] clone(child_stack=0x7f2bc94453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 437 attached [pid 437] set_robust_list(0x7f2bc94459e0, 24) = 0 [pid 437] futex(0x7f2bd18ff7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 432] <... clone resumed>, parent_tid=[437], tls=0x7f2bc9445700, child_tidptr=0x7f2bc94459d0) = 437 [pid 432] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 437] <... futex resumed>) = 0 [pid 432] <... futex resumed>) = 1 [pid 437] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 432] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 437] <... mount resumed>) = 0 [pid 437] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 437] <... futex resumed>) = 1 [pid 433] <... futex resumed>) = 0 [pid 437] futex(0x7f2bd18ff7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] sendmmsg(-1, [{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 433] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] <... futex resumed>) = 1 [pid 433] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 433] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] <... futex resumed>) = 0 [pid 432] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190) = 262144 [pid 433] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] <... futex resumed>) = 0 [pid 432] exit_group(0) = ? [pid 437] <... futex resumed>) = ? [pid 437] +++ exited with 0 +++ [pid 433] +++ exited with 0 +++ [pid 432] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=432, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556039620 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 [ 27.040427][ T433] EXT4-fs (loop0): 1 orphan inode deleted [ 27.046018][ T433] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 27.054789][ T433] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/23/file1 supports timestamps until 2038 (0x7fffffff) umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556041660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556041660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file1") = 0 getdents64(3, 0x555556039620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560385d0) = 438 ./strace-static-x86_64: Process 438 attached [pid 438] set_robust_list(0x5555560385e0, 24) = 0 [pid 438] chdir("./24") = 0 [pid 438] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 438] setpgid(0, 0) = 0 [pid 438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 438] write(3, "1000", 4) = 4 [pid 438] close(3) = 0 [pid 438] symlink("/dev/binderfs", "./binderfs") = 0 [pid 438] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bd1806000 [pid 438] mprotect(0x7f2bd1807000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 438] clone(child_stack=0x7f2bd18263f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[439], tls=0x7f2bd1826700, child_tidptr=0x7f2bd18269d0) = 439 [pid 438] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 438] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 439 attached [pid 439] set_robust_list(0x7f2bd18269e0, 24) = 0 [pid 439] memfd_create("syzkaller", 0) = 3 [pid 439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2bc9406000 [pid 439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 439] munmap(0x7f2bc9406000, 262144) = 0 [pid 439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 439] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 439] close(3) = 0 [pid 439] mkdir("./file1", 0777) = 0 [ 27.089113][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 439] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 439] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 439] chdir("./file1") = 0 [pid 439] ioctl(4, LOOP_CLR_FD) = 0 [pid 439] close(4) = 0 [pid 439] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 438] <... futex resumed>) = 0 [pid 438] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 438] futex(0x7f2bd18ff7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 439] <... futex resumed>) = 1 [pid 439] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 439] futex(0x7f2bd18ff7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 438] <... futex resumed>) = 0 [pid 438] futex(0x7f2bd18ff7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 438] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2bc9425000 [pid 438] mprotect(0x7f2bc9426000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 438] clone(child_stack=0x7f2bc94453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 443 attached [pid 443] set_robust_list(0x7f2bc94459e0, 24 [pid 438] <... clone resumed>, parent_tid=[443], tls=0x7f2bc9445700, child_tidptr=0x7f2bc94459d0) = 443 [pid 443] <... set_robust_list