./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3337435574 <...> DUID 00:04:dd:0f:a4:e5:cb:b8:04:95:2f:30:92:03:b3:b6:0d:bc forked to background, child pid 4645 [ 36.945551][ T4646] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.964573][ T4646] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.252' (ECDSA) to the list of known hosts. execve("./syz-executor3337435574", ["./syz-executor3337435574"], 0x7ffead2aec20 /* 10 vars */) = 0 brk(NULL) = 0x5555560e2000 brk(0x5555560e2c40) = 0x5555560e2c40 arch_prctl(ARCH_SET_FS, 0x5555560e2300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555560e25d0) = 5070 set_robust_list(0x5555560e25e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f1eae643610, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f1eae643ce0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f1eae6436b0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f1eae643ce0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3337435574", 4096) = 28 brk(0x555556103c40) = 0x555556103c40 brk(0x555556104000) = 0x555556104000 mprotect(0x7f1eae705000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5071 attached , child_tidptr=0x5555560e25d0) = 5071 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5071] set_robust_list(0x5555560e25e0, 24) = 0 ./strace-static-x86_64: Process 5072 attached [pid 5070] <... clone resumed>, child_tidptr=0x5555560e25d0) = 5072 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5072] set_robust_list(0x5555560e25e0, 24 [pid 5071] getpid(./strace-static-x86_64: Process 5073 attached [pid 5072] <... set_robust_list resumed>) = 0 [pid 5071] <... getpid resumed>) = 5071 [pid 5070] <... clone resumed>, child_tidptr=0x5555560e25d0) = 5073 [pid 5072] getpid( [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5072] <... getpid resumed>) = 5072 [pid 5071] mkdir("./syzkaller.zzCyOE", 0700./strace-static-x86_64: Process 5074 attached [pid 5073] set_robust_list(0x5555560e25e0, 24 [pid 5072] mkdir("./syzkaller.150DvK", 0700 [pid 5070] <... clone resumed>, child_tidptr=0x5555560e25d0) = 5074 [pid 5073] <... set_robust_list resumed>) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5074] set_robust_list(0x5555560e25e0, 24) = 0 [pid 5073] getpid( [pid 5070] <... clone resumed>, child_tidptr=0x5555560e25d0) = 5075 [pid 5073] <... getpid resumed>) = 5073 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5073] mkdir("./syzkaller.l97uKM", 0700 [pid 5074] getpid() = 5074 [pid 5070] <... clone resumed>, child_tidptr=0x5555560e25d0) = 5076 [pid 5074] mkdir("./syzkaller.nPbvLT", 0700./strace-static-x86_64: Process 5075 attached ./strace-static-x86_64: Process 5076 attached [pid 5071] <... mkdir resumed>) = 0 [pid 5071] chmod("./syzkaller.zzCyOE", 0777 [pid 5075] set_robust_list(0x5555560e25e0, 24 [pid 5076] set_robust_list(0x5555560e25e0, 24 [pid 5071] <... chmod resumed>) = 0 [pid 5076] <... set_robust_list resumed>) = 0 [pid 5075] <... set_robust_list resumed>) = 0 [pid 5071] chdir("./syzkaller.zzCyOE" [pid 5074] <... mkdir resumed>) = 0 [pid 5072] <... mkdir resumed>) = 0 [pid 5074] chmod("./syzkaller.nPbvLT", 0777 [pid 5073] <... mkdir resumed>) = 0 [pid 5072] chmod("./syzkaller.150DvK", 0777 [pid 5071] <... chdir resumed>) = 0 [pid 5073] chmod("./syzkaller.l97uKM", 0777 [pid 5072] <... chmod resumed>) = 0 [pid 5073] <... chmod resumed>) = 0 [pid 5072] chdir("./syzkaller.150DvK" [pid 5073] chdir("./syzkaller.l97uKM" [pid 5071] mkdir("./0", 0777 [pid 5073] <... chdir resumed>) = 0 [pid 5072] <... chdir resumed>) = 0 [pid 5074] <... chmod resumed>) = 0 [pid 5074] chdir("./syzkaller.nPbvLT" [pid 5071] <... mkdir resumed>) = 0 [pid 5073] mkdir("./0", 0777 [pid 5072] mkdir("./0", 0777 [pid 5074] <... chdir resumed>) = 0 [pid 5076] getpid( [pid 5073] <... mkdir resumed>) = 0 [pid 5076] <... getpid resumed>) = 5076 [pid 5075] getpid( [pid 5073] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5072] <... mkdir resumed>) = 0 [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5076] mkdir("./syzkaller.37SiAZ", 0700 [pid 5075] <... getpid resumed>) = 5075 [pid 5074] mkdir("./0", 0777 [pid 5073] <... openat resumed>) = 3 [pid 5072] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5073] ioctl(3, LOOP_CLR_FD [pid 5075] mkdir("./syzkaller.9Bvr2W", 0700 [pid 5074] <... mkdir resumed>) = 0 [pid 5073] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5072] <... openat resumed>) = 3 [pid 5074] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5075] <... mkdir resumed>) = 0 [pid 5074] <... openat resumed>) = 3 [pid 5073] close(3 [pid 5072] ioctl(3, LOOP_CLR_FD [pid 5074] ioctl(3, LOOP_CLR_FD [pid 5071] <... openat resumed>) = 3 [pid 5074] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5072] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5074] close(3 [pid 5076] <... mkdir resumed>) = 0 [pid 5075] chmod("./syzkaller.9Bvr2W", 0777 [pid 5074] <... close resumed>) = 0 [pid 5073] <... close resumed>) = 0 [pid 5072] close(3 [pid 5071] ioctl(3, LOOP_CLR_FD [pid 5075] <... chmod resumed>) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5072] <... close resumed>) = 0 [pid 5071] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5075] chdir("./syzkaller.9Bvr2W" [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5071] close(3 [pid 5076] chmod("./syzkaller.37SiAZ", 0777 [pid 5075] <... chdir resumed>) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5073] <... clone resumed>, child_tidptr=0x5555560e25d0) = 5077 [pid 5071] <... close resumed>) = 0 [pid 5076] <... chmod resumed>) = 0 [pid 5075] mkdir("./0", 0777 [pid 5072] <... clone resumed>, child_tidptr=0x5555560e25d0) = 5078 [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5079 attached ./strace-static-x86_64: Process 5078 attached ./strace-static-x86_64: Process 5077 attached [pid 5076] chdir("./syzkaller.37SiAZ" [pid 5075] <... mkdir resumed>) = 0 [pid 5079] set_robust_list(0x5555560e25e0, 24 [pid 5078] set_robust_list(0x5555560e25e0, 24 [pid 5077] set_robust_list(0x5555560e25e0, 24 [pid 5076] <... chdir resumed>) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5074] <... clone resumed>, child_tidptr=0x5555560e25d0) = 5079 [pid 5071] <... clone resumed>, child_tidptr=0x5555560e25d0) = 5080 [pid 5079] <... set_robust_list resumed>) = 0 [pid 5078] <... set_robust_list resumed>) = 0 [pid 5077] <... set_robust_list resumed>) = 0 [pid 5076] mkdir("./0", 0777 [pid 5075] <... openat resumed>) = 3 [pid 5079] chdir("./0" [pid 5078] chdir("./0" [pid 5077] chdir("./0" [pid 5076] <... mkdir resumed>) = 0 [pid 5075] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5080 attached [pid 5079] <... chdir resumed>) = 0 [pid 5078] <... chdir resumed>) = 0 [pid 5077] <... chdir resumed>) = 0 [pid 5076] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5075] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5080] set_robust_list(0x5555560e25e0, 24 [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5076] <... openat resumed>) = 3 [pid 5075] close(3 [pid 5080] <... set_robust_list resumed>) = 0 [pid 5079] <... prctl resumed>) = 0 [pid 5078] <... prctl resumed>) = 0 [pid 5077] <... prctl resumed>) = 0 [pid 5076] ioctl(3, LOOP_CLR_FD [pid 5075] <... close resumed>) = 0 [pid 5080] chdir("./0" [pid 5079] setpgid(0, 0 [pid 5078] setpgid(0, 0 [pid 5077] setpgid(0, 0 [pid 5076] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5080] <... chdir resumed>) = 0 [pid 5079] <... setpgid resumed>) = 0 [pid 5078] <... setpgid resumed>) = 0 [pid 5077] <... setpgid resumed>) = 0 [pid 5076] close(3 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5076] <... close resumed>) = 0 [pid 5075] <... clone resumed>, child_tidptr=0x5555560e25d0) = 5081 [pid 5080] <... prctl resumed>) = 0 [pid 5079] <... openat resumed>) = 3 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5076] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5080] setpgid(0, 0 [pid 5079] write(3, "1000", 4 [pid 5078] <... openat resumed>) = 3 [pid 5077] <... openat resumed>) = 3 [pid 5080] <... setpgid resumed>) = 0 [pid 5079] <... write resumed>) = 4 [pid 5078] write(3, "1000", 4 [pid 5077] write(3, "1000", 4 [pid 5076] <... clone resumed>, child_tidptr=0x5555560e25d0) = 5082 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5079] close(3 [pid 5078] <... write resumed>) = 4 [pid 5077] <... write resumed>) = 4 [pid 5078] close(3 [pid 5077] close(3 [pid 5080] <... openat resumed>) = 3 [pid 5079] <... close resumed>) = 0 [pid 5080] write(3, "1000", 4 [pid 5079] symlink("/dev/binderfs", "./binderfs" [pid 5078] <... close resumed>) = 0 [pid 5077] <... close resumed>) = 0 [pid 5080] <... write resumed>) = 4 [pid 5079] <... symlink resumed>) = 0 [pid 5080] close(3 [pid 5079] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] symlink("/dev/binderfs", "./binderfs" [pid 5077] symlink("/dev/binderfs", "./binderfs" [pid 5080] <... close resumed>) = 0 [pid 5079] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5082 attached [pid 5078] <... symlink resumed>) = 0 [pid 5082] set_robust_list(0x5555560e25e0, 24 [pid 5080] symlink("/dev/binderfs", "./binderfs" [pid 5079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5078] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... symlink resumed>) = 0 [pid 5082] <... set_robust_list resumed>) = 0 [pid 5082] chdir("./0" [pid 5080] <... symlink resumed>) = 0 [pid 5078] <... futex resumed>) = 0 [pid 5082] <... chdir resumed>) = 0 [pid 5080] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... mmap resumed>) = 0x7f1eae612000 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5077] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5080] <... futex resumed>) = 0 [pid 5079] mprotect(0x7f1eae613000, 131072, PROT_READ|PROT_WRITE [pid 5078] <... mmap resumed>) = 0x7f1eae612000 [pid 5077] <... futex resumed>) = 0 [pid 5082] <... prctl resumed>) = 0 [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5079] <... mprotect resumed>) = 0 [pid 5078] mprotect(0x7f1eae613000, 131072, PROT_READ|PROT_WRITE [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5082] setpgid(0, 0 [pid 5079] clone(child_stack=0x7f1eae6323f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5078] <... mprotect resumed>) = 0 [pid 5082] <... setpgid resumed>) = 0 [pid 5077] <... mmap resumed>) = 0x7f1eae612000 [pid 5078] clone(child_stack=0x7f1eae6323f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5080] <... mmap resumed>) = 0x7f1eae612000 [pid 5077] mprotect(0x7f1eae613000, 131072, PROT_READ|PROT_WRITE [pid 5082] <... openat resumed>) = 3 [pid 5080] mprotect(0x7f1eae613000, 131072, PROT_READ|PROT_WRITE [pid 5079] <... clone resumed>, parent_tid=[5083], tls=0x7f1eae632700, child_tidptr=0x7f1eae6329d0) = 5083 [pid 5077] <... mprotect resumed>) = 0 [pid 5082] write(3, "1000", 4 [pid 5080] <... mprotect resumed>) = 0 [pid 5079] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... clone resumed>, parent_tid=[5084], tls=0x7f1eae632700, child_tidptr=0x7f1eae6329d0) = 5084 [pid 5077] clone(child_stack=0x7f1eae6323f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5083 attached [pid 5082] <... write resumed>) = 4 [pid 5079] <... futex resumed>) = 0 [pid 5078] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] clone(child_stack=0x7f1eae6323f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5081 attached [pid 5083] set_robust_list(0x7f1eae6329e0, 24 [pid 5082] close(3 [pid 5079] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5078] <... futex resumed>) = 0 [pid 5077] <... clone resumed>, parent_tid=[5085], tls=0x7f1eae632700, child_tidptr=0x7f1eae6329d0) = 5085 [pid 5083] <... set_robust_list resumed>) = 0 [pid 5082] <... close resumed>) = 0 [pid 5078] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5081] set_robust_list(0x5555560e25e0, 24 [pid 5077] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5085 attached [pid 5083] memfd_create("syzkaller", 0 [pid 5082] symlink("/dev/binderfs", "./binderfs" [pid 5081] <... set_robust_list resumed>) = 0 [pid 5080] <... clone resumed>, parent_tid=[5086], tls=0x7f1eae632700, child_tidptr=0x7f1eae6329d0) = 5086 [pid 5077] <... futex resumed>) = 0 [pid 5085] set_robust_list(0x7f1eae6329e0, 24 [pid 5082] <... symlink resumed>) = 0 [pid 5081] chdir("./0" [pid 5080] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5085] <... set_robust_list resumed>) = 0 [pid 5082] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... chdir resumed>) = 0 [pid 5080] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5086 attached ./strace-static-x86_64: Process 5084 attached [pid 5085] memfd_create("syzkaller", 0 [pid 5082] <... futex resumed>) = 0 [pid 5085] <... memfd_create resumed>) = 3 [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5080] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5086] set_robust_list(0x7f1eae6329e0, 24 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5084] set_robust_list(0x7f1eae6329e0, 24 [pid 5082] <... mmap resumed>) = 0x7f1eae612000 [pid 5081] <... prctl resumed>) = 0 [pid 5086] <... set_robust_list resumed>) = 0 [pid 5085] <... mmap resumed>) = 0x7f1ea6212000 [pid 5082] mprotect(0x7f1eae613000, 131072, PROT_READ|PROT_WRITE [pid 5086] memfd_create("syzkaller", 0 [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5084] <... set_robust_list resumed>) = 0 [pid 5082] <... mprotect resumed>) = 0 [pid 5081] setpgid(0, 0 [pid 5082] clone(child_stack=0x7f1eae6323f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5086] <... memfd_create resumed>) = 3 [pid 5084] memfd_create("syzkaller", 0 [pid 5081] <... setpgid resumed>) = 0 [pid 5082] <... clone resumed>, parent_tid=[5088], tls=0x7f1eae632700, child_tidptr=0x7f1eae6329d0) = 5088 [pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5084] <... memfd_create resumed>) = 3 [pid 5082] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5088 attached [pid 5088] set_robust_list(0x7f1eae6329e0, 24 [pid 5086] <... mmap resumed>) = 0x7f1ea6212000 [pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5081] <... openat resumed>) = 3 [pid 5088] <... set_robust_list resumed>) = 0 [pid 5083] <... memfd_create resumed>) = 3 [pid 5088] memfd_create("syzkaller", 0 [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5088] <... memfd_create resumed>) = 3 [pid 5083] <... mmap resumed>) = 0x7f1ea6212000 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5084] <... mmap resumed>) = 0x7f1ea6212000 [pid 5081] write(3, "1000", 4 [pid 5088] <... mmap resumed>) = 0x7f1ea6212000 syzkaller login: [ 60.201505][ T5083] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5083 'syz-executor333' [pid 5081] <... write resumed>) = 4 [pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5081] close(3) = 0 [pid 5081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5081] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1eae612000 [pid 5081] mprotect(0x7f1eae613000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5085] <... write resumed>) = 1048576 [pid 5081] clone(child_stack=0x7f1eae6323f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5089], tls=0x7f1eae632700, child_tidptr=0x7f1eae6329d0) = 5089 [pid 5085] munmap(0x7f1ea6212000, 1048576 [pid 5081] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... munmap resumed>) = 0 [pid 5081] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5089 attached [pid 5085] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5081] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5089] set_robust_list(0x7f1eae6329e0, 24 [pid 5085] <... openat resumed>) = 4 [pid 5086] <... write resumed>) = 1048576 [pid 5085] ioctl(4, LOOP_SET_FD, 3 [pid 5089] <... set_robust_list resumed>) = 0 [pid 5086] munmap(0x7f1ea6212000, 1048576 [pid 5085] <... ioctl resumed>) = 0 [pid 5084] <... write resumed>) = 1048576 [pid 5089] memfd_create("syzkaller", 0 [pid 5086] <... munmap resumed>) = 0 [pid 5084] munmap(0x7f1ea6212000, 1048576 [pid 5089] <... memfd_create resumed>) = 3 [pid 5084] <... munmap resumed>) = 0 [pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5084] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5089] <... mmap resumed>) = 0x7f1ea6212000 [pid 5086] <... openat resumed>) = 4 [pid 5084] <... openat resumed>) = 4 [pid 5083] <... write resumed>) = 1048576 [pid 5088] <... write resumed>) = 1048576 [pid 5088] munmap(0x7f1ea6212000, 1048576 [pid 5083] munmap(0x7f1ea6212000, 1048576) = 0 [pid 5088] <... munmap resumed>) = 0 [pid 5089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5086] ioctl(4, LOOP_SET_FD, 3 [pid 5088] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5084] ioctl(4, LOOP_SET_FD, 3 [pid 5088] <... openat resumed>) = 4 [pid 5083] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5088] ioctl(4, LOOP_SET_FD, 3 [pid 5085] close(3 [pid 5083] <... openat resumed>) = 4 [pid 5085] <... close resumed>) = 0 [pid 5083] ioctl(4, LOOP_SET_FD, 3 [pid 5085] mkdir("./bus", 0777) = 0 [pid 5085] mount("/dev/loop2", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue" [pid 5084] <... ioctl resumed>) = 0 [ 60.295973][ T5085] loop2: detected capacity change from 0 to 2048 [ 60.319755][ T5084] loop1: detected capacity change from 0 to 2048 [ 60.320489][ T5088] loop5: detected capacity change from 0 to 2048 [ 60.327374][ T5086] loop0: detected capacity change from 0 to 2048 [ 60.333755][ T5083] loop3: detected capacity change from 0 to 2048 [pid 5084] close(3 [pid 5089] <... write resumed>) = 1048576 [pid 5086] <... ioctl resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5089] munmap(0x7f1ea6212000, 1048576 [pid 5086] close(3 [pid 5084] mkdir("./bus", 0777 [pid 5086] <... close resumed>) = 0 [pid 5084] <... mkdir resumed>) = 0 [pid 5086] mkdir("./bus", 0777 [pid 5088] <... ioctl resumed>) = 0 [pid 5088] close(3) = 0 [pid 5088] mkdir("./bus", 0777 [pid 5089] <... munmap resumed>) = 0 [pid 5088] <... mkdir resumed>) = 0 [pid 5086] <... mkdir resumed>) = 0 [pid 5084] mount("/dev/loop1", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue" [pid 5088] mount("/dev/loop5", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue" [pid 5089] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5086] mount("/dev/loop0", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue" [pid 5089] <... openat resumed>) = 4 [pid 5089] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5089] close(3) = 0 [pid 5089] mkdir("./bus", 0777 [pid 5083] <... ioctl resumed>) = 0 [pid 5083] close(3) = 0 [pid 5083] mkdir("./bus", 0777 [pid 5089] <... mkdir resumed>) = 0 [pid 5083] <... mkdir resumed>) = 0 [pid 5083] mount("/dev/loop3", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue" [ 60.356652][ T5087] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 60.391160][ T5089] loop4: detected capacity change from 0 to 2048 [ 60.395350][ T5087] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 60.423965][ T5087] Buffer I/O error on dev loop3, logical block 0, async page read [ 60.434071][ T5085] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 60.442073][ T5086] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 60.447519][ T5088] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5089] mount("/dev/loop4", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue" [pid 5085] <... mount resumed>) = 0 [pid 5085] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5085] chdir("./bus") = 0 [pid 5085] ioctl(4, LOOP_CLR_FD) = 0 [pid 5085] close(4) = 0 [pid 5085] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 1 [ 60.470072][ T5085] ext4 filesystem being mounted at /root/syzkaller.l97uKM/0/bus supports timestamps until 2038 (0x7fffffff) [ 60.472473][ T5084] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 60.482609][ T5088] ext4 filesystem being mounted at /root/syzkaller.37SiAZ/0/bus supports timestamps until 2038 (0x7fffffff) [pid 5085] chdir("./file0" [pid 5088] <... mount resumed>) = 0 [pid 5085] <... chdir resumed>) = 0 [pid 5085] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5085] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5077] <... futex resumed>) = 0 [pid 5085] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5077] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5089] <... mount resumed>) = 0 [pid 5088] <... openat resumed>) = 3 [pid 5089] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5088] chdir("./bus" [pid 5085] <... open resumed>) = 4 [ 60.537610][ T5089] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 60.550527][ T5089] ext4 filesystem being mounted at /root/syzkaller.9Bvr2W/0/bus supports timestamps until 2038 (0x7fffffff) [ 60.565153][ T5084] ext4 filesystem being mounted at /root/syzkaller.150DvK/0/bus supports timestamps until 2038 (0x7fffffff) [pid 5089] <... openat resumed>) = 3 [pid 5088] <... chdir resumed>) = 0 [pid 5085] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 1 [pid 5085] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5085] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 1 [pid 5085] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 5085] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 1 [pid 5085] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5085] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 1 [pid 5085] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5089] chdir("./bus" [pid 5088] ioctl(4, LOOP_CLR_FD [pid 5089] <... chdir resumed>) = 0 [pid 5088] <... ioctl resumed>) = 0 [pid 5089] ioctl(4, LOOP_CLR_FD [pid 5088] close(4 [pid 5089] <... ioctl resumed>) = 0 [pid 5088] <... close resumed>) = 0 [pid 5085] <... write resumed>) = 262144 [pid 5085] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 1 [pid 5085] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5086] <... mount resumed>) = 0 [pid 5086] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5086] chdir("./bus") = 0 [pid 5086] ioctl(4, LOOP_CLR_FD) = 0 [pid 5086] close(4) = 0 [pid 5086] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 0 [pid 5080] <... futex resumed>) = 1 [pid 5086] chdir("./file0" [pid 5089] close(4 [pid 5088] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... chdir resumed>) = 0 [pid 5089] <... close resumed>) = 0 [pid 5088] <... futex resumed>) = 1 [pid 5086] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5089] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] <... futex resumed>) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5089] <... futex resumed>) = 1 [pid 5086] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... futex resumed>) = 0 [pid 5080] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5081] <... futex resumed>) = 0 [pid 5080] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] chdir("./file0" [pid 5081] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5082] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... chdir resumed>) = 0 [pid 5088] <... futex resumed>) = 0 [pid 5088] chdir("./file0" [pid 5089] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... open resumed>) = 4 [pid 5089] <... futex resumed>) = 1 [pid 5088] <... chdir resumed>) = 0 [pid 5089] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5088] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 1 [pid 5082] <... futex resumed>) = 0 [pid 5081] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5088] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 1 [pid 5080] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] <... futex resumed>) = 0 [pid 5081] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] <... futex resumed>) = 0 [pid 5089] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5088] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5086] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5082] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... mount resumed>) = 0 [pid 5086] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5088] <... open resumed>) = 4 [pid 5080] <... futex resumed>) = 0 [pid 5086] <... open resumed>) = 5 [pid 5080] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5089] <... open resumed>) = 4 [pid 5080] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 0 [ 60.569996][ T5086] ext4 filesystem being mounted at /root/syzkaller.zzCyOE/0/bus supports timestamps until 2038 (0x7fffffff) [ 60.577509][ T27] audit: type=1800 audit(1679291859.179:2): pid=5085 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 60.625155][ T5083] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5089] <... futex resumed>) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = 1 [pid 5086] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5082] <... futex resumed>) = 0 [pid 5080] <... futex resumed>) = 0 [pid 5077] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5089] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] <... openat resumed>) = 6 [pid 5082] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5088] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 0 [pid 5080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5089] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 5088] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5086] <... futex resumed>) = 0 [pid 5082] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... mount resumed>) = 0 [pid 5086] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5089] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... mount resumed>) = 0 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... futex resumed>) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5089] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5088] <... futex resumed>) = 1 [pid 5082] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 0 [pid 5089] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5088] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5082] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... open resumed>) = 5 [pid 5088] <... open resumed>) = 5 [pid 5082] <... futex resumed>) = 0 [pid 5089] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] <... futex resumed>) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5082] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 0 [pid 5089] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5081] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] <... futex resumed>) = 0 [pid 5089] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5088] <... openat resumed>) = 6 [pid 5081] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... openat resumed>) = 6 [pid 5088] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 1 [pid 5082] <... futex resumed>) = 0 [pid 5089] <... futex resumed>) = 1 [pid 5088] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5082] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5089] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] <... futex resumed>) = 0 [pid 5081] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5089] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5084] <... mount resumed>) = 0 [pid 5084] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5080] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5080] futex(0x7f1eae70b7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5084] <... openat resumed>) = 3 [pid 5080] <... mmap resumed>) = 0x7f1ea62f1000 [pid 5080] mprotect(0x7f1ea62f2000, 131072, PROT_READ|PROT_WRITE [pid 5084] chdir("./bus" [pid 5080] <... mprotect resumed>) = 0 [pid 5080] clone(child_stack=0x7f1ea63113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5106 attached , parent_tid=[5106], tls=0x7f1ea6311700, child_tidptr=0x7f1ea63119d0) = 5106 [pid 5080] futex(0x7f1eae70b7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... chdir resumed>) = 0 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f1eae70b7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] set_robust_list(0x7f1ea63119e0, 24 [pid 5084] ioctl(4, LOOP_CLR_FD [pid 5106] <... set_robust_list resumed>) = 0 [pid 5106] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5084] <... ioctl resumed>) = 0 [pid 5082] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5084] close(4 [pid 5082] futex(0x7f1eae70b7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5084] <... close resumed>) = 0 [pid 5082] <... futex resumed>) = 0 [pid 5081] futex(0x7f1eae70b7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... write resumed>) = 262144 [pid 5084] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5081] <... futex resumed>) = 0 [pid 5084] <... futex resumed>) = 1 [pid 5082] <... mmap resumed>) = 0x7f1ea62f1000 [pid 5081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5078] <... futex resumed>) = 0 [pid 5089] <... write resumed>) = 262144 [pid 5088] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... write resumed>) = 1048576 [pid 5084] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] mprotect(0x7f1ea62f2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5082] clone(child_stack=0x7f1ea63113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5107], tls=0x7f1ea6311700, child_tidptr=0x7f1ea63119d0) = 5107 [pid 5082] futex(0x7f1eae70b7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7f1eae70b7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5107 attached [pid 5081] <... mmap resumed>) = 0x7f1ea62f1000 [pid 5078] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 0 [pid 5085] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5089] <... futex resumed>) = 0 [pid 5088] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] <... futex resumed>) = 0 [pid 5084] chdir("./file0" [pid 5081] mprotect(0x7f1ea62f2000, 131072, PROT_READ|PROT_WRITE [pid 5078] <... futex resumed>) = 0 [pid 5107] set_robust_list(0x7f1ea63119e0, 24 [pid 5089] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... chdir resumed>) = 0 [pid 5080] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5078] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] exit_group(0 [pid 5107] <... set_robust_list resumed>) = 0 [pid 5084] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... mprotect resumed>) = 0 [pid 5077] <... exit_group resumed>) = ? [ 60.730384][ T5083] ext4 filesystem being mounted at /root/syzkaller.nPbvLT/0/bus supports timestamps until 2038 (0x7fffffff) [ 60.764065][ T5086] EXT4-fs error (device loop0): ext4_map_blocks:731: inode #19: block 242: comm syz-executor333: lblock 50 mapped to illegal pblock 242 (length 1) [pid 5107] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5085] <... futex resumed>) = ? [pid 5084] <... futex resumed>) = 0 [pid 5081] clone(child_stack=0x7f1ea63113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] +++ exited with 0 +++ [pid 5077] +++ exited with 0 +++ [pid 5084] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5078] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5084] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5081] <... clone resumed>, parent_tid=[5108], tls=0x7f1ea6311700, child_tidptr=0x7f1ea63119d0) = 5108 [pid 5078] <... futex resumed>) = 0 [pid 5081] futex(0x7f1eae70b7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f1eae70b7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] <... open resumed>) = 4 [pid 5083] <... mount resumed>) = 0 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5073] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5108 attached [pid 5084] <... futex resumed>) = 1 [pid 5083] <... openat resumed>) = 3 [pid 5078] <... futex resumed>) = 0 [pid 5084] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... openat resumed>) = 3 [pid 5108] set_robust_list(0x7f1ea63119e0, 24 [pid 5084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] chdir("./bus" [pid 5082] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5078] <... futex resumed>) = 0 [pid 5073] fstat(3, [pid 5108] <... set_robust_list resumed>) = 0 [pid 5084] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5083] <... chdir resumed>) = 0 [pid 5078] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5084] <... mount resumed>) = 0 [pid 5083] ioctl(4, LOOP_CLR_FD [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] <... ioctl resumed>) = 0 [pid 5081] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5083] close(4) = 0 [pid 5083] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 0 [pid 5084] <... futex resumed>) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5073] getdents64(3, [pid 5084] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5079] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... getdents64 resumed>0x5555560e3620 /* 4 entries */, 32768) = 104 [pid 5084] <... open resumed>) = 5 [pid 5083] <... futex resumed>) = 0 [pid 5079] <... futex resumed>) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5073] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] chdir("./file0" [pid 5079] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... futex resumed>) = 0 [pid 5083] <... chdir resumed>) = 0 [pid 5078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 60.829053][ T27] audit: type=1800 audit(1679291859.259:3): pid=5086 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 60.861529][ T5086] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm syz-executor333: Invalid inode table block 0 in block_group 0 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] lstat("./0/binderfs", [pid 5084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] <... futex resumed>) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5078] <... futex resumed>) = 0 [pid 5073] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5084] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5083] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5079] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... openat resumed>) = 6 [pid 5073] unlink("./0/binderfs" [pid 5084] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... unlink resumed>) = 0 [pid 5106] <... write resumed>) = 1048576 [pid 5084] <... futex resumed>) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5106] futex(0x7f1eae70b7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... open resumed>) = 4 [pid 5073] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5106] <... futex resumed>) = 0 [pid 5084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] futex(0x7f1eae70b7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5083] <... futex resumed>) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5078] <... futex resumed>) = 0 [pid 5079] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... write resumed>) = 262144 [pid 5083] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5079] <... futex resumed>) = 0 [ 60.938806][ T27] audit: type=1800 audit(1679291859.279:4): pid=5088 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop5" ino=18 res=0 errno=0 [ 60.954738][ T41] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [pid 5083] <... mount resumed>) = 0 [pid 5079] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] <... futex resumed>) = 0 [pid 5079] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5079] <... futex resumed>) = 0 [pid 5078] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5107] <... write resumed>) = 1048576 [pid 5084] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... open resumed>) = 5 [pid 5079] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] futex(0x7f1eae70b7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] futex(0x7f1eae70b7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5083] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5078] <... futex resumed>) = 0 [pid 5107] <... futex resumed>) = 0 [pid 5084] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... futex resumed>) = 0 [pid 5079] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5107] futex(0x7f1eae70b7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] exit_group(0 [pid 5107] <... futex resumed>) = ? [pid 5082] <... exit_group resumed>) = ? [pid 5107] +++ exited with 0 +++ [ 60.965818][ T27] audit: type=1800 audit(1679291859.279:5): pid=5089 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 61.001779][ T41] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 61.011239][ T27] audit: type=1800 audit(1679291859.429:6): pid=5084 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop1" ino=18 res=0 errno=0 [pid 5083] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5079] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = ? [pid 5083] <... openat resumed>) = 6 [pid 5079] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... mmap resumed>) = 0x7f1ea62f1000 [pid 5078] mprotect(0x7f1ea62f2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5078] clone(child_stack=0x7f1ea63113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5109], tls=0x7f1ea6311700, child_tidptr=0x7f1ea63119d0) = 5109 [pid 5078] futex(0x7f1eae70b7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f1eae70b7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] +++ exited with 0 +++ [pid 5083] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] +++ exited with 0 +++ [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] <... futex resumed>) = 0 [pid 5079] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5083] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5079] <... futex resumed>) = 0 [ 61.017178][ T41] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 61.035215][ T5086] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 61.046133][ T27] audit: type=1800 audit(1679291859.539:7): pid=5083 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 61.066376][ T41] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #19: comm kworker/u4:2: mark_inode_dirty error [pid 5079] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5076] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5076] getdents64(3, 0x5555560e3620 /* 4 entries */, 32768) = 104 [pid 5108] <... write resumed>) = 1048576 [pid 5108] futex(0x7f1eae70b7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./0/binderfs", [pid 5108] <... futex resumed>) = 0 [pid 5076] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5108] futex(0x7f1eae70b7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] unlink("./0/binderfs" [pid 5078] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5076] <... unlink resumed>) = 0 [pid 5076] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] exit_group(0 [pid 5108] <... futex resumed>) = ? [pid 5089] <... futex resumed>) = ? [pid 5081] <... exit_group resumed>) = ? [pid 5108] +++ exited with 0 +++ [pid 5089] +++ exited with 0 +++ [pid 5081] +++ exited with 0 +++ ./strace-static-x86_64: Process 5109 attached [pid 5083] <... write resumed>) = 262144 [ 61.089994][ T5086] EXT4-fs error (device loop0): ext4_ext_truncate:4400: inode #19: comm syz-executor333: mark_inode_dirty error [ 61.116301][ T5086] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm syz-executor333: Invalid inode table block 0 in block_group 0 [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5109] set_robust_list(0x7f1ea63119e0, 24 [pid 5083] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5109] <... set_robust_list resumed>) = 0 [pid 5083] <... futex resumed>) = 0 [pid 5079] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5109] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5083] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5079] <... futex resumed>) = 0 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5079] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] getdents64(3, 0x5555560e3620 /* 4 entries */, 32768) = 104 [pid 5075] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5075] unlink("./0/binderfs") = 0 [ 61.121982][ T46] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 61.143578][ T41] EXT4-fs (loop2): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 64 with error 117 [ 61.162288][ T5086] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 61.180420][ T41] EXT4-fs (loop2): This should not happen!! Data will be lost [ 61.180420][ T41] [ 61.190248][ T1157] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 61.201429][ T41] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 61.216865][ T46] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 5075] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5079] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5086] <... write resumed>) = 204800 [pid 5086] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] exit_group(0 [pid 5106] <... futex resumed>) = ? [pid 5080] <... exit_group resumed>) = ? [pid 5106] +++ exited with 0 +++ [pid 5086] +++ exited with 0 +++ [pid 5080] +++ exited with 0 +++ [ 61.229750][ T5086] EXT4-fs error (device loop0): ext4_truncate:4365: inode #19: comm syz-executor333: mark_inode_dirty error [ 61.245206][ T46] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 61.246782][ T1157] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 61.261660][ T5073] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5071] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 5083] <... write resumed>) = 1048576 [pid 5083] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... futex resumed>) = 0 [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5071] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5071] getdents64(3, 0x5555560e3620 /* 4 entries */, 32768) = 104 [pid 5071] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5071] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5071] unlink("./0/binderfs") = 0 [pid 5071] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5109] <... write resumed>) = 1048576 [pid 5079] exit_group(0 [pid 5109] futex(0x7f1eae70b7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = ? [pid 5079] <... exit_group resumed>) = ? [pid 5109] <... futex resumed>) = 0 [pid 5083] +++ exited with 0 +++ [ 61.284584][ T1157] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 61.296526][ T46] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #19: comm kworker/u4:3: mark_inode_dirty error [ 61.315524][ T1157] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #19: comm kworker/u4:5: mark_inode_dirty error [ 61.328377][ T46] EXT4-fs (loop5): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 64 with error 117 [pid 5109] futex(0x7f1eae70b7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] +++ exited with 0 +++ [ 61.345825][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 61.347989][ T46] EXT4-fs (loop5): This should not happen!! Data will be lost [ 61.347989][ T46] [ 61.371471][ T1157] EXT4-fs (loop4): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 64 with error 117 [pid 5078] exit_group(0) = ? [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5109] <... futex resumed>) = ? [pid 5084] <... futex resumed>) = ? [pid 5084] +++ exited with 0 +++ [pid 5109] +++ exited with 0 +++ [pid 5078] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5072] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x5555560e3620 /* 4 entries */, 32768) = 104 [pid 5072] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./0/binderfs") = 0 [pid 5072] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5074] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 61.375857][ T46] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 61.397814][ T56] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 61.410911][ T1157] EXT4-fs (loop4): This should not happen!! Data will be lost [ 61.410911][ T1157] [ 61.421345][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 61.423433][ T5076] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5074] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] <... umount2 resumed>) = 0 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555560e3620 /* 4 entries */, 32768) = 104 [pid 5074] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./0/binderfs") = 0 [ 61.445351][ T56] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 61.470637][ T1157] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 61.484961][ T56] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5074] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 61.485018][ T9] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 61.504810][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 61.524099][ T56] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #19: comm kworker/u4:4: mark_inode_dirty error [pid 5073] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5076] <... umount2 resumed>) = 0 [pid 5076] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5076] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5076] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5076] getdents64(4, 0x5555560eb660 /* 2 entries */, 32768) = 48 [pid 5076] getdents64(4, 0x5555560eb660 /* 0 entries */, 32768) = 0 [pid 5076] close(4) = 0 [pid 5076] rmdir("./0/bus") = 0 [pid 5073] <... openat resumed>) = 4 [pid 5073] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 61.545180][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 50 with error 117 [ 61.546319][ T5075] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 61.557933][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 61.557933][ T9] [ 61.573782][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5076] getdents64(3, [pid 5073] getdents64(4, [pid 5076] <... getdents64 resumed>0x5555560e3620 /* 0 entries */, 32768) = 0 [pid 5076] close(3) = 0 [pid 5076] rmdir("./0") = 0 [pid 5076] mkdir("./1", 0777) = 0 [pid 5076] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5076] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5076] close(3) = 0 [pid 5076] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560e25d0) = 5113 ./strace-static-x86_64: Process 5113 attached [pid 5113] set_robust_list(0x5555560e25e0, 24) = 0 [pid 5113] chdir("./1") = 0 [pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5113] setpgid(0, 0) = 0 [pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5113] write(3, "1000", 4) = 4 [pid 5113] close(3) = 0 [pid 5113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5113] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1eae612000 [pid 5113] mprotect(0x7f1eae613000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5113] clone(child_stack=0x7f1eae6323f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5114], tls=0x7f1eae632700, child_tidptr=0x7f1eae6329d0) = 5114 [pid 5113] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5114 attached [pid 5114] set_robust_list(0x7f1eae6329e0, 24) = 0 [pid 5114] memfd_create("syzkaller", 0) = 3 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1ea6212000 [pid 5073] <... getdents64 resumed>0x5555560eb660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, 0x5555560eb660 /* 0 entries */, 32768) = 0 [ 61.594263][ T5071] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 61.613460][ T11] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 61.623137][ T56] EXT4-fs (loop1): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 64 with error 117 [pid 5114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5073] close(4) = 0 [pid 5073] rmdir("./0/bus") = 0 [pid 5073] getdents64(3, 0x5555560e3620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./0" [pid 5114] <... write resumed>) = 1048576 [pid 5073] <... rmdir resumed>) = 0 [ 61.638771][ T11] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #19: comm kworker/u4:1: mark_inode_dirty error [ 61.652588][ T56] EXT4-fs (loop1): This should not happen!! Data will be lost [ 61.652588][ T56] [ 61.666131][ T56] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 61.680881][ T11] EXT4-fs (loop3): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 64 with error 117 [pid 5073] mkdir("./1", 0777) = 0 [pid 5071] <... umount2 resumed>) = 0 [pid 5073] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5071] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] <... openat resumed>) = 3 [pid 5073] ioctl(3, LOOP_CLR_FD [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5071] lstat("./0/bus", [pid 5073] close(3 [pid 5071] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] <... close resumed>) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560e25d0) = 5115 [pid 5075] <... umount2 resumed>) = 0 [pid 5071] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5114] munmap(0x7f1ea6212000, 1048576 [pid 5071] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5071] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 5115 attached [pid 5114] <... munmap resumed>) = 0 [pid 5075] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5071] getdents64(4, [pid 5115] set_robust_list(0x5555560e25e0, 24 [pid 5114] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5071] <... getdents64 resumed>0x5555560eb660 /* 2 entries */, 32768) = 48 [pid 5115] <... set_robust_list resumed>) = 0 [pid 5114] <... openat resumed>) = 4 [ 61.695127][ T11] EXT4-fs (loop3): This should not happen!! Data will be lost [ 61.695127][ T11] [ 61.715530][ T5072] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5071] getdents64(4, [pid 5115] chdir("./1" [pid 5114] ioctl(4, LOOP_SET_FD, 3 [pid 5071] <... getdents64 resumed>0x5555560eb660 /* 0 entries */, 32768) = 0 [pid 5115] <... chdir resumed>) = 0 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5071] close(4 [pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5075] lstat("./0/bus", [pid 5071] <... close resumed>) = 0 [pid 5115] <... prctl resumed>) = 0 [pid 5075] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5071] rmdir("./0/bus" [pid 5115] setpgid(0, 0 [pid 5075] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5071] <... rmdir resumed>) = 0 [pid 5115] <... setpgid resumed>) = 0 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5071] getdents64(3, [pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5075] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5071] <... getdents64 resumed>0x5555560e3620 /* 0 entries */, 32768) = 0 [pid 5115] <... openat resumed>) = 3 [pid 5075] <... openat resumed>) = 4 [pid 5071] close(3 [pid 5115] write(3, "1000", 4 [pid 5075] fstat(4, [pid 5071] <... close resumed>) = 0 [pid 5115] <... write resumed>) = 4 [pid 5075] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5071] rmdir("./0" [pid 5115] close(3 [pid 5075] getdents64(4, [pid 5071] <... rmdir resumed>) = 0 [pid 5115] <... close resumed>) = 0 [pid 5075] <... getdents64 resumed>0x5555560eb660 /* 2 entries */, 32768) = 48 [pid 5071] mkdir("./1", 0777 [pid 5115] symlink("/dev/binderfs", "./binderfs" [pid 5075] getdents64(4, [pid 5071] <... mkdir resumed>) = 0 [pid 5115] <... symlink resumed>) = 0 [pid 5075] <... getdents64 resumed>0x5555560eb660 /* 0 entries */, 32768) = 0 [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5115] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] close(4 [pid 5071] <... openat resumed>) = 3 [pid 5115] <... futex resumed>) = 0 [pid 5114] <... ioctl resumed>) = 0 [pid 5075] <... close resumed>) = 0 [pid 5072] <... umount2 resumed>) = 0 [pid 5114] close(3 [pid 5072] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5114] <... close resumed>) = 0 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5114] mkdir("./bus", 0777 [pid 5072] lstat("./0/bus", [pid 5114] <... mkdir resumed>) = 0 [pid 5072] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5114] mount("/dev/loop5", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue" [pid 5072] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x5555560eb660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x5555560eb660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./0/bus" [pid 5115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5075] rmdir("./0/bus" [pid 5072] <... rmdir resumed>) = 0 [pid 5071] ioctl(3, LOOP_CLR_FD [pid 5115] <... mmap resumed>) = 0x7f1eae612000 [pid 5075] <... rmdir resumed>) = 0 [pid 5072] getdents64(3, [pid 5115] mprotect(0x7f1eae613000, 131072, PROT_READ|PROT_WRITE [pid 5075] getdents64(3, [pid 5072] <... getdents64 resumed>0x5555560e3620 /* 0 entries */, 32768) = 0 [pid 5071] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5115] <... mprotect resumed>) = 0 [pid 5075] <... getdents64 resumed>0x5555560e3620 /* 0 entries */, 32768) = 0 [pid 5072] close(3 [pid 5071] close(3 [pid 5115] clone(child_stack=0x7f1eae6323f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5075] close(3 [pid 5072] <... close resumed>) = 0 [pid 5075] <... close resumed>) = 0 [pid 5072] rmdir("./0" [pid 5071] <... close resumed>) = 0 [pid 5115] <... clone resumed>, parent_tid=[5116], tls=0x7f1eae632700, child_tidptr=0x7f1eae6329d0) = 5116 [pid 5075] rmdir("./0" [pid 5072] <... rmdir resumed>) = 0 [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5115] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... rmdir resumed>) = 0 [pid 5072] mkdir("./1", 0777 [pid 5115] <... futex resumed>) = 0 [pid 5075] mkdir("./1", 0777 [pid 5072] <... mkdir resumed>) = 0 [pid 5115] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5072] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5075] <... mkdir resumed>) = 0 [pid 5072] <... openat resumed>) = 3 [pid 5071] <... clone resumed>, child_tidptr=0x5555560e25d0) = 5117 ./strace-static-x86_64: Process 5116 attached [pid 5075] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5072] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5117 attached [pid 5116] set_robust_list(0x7f1eae6329e0, 24 [pid 5075] <... openat resumed>) = 3 [pid 5072] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5117] set_robust_list(0x5555560e25e0, 24 [pid 5116] <... set_robust_list resumed>) = 0 [pid 5075] ioctl(3, LOOP_CLR_FD [pid 5072] close(3 [pid 5117] <... set_robust_list resumed>) = 0 [pid 5116] memfd_create("syzkaller", 0 [pid 5075] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5072] <... close resumed>) = 0 [pid 5117] chdir("./1" [pid 5116] <... memfd_create resumed>) = 3 [pid 5075] close(3 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5117] <... chdir resumed>) = 0 [pid 5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5075] <... close resumed>) = 0 [pid 5117] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5116] <... mmap resumed>) = 0x7f1ea6212000 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5072] <... clone resumed>, child_tidptr=0x5555560e25d0) = 5120 [pid 5117] <... prctl resumed>) = 0 [pid 5117] setpgid(0, 0) = 0 [pid 5117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5117] write(3, "1000", 4 [pid 5075] <... clone resumed>, child_tidptr=0x5555560e25d0) = 5121 ./strace-static-x86_64: Process 5120 attached [pid 5117] <... write resumed>) = 4 [pid 5120] set_robust_list(0x5555560e25e0, 24 [pid 5117] close(3 [pid 5120] <... set_robust_list resumed>) = 0 [pid 5117] <... close resumed>) = 0 [pid 5120] chdir("./1" [pid 5117] symlink("/dev/binderfs", "./binderfs" [pid 5120] <... chdir resumed>) = 0 [pid 5117] <... symlink resumed>) = 0 [pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5117] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... prctl resumed>) = 0 [pid 5117] <... futex resumed>) = 0 [ 61.735215][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 61.742844][ T5114] loop5: detected capacity change from 0 to 2048 [ 61.780703][ T5074] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. ./strace-static-x86_64: Process 5121 attached [pid 5120] setpgid(0, 0 [pid 5117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5120] <... setpgid resumed>) = 0 [pid 5117] <... mmap resumed>) = 0x7f1eae612000 [pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5117] mprotect(0x7f1eae613000, 131072, PROT_READ|PROT_WRITE [pid 5120] <... openat resumed>) = 3 [pid 5117] <... mprotect resumed>) = 0 [pid 5120] write(3, "1000", 4 [pid 5117] clone(child_stack=0x7f1eae6323f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5121] set_robust_list(0x5555560e25e0, 24 [pid 5120] <... write resumed>) = 4 [pid 5121] <... set_robust_list resumed>) = 0 [pid 5120] close(3 [pid 5117] <... clone resumed>, parent_tid=[5122], tls=0x7f1eae632700, child_tidptr=0x7f1eae6329d0) = 5122 [pid 5121] chdir("./1" [pid 5120] <... close resumed>) = 0 [pid 5117] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... chdir resumed>) = 0 [pid 5120] symlink("/dev/binderfs", "./binderfs" [pid 5117] <... futex resumed>) = 0 [pid 5121] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5120] <... symlink resumed>) = 0 [pid 5117] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5121] <... prctl resumed>) = 0 [pid 5120] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] setpgid(0, 0 [pid 5120] <... futex resumed>) = 0 [pid 5121] <... setpgid resumed>) = 0 [pid 5120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5120] <... mmap resumed>) = 0x7f1eae612000 [pid 5121] <... openat resumed>) = 3 [pid 5120] mprotect(0x7f1eae613000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5122 attached [pid 5121] write(3, "1000", 4 [pid 5120] <... mprotect resumed>) = 0 [pid 5122] set_robust_list(0x7f1eae6329e0, 24 [pid 5121] <... write resumed>) = 4 [pid 5120] clone(child_stack=0x7f1eae6323f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5122] <... set_robust_list resumed>) = 0 [pid 5121] close(3 [pid 5122] memfd_create("syzkaller", 0 [pid 5121] <... close resumed>) = 0 [pid 5120] <... clone resumed>, parent_tid=[5123], tls=0x7f1eae632700, child_tidptr=0x7f1eae6329d0) = 5123 [pid 5122] <... memfd_create resumed>) = 3 [pid 5121] symlink("/dev/binderfs", "./binderfs" [pid 5120] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5121] <... symlink resumed>) = 0 [pid 5120] <... futex resumed>) = 0 [pid 5116] <... write resumed>) = 1048576 [pid 5074] <... umount2 resumed>) = 0 [pid 5122] <... mmap resumed>) = 0x7f1ea6212000 [pid 5121] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5116] munmap(0x7f1ea6212000, 1048576 [pid 5074] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5123 attached [pid 5123] set_robust_list(0x7f1eae6329e0, 24) = 0 [pid 5121] <... futex resumed>) = 0 [pid 5123] memfd_create("syzkaller", 0 [pid 5121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5123] <... memfd_create resumed>) = 3 [pid 5121] <... mmap resumed>) = 0x7f1eae612000 [pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5121] mprotect(0x7f1eae613000, 131072, PROT_READ|PROT_WRITE [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5123] <... mmap resumed>) = 0x7f1ea6212000 [pid 5121] <... mprotect resumed>) = 0 [pid 5116] <... munmap resumed>) = 0 [pid 5123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5121] clone(child_stack=0x7f1eae6323f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5116] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5074] lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5121] <... clone resumed>, parent_tid=[5124], tls=0x7f1eae632700, child_tidptr=0x7f1eae6329d0) = 5124 [pid 5116] <... openat resumed>) = 4 [ 61.829294][ T5114] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 61.865761][ T5114] ext4 filesystem being mounted at /root/syzkaller.37SiAZ/1/bus supports timestamps until 2038 (0x7fffffff) [pid 5074] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5121] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] ioctl(4, LOOP_SET_FD, 3 [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5121] <... futex resumed>) = 0 [pid 5074] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5121] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5074] <... openat resumed>) = 4 [pid 5074] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(4, 0x5555560eb660 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(4, 0x5555560eb660 /* 0 entries */, 32768) = 0 [pid 5074] close(4) = 0 [pid 5074] rmdir("./0/bus") = 0 [pid 5074] getdents64(3, [pid 5114] <... mount resumed>) = 0 [pid 5074] <... getdents64 resumed>0x5555560e3620 /* 0 entries */, 32768) = 0 [pid 5074] close(3 [pid 5114] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5074] <... close resumed>) = 0 [pid 5074] rmdir("./0" [pid 5114] <... openat resumed>) = 3 [pid 5074] <... rmdir resumed>) = 0 [pid 5114] chdir("./bus" [pid 5074] mkdir("./1", 0777 [pid 5114] <... chdir resumed>) = 0 [pid 5116] <... ioctl resumed>) = 0 [pid 5114] ioctl(4, LOOP_CLR_FD [pid 5116] close(3 [pid 5114] <... ioctl resumed>) = 0 [pid 5116] <... close resumed>) = 0 [pid 5114] close(4 [pid 5074] <... mkdir resumed>) = 0 [pid 5116] mkdir("./bus", 0777 [pid 5114] <... close resumed>) = 0 [pid 5074] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5116] <... mkdir resumed>) = 0 [pid 5114] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... openat resumed>) = 3 [pid 5116] mount("/dev/loop2", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue" [pid 5114] <... futex resumed>) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5074] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5124 attached [pid 5114] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5124] set_robust_list(0x7f1eae6329e0, 24 [pid 5114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5113] <... futex resumed>) = 0 [pid 5074] close(3 [pid 5124] <... set_robust_list resumed>) = 0 [pid 5114] chdir("./file0" [pid 5113] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] <... close resumed>) = 0 [pid 5124] memfd_create("syzkaller", 0 [pid 5123] <... write resumed>) = 1048576 [pid 5114] <... chdir resumed>) = 0 [pid 5124] <... memfd_create resumed>) = 3 [pid 5114] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5123] munmap(0x7f1ea6212000, 1048576 [pid 5114] <... futex resumed>) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5123] <... munmap resumed>) = 0 [pid 5114] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 61.894982][ T5116] loop2: detected capacity change from 0 to 2048 [pid 5113] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... mmap resumed>) = 0x7f1ea6212000 [pid 5123] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5113] <... futex resumed>) = 0 [pid 5074] <... clone resumed>, child_tidptr=0x5555560e25d0) = 5126 [pid 5123] <... openat resumed>) = 4 [pid 5114] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5113] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] ioctl(4, LOOP_SET_FD, 3 [pid 5114] <... open resumed>) = 4 [pid 5124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5122] <... write resumed>) = 1048576 [pid 5114] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5114] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5113] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5126 attached [pid 5122] munmap(0x7f1ea6212000, 1048576 [pid 5114] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5113] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] set_robust_list(0x5555560e25e0, 24 [pid 5114] <... mount resumed>) = 0 [pid 5114] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... set_robust_list resumed>) = 0 [pid 5114] <... futex resumed>) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5114] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] chdir("./1" [pid 5114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5113] <... futex resumed>) = 0 [pid 5126] <... chdir resumed>) = 0 [pid 5114] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5113] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... munmap resumed>) = 0 [pid 5126] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5124] <... write resumed>) = 1048576 [pid 5114] <... open resumed>) = 5 [pid 5126] <... prctl resumed>) = 0 [pid 5124] munmap(0x7f1ea6212000, 1048576 [pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5114] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] setpgid(0, 0 [pid 5124] <... munmap resumed>) = 0 [pid 5122] <... openat resumed>) = 4 [pid 5114] <... futex resumed>) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5124] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5114] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 61.934123][ T27] audit: type=1800 audit(1679291860.549:8): pid=5114 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop5" ino=18 res=0 errno=0 [ 61.935013][ T5123] loop1: detected capacity change from 0 to 2048 [ 61.965077][ T5116] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5113] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... setpgid resumed>) = 0 [pid 5124] <... openat resumed>) = 4 [pid 5122] ioctl(4, LOOP_SET_FD, 3 [pid 5114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5113] <... futex resumed>) = 0 [pid 5126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5124] ioctl(4, LOOP_SET_FD, 3 [pid 5114] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5113] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... openat resumed>) = 3 [pid 5114] <... openat resumed>) = 6 [pid 5126] write(3, "1000", 4 [pid 5114] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... write resumed>) = 4 [pid 5114] <... futex resumed>) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5126] close(3 [pid 5114] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... close resumed>) = 0 [pid 5114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5113] <... futex resumed>) = 0 [pid 5126] symlink("/dev/binderfs", "./binderfs" [pid 5114] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5113] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... symlink resumed>) = 0 [pid 5114] <... write resumed>) = 262144 [pid 5114] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... futex resumed>) = 1 [pid 5114] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5126] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... ioctl resumed>) = 0 [pid 5126] <... futex resumed>) = 0 [pid 5126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1eae612000 [pid 5126] mprotect(0x7f1eae613000, 131072, PROT_READ|PROT_WRITE [pid 5123] <... ioctl resumed>) = 0 [pid 5126] <... mprotect resumed>) = 0 [pid 5123] close(3 [pid 5126] clone(child_stack=0x7f1eae6323f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5123] <... close resumed>) = 0 [pid 5126] <... clone resumed>, parent_tid=[5128], tls=0x7f1eae632700, child_tidptr=0x7f1eae6329d0) = 5128 [pid 5126] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5123] mkdir("./bus", 0777 [pid 5122] close(3) = 0 [pid 5122] mkdir("./bus", 0777) = 0 [pid 5123] <... mkdir resumed>) = 0 [ 61.992150][ T5122] loop0: detected capacity change from 0 to 2048 [ 61.993669][ T5124] loop4: detected capacity change from 0 to 2048 [ 62.010201][ T5116] ext4 filesystem being mounted at /root/syzkaller.l97uKM/1/bus supports timestamps until 2038 (0x7fffffff) [pid 5123] mount("/dev/loop1", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue"./strace-static-x86_64: Process 5128 attached [pid 5122] mount("/dev/loop0", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue" [pid 5128] set_robust_list(0x7f1eae6329e0, 24 [pid 5124] <... ioctl resumed>) = 0 [pid 5116] <... mount resumed>) = 0 [pid 5124] close(3 [pid 5116] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5128] <... set_robust_list resumed>) = 0 [pid 5124] <... close resumed>) = 0 [pid 5116] <... openat resumed>) = 3 [pid 5128] memfd_create("syzkaller", 0 [pid 5124] mkdir("./bus", 0777 [pid 5116] chdir("./bus" [pid 5128] <... memfd_create resumed>) = 3 [pid 5124] <... mkdir resumed>) = 0 [pid 5116] <... chdir resumed>) = 0 [pid 5128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5124] mount("/dev/loop4", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue" [pid 5116] ioctl(4, LOOP_CLR_FD [pid 5113] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 62.040601][ T5091] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 5128] <... mmap resumed>) = 0x7f1ea6212000 [pid 5114] <... write resumed>) = 1048576 [pid 5128] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5116] <... ioctl resumed>) = 0 [pid 5114] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] close(4 [pid 5114] <... futex resumed>) = 0 [pid 5116] <... close resumed>) = 0 [pid 5114] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] exit_group(0 [pid 5116] <... futex resumed>) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5114] <... futex resumed>) = ? [pid 5113] <... exit_group resumed>) = ? [pid 5116] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 62.113937][ T5128] loop3: detected capacity change from 0 to 2048 [ 62.122215][ T5122] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 62.135524][ T9] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 5115] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] +++ exited with 0 +++ [pid 5128] <... write resumed>) = 1048576 [pid 5116] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5115] <... futex resumed>) = 0 [pid 5113] +++ exited with 0 +++ [pid 5128] munmap(0x7f1ea6212000, 1048576 [pid 5116] chdir("./file0" [pid 5128] <... munmap resumed>) = 0 [pid 5115] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5113, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5128] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5076] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5128] <... openat resumed>) = 4 [pid 5116] <... chdir resumed>) = 0 [pid 5076] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5128] ioctl(4, LOOP_SET_FD, 3 [pid 5116] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5128] <... ioctl resumed>) = 0 [pid 5116] <... futex resumed>) = 1 [pid 5115] <... futex resumed>) = 0 [pid 5076] <... openat resumed>) = 3 [pid 5116] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] fstat(3, [pid 5128] close(3 [pid 5076] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5128] <... close resumed>) = 0 [pid 5076] getdents64(3, [pid 5128] mkdir("./bus", 0777 [pid 5076] <... getdents64 resumed>0x5555560e3620 /* 4 entries */, 32768) = 104 [pid 5128] <... mkdir resumed>) = 0 [pid 5076] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5076] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5128] mount("/dev/loop3", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue" [pid 5076] unlink("./1/binderfs") = 0 [pid 5076] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5115] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5115] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [ 62.151587][ T27] audit: type=1800 audit(1679291860.759:9): pid=5116 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 62.152930][ T5123] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 62.176041][ T5124] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 62.184375][ T5122] ext4 filesystem being mounted at /root/syzkaller.zzCyOE/1/bus supports timestamps until 2038 (0x7fffffff) [pid 5124] <... mount resumed>) = 0 [pid 5123] <... mount resumed>) = 0 [pid 5122] <... mount resumed>) = 0 [pid 5116] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5124] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5123] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5124] <... openat resumed>) = 3 [pid 5123] <... openat resumed>) = 3 [pid 5124] chdir("./bus" [pid 5123] chdir("./bus" [pid 5124] <... chdir resumed>) = 0 [pid 5123] <... chdir resumed>) = 0 [pid 5124] ioctl(4, LOOP_CLR_FD [pid 5123] ioctl(4, LOOP_CLR_FD [pid 5124] <... ioctl resumed>) = 0 [pid 5123] <... ioctl resumed>) = 0 [pid 5124] close(4 [pid 5123] close(4 [pid 5124] <... close resumed>) = 0 [pid 5123] <... close resumed>) = 0 [pid 5124] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 1 [pid 5123] <... futex resumed>) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5124] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] chdir("./file0" [pid 5120] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... chdir resumed>) = 0 [pid 5121] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = 0 [pid 5115] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... futex resumed>) = 0 [pid 5123] <... futex resumed>) = 0 [pid 5121] <... futex resumed>) = 1 [pid 5120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5116] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5115] <... futex resumed>) = 0 [pid 5124] chdir("./file0" [pid 5123] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... chdir resumed>) = 0 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5120] <... futex resumed>) = 0 [pid 5116] <... mount resumed>) = 0 [pid 5115] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5120] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... futex resumed>) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5124] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5121] <... futex resumed>) = 0 [pid 5124] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5121] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5122] chdir("./bus") = 0 [pid 5122] ioctl(4, LOOP_CLR_FD) = 0 [pid 5122] close(4) = 0 [pid 5122] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5122] chdir("./file0" [pid 5117] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 62.195306][ T5124] ext4 filesystem being mounted at /root/syzkaller.9Bvr2W/1/bus supports timestamps until 2038 (0x7fffffff) [ 62.218612][ T5123] ext4 filesystem being mounted at /root/syzkaller.150DvK/1/bus supports timestamps until 2038 (0x7fffffff) [ 62.218826][ T9] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 5115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5124] <... open resumed>) = 4 [pid 5123] <... open resumed>) = 4 [pid 5122] <... chdir resumed>) = 0 [pid 5116] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 1 [pid 5123] <... futex resumed>) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 0 [pid 5124] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] <... futex resumed>) = 1 [pid 5121] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = 0 [pid 5124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 0 [pid 5117] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 5123] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5121] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... futex resumed>) = 0 [pid 5124] <... mount resumed>) = 0 [pid 5123] <... mount resumed>) = 0 [pid 5122] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5117] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... open resumed>) = 4 [pid 5124] <... futex resumed>) = 1 [pid 5123] <... futex resumed>) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 0 [pid 5124] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... futex resumed>) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 0 [pid 5117] <... futex resumed>) = 0 [pid 5115] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5123] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5122] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 62.255660][ T27] audit: type=1800 audit(1679291860.869:10): pid=5123 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 62.276412][ T9] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 62.290191][ T5128] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5117] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... open resumed>) = 5 [pid 5123] <... open resumed>) = 5 [pid 5122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5117] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = 0 [pid 5115] <... futex resumed>) = 1 [pid 5124] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5117] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5124] <... futex resumed>) = 1 [pid 5123] <... futex resumed>) = 1 [pid 5122] <... mount resumed>) = 0 [pid 5121] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 0 [pid 5116] <... open resumed>) = 5 [pid 5124] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... futex resumed>) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 0 [pid 5117] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = 0 [pid 5115] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5123] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5122] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] <... openat resumed>) = 6 [pid 5123] <... openat resumed>) = 6 [pid 5122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5117] <... futex resumed>) = 0 [pid 5124] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5117] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... futex resumed>) = 1 [pid 5123] <... futex resumed>) = 1 [pid 5122] <... open resumed>) = 5 [pid 5121] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 0 [pid 5124] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... futex resumed>) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 0 [pid 5117] <... futex resumed>) = 0 [pid 5115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5124] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5123] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5122] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... write resumed>) = 262144 [pid 5123] <... write resumed>) = 262144 [pid 5122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5117] <... futex resumed>) = 0 [pid 5115] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5117] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... openat resumed>) = 6 [pid 5116] <... futex resumed>) = 0 [pid 5115] <... futex resumed>) = 1 [pid 5122] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [ 62.303897][ T9] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #19: comm kworker/u4:0: mark_inode_dirty error [ 62.316488][ T5128] ext4 filesystem being mounted at /root/syzkaller.nPbvLT/1/bus supports timestamps until 2038 (0x7fffffff) [ 62.331424][ T27] audit: type=1800 audit(1679291860.889:11): pid=5124 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor333" name="bus" dev="loop4" ino=18 res=0 errno=0 [pid 5116] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5115] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... futex resumed>) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5116] <... openat resumed>) = 6 [pid 5122] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5117] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = 0 [pid 5122] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5117] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 1 [pid 5123] <... futex resumed>) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 0 [pid 5124] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5123] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... mount resumed>) = 0 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... write resumed>) = 262144 [pid 5121] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 0 [pid 5115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5123] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5121] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5115] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... futex resumed>) = 1 [pid 5122] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5128] <... openat resumed>) = 3 [pid 5116] <... futex resumed>) = 0 [pid 5115] <... futex resumed>) = 1 [ 62.354323][ T9] EXT4-fs (loop5): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 64 with error 117 [ 62.367479][ T9] EXT4-fs (loop5): This should not happen!! Data will be lost [ 62.367479][ T9] [ 62.379559][ T9] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 5116] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5128] chdir("./bus" [pid 5115] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] <... chdir resumed>) = 0 [pid 5121] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5128] ioctl(4, LOOP_CLR_FD [pid 5121] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5128] <... ioctl resumed>) = 0 [pid 5128] close(4) = 0 [pid 5124] <... write resumed>) = 1048576 [pid 5120] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5117] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5128] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... futex resumed>) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5124] <... futex resumed>) = 0