resumed>) = 0 [pid 438] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 443] mount("/dev/loop0", "./bus", NULL, MS_NOEXEC|MS_BIND|MS_SILENT, NULL [pid 438] <... futex resumed>) = 0 [pid 443] <... mount resumed>) = 0 [pid 438] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 443] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 438] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 443] <... futex resumed>) = 0 [pid 438] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 443] sendmmsg(-1, [pid 438] <... futex resumed>) = 0 [pid 443] <... sendmmsg resumed>[{msg_hdr={msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., iov_len=1126}], msg_iovlen=1, msg_controllen=0, msg_flags=0}}], 1, 0) = -1 EBADF (Bad file descriptor) [pid 438] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 443] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 438] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 443] <... futex resumed>) = 0 [pid 438] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 443] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 438] <... futex resumed>) = 0 [pid 443] <... open resumed>) = 5 [pid 438] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 443] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 438] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 443] <... futex resumed>) = 0 [pid 443] write(5, "\x4d\xe8\x34\x8e\x35\xba\x09\x19\x0a\x9f\x07\x04\x5f\xfe\x36\x16\x70\x9a\xca\x5b\x8f\x30\xfa\x6b\x5b\xac\x8b\x0c\x17\xd3\x8b\xe2\x08\x57\xe5\xd4\xfa\x5a\xcc\x08\x0b\xb9\xb5\x8c\xa1\x32\xba\xb6\x7c\x5e\xa0\xc7\x90\x89\xe3\x67\xa3\x73\x4b\xee\x2b\xa6\x2b\x32\x8a\x1d\xae\x20\xf3\x07\x81\x52\x94\xf6\x62\x74\x83\x2f\x6a\x8d\xb4\x59\x64\x93\x47\x02\xeb\x02\x5d\xa3\x4e\x4b\x99\x7a\x4a\x6f\x36\xf2\xbe\x2c"..., 22455190 [pid 438] futex(0x7f2bd18ff7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 438] futex(0x7f2bd18ff7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 439] <... futex resumed>) = 1 [pid 439] fallocate(4, 0, 35143, 7 [pid 443] <... write resumed>) = 262144 [pid 443] futex(0x7f2bd18ff7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 438] <... futex resumed>) = 0 [pid 443] <... futex resumed>) = 1 [ 27.150736][ T439] EXT4-fs (loop0): 1 orphan inode deleted [ 27.156335][ T439] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 27.165079][ T439] ext4 filesystem being mounted at /root/syzkaller.iOo19Z/24/file1 supports timestamps until 2038 (0x7fffffff) [ 27.187492][ T439] EXT4-fs error (device loop0): ext4_map_blocks:602: inode #3: block 9: comm syz-executor213: lblock 0 mapped to illegal pblock 9 (length 1) [ 27.201953][ T439] EXT4-fs error (device loop0): __ext4_get_inode_loc:4436: comm syz-executor213: Invalid inode table block 0 in block_group 0 [ 27.215088][ T439] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5877: Corrupt filesystem [ 27.224551][ T439] EXT4-fs error (device loop0): ext4_dirty_inode:6087: inode #16: comm syz-executor213: mark_inode_dirty error [ 27.236434][ T439] ------------[ cut here ]------------ [ 27.241757][ T439] kernel BUG at fs/ext4/ext4.h:3247! [ 27.246919][ T439] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 27.252810][ T439] CPU: 1 PID: 439 Comm: syz-executor213 Not tainted 5.10.179-syzkaller-00312-g571f442f6752 #0 [ 27.262871][ T439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 27.272791][ T439] RIP: 0010:ext4_mb_find_by_goal+0xe18/0xe50 [ 27.278592][ T439] Code: 24 30 e9 be fb ff ff e8 66 c0 89 ff 48 bb 00 00 00 00 00 fc ff df e9 23 f7 ff ff e8 52 c0 89 ff e9 05 f7 ff ff e8 48 c0 89 ff <0f> 0b e8 21 cf c8 02 e8 3c c0 89 ff 0f 0b e8 35 c0 89 ff 0f 0b e8 [pid 443] futex(0x7f2bd18ff7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 438] exit_group(0 [pid 443] <... futex resumed>) = ? [pid 438] <... exit_group resumed>) = ? [pid 443] +++ exited with 0 +++ [ 27.298021][ T439] RSP: 0018:ffffc90000ed7220 EFLAGS: 00010293 [ 27.304013][ T439] RAX: ffffffff81e0b9e8 RBX: 0000000000000001 RCX: ffff88811bef4f00 [ 27.311821][ T439] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 27.319766][ T439] RBP: ffffc90000ed7330 R08: ffffffff81e0acff R09: ffffed10238c5536 [ 27.327748][ T439] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881063ca3c8 [ 27.335565][ T439] R13: 0000000000000001 R14: 1ffff11020c79479 R15: 1ffff920001dae54 [ 27.343464][ T439] FS: 00007f2bd1826700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 27.352225][ T439] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.358654][ T439] CR2: 00007f2bd18bbe30 CR3: 000000010f17d000 CR4: 00000000003506a0 [ 27.366459][ T439] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.374271][ T439] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.382088][ T439] Call Trace: [ 27.385217][ T439] ? __kasan_slab_alloc+0xb1/0xe0 [ 27.390083][ T439] ? slab_post_alloc_hook+0x61/0x2f0 [ 27.395197][ T439] ? ext4_mb_use_inode_pa+0x510/0x510 [ 27.400403][ T439] ? ext4_fallocate+0x853/0x1cb0 [ 27.405172][ T439] ? vfs_fallocate+0x492/0x570 [ 27.409776][ T439] ? __x64_sys_fallocate+0xc0/0x110 [ 27.414818][ T439] ? do_syscall_64+0x34/0x70 [ 27.419233][ T439] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 27.425138][ T439] ext4_mb_regular_allocator+0x249/0x2030 [ 27.430703][ T439] ? ext4_mb_normalize_request+0x10f0/0x10f0 [ 27.436503][ T439] ? ext4_mb_new_blocks+0xf12/0x4430 [ 27.441631][ T439] ? ext4_mb_new_blocks+0xf12/0x4430 [ 27.446743][ T439] ext4_mb_new_blocks+0xfb1/0x4430 [ 27.451696][ T439] ? __kasan_kmalloc+0x9/0x10 [ 27.456215][ T439] ? __kmalloc+0x1aa/0x330 [ 27.460480][ T439] ? memset+0x35/0x40 [ 27.464284][ T439] ? ext4_mb_pa_callback+0xd0/0xd0 [ 27.469231][ T439] ? ext4_ext_search_right+0x4f5/0x900 [ 27.474517][ T439] ? ext4_inode_to_goal_block+0x2b2/0x3d0 [ 27.480073][ T439] ? ext4_ext_find_goal+0x117/0x200 [ 27.485105][ T439] ext4_ext_map_blocks+0x190e/0x6be0 [ 27.490230][ T439] ? kmem_cache_free+0xa9/0x1e0 [ 27.494912][ T439] ? ____kasan_slab_free+0x12c/0x160 [ 27.500040][ T439] ? __kasan_slab_free+0x11/0x20 [ 27.504833][ T439] ? ext4_ext_release+0x10/0x10 [ 27.509543][ T439] ? kmem_cache_free+0xa9/0x1e0 [ 27.514193][ T439] ? mb_cache_entry_create+0x488/0x750 [ 27.519476][ T439] ? mb_cache_entry_create+0x488/0x750 [ 27.524775][ T439] ? _raw_read_unlock+0x25/0x40 [ 27.529458][ T439] ? ext4_es_lookup_extent+0x33b/0x940 [ 27.534752][ T439] ext4_map_blocks+0xaa7/0x1f00 [ 27.539437][ T439] ? ext4_xattr_security_get+0x32/0x40 [ 27.544732][ T439] ? ext4_issue_zeroout+0x1b0/0x1b0 [ 27.549778][ T439] ? __kasan_check_read+0x11/0x20 [ 27.554640][ T439] ext4_alloc_file_blocks+0x3f4/0xcd0 [ 27.559837][ T439] ? trace_ext4_fallocate_enter+0x160/0x160 [ 27.565565][ T439] ? down_read_killable+0x220/0x220 [ 27.570601][ T439] ext4_fallocate+0x853/0x1cb0 [ 27.575197][ T439] ? avc_policy_seqno+0x1b/0x70 [ 27.579888][ T439] ? ext4_ext_truncate+0x200/0x200 [ 27.584829][ T439] ? fsnotify_perm+0x67/0x4e0 [ 27.589342][ T439] ? security_file_permission+0x7b/0xb0 [ 27.594739][ T439] ? preempt_count_add+0x92/0x1a0 [ 27.599592][ T439] vfs_fallocate+0x492/0x570 [ 27.604016][ T439] __x64_sys_fallocate+0xc0/0x110 [ 27.608872][ T439] do_syscall_64+0x34/0x70 [ 27.613134][ T439] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 27.618853][ T439] RIP: 0033:0x7f2bd187a759 [ 27.623105][ T439] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 27.642551][ T439] RSP: 002b:00007f2bd18262f8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 27.650794][ T439] RAX: ffffffffffffffda RBX: 00007f2bd18ff7a0 RCX: 00007f2bd187a759 [ 27.658615][ T439] RDX: 0000000000008947 RSI: 0000000000000000 RDI: 0000000000000004 [ 27.666410][ T439] RBP: 00007f2bd18cc9e0 R08: 0000000000000000 R09: 0000000000000000 [ 27.674225][ T439] R10: 0000000000000007 R11: 0000000000000246 R12: 00007f2bd18cc578 [ 27.682037][ T439] R13: 0031656c69662f2e R14: 6f6f6c2f7665642f R15: 00007f2bd18ff7a8 [ 27.689847][ T439] Modules linked in: [ 27.693790][ T439] ---[ end trace cde2cac7c9527741 ]--- [ 27.699117][ T439] RIP: 0010:ext4_mb_find_by_goal+0xe18/0xe50 [ 27.704881][ T439] Code: 24 30 e9 be fb ff ff e8 66 c0 89 ff 48 bb 00 00 00 00 00 fc ff df e9 23 f7 ff ff e8 52 c0 89 ff e9 05 f7 ff ff e8 48 c0 89 ff <0f> 0b e8 21 cf c8 02 e8 3c c0 89 ff 0f 0b e8 35 c0 89 ff 0f 0b e8 [ 27.724358][ T439] RSP: 0018:ffffc90000ed7220 EFLAGS: 00010293 [ 27.730276][ T439] RAX: ffffffff81e0b9e8 RBX: 0000000000000001 RCX: ffff88811bef4f00 [ 27.738033][ T439] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 27.745873][ T439] RBP: ffffc90000ed7330 R08: ffffffff81e0acff R09: ffffed10238c5536 [ 27.753673][ T439] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881063ca3c8 [ 27.761508][ T439] R13: 0000000000000001 R14: 1ffff11020c79479 R15: 1ffff920001dae54 [ 27.769295][ T439] FS: 00007f2bd1826700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 27.778058][ T439] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.784519][ T439] CR2: 00007f2bd18bbe30 CR3: 000000010f17d000 CR4: 00000000003506a0 [ 27.792302][ T439] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.800120][ T439] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.807910][ T439] Kernel panic - not syncing: Fatal exception [ 27.813957][ T439] Kernel Offset: disabled [ 27.818087][ T439] Rebooting in 86400 seconds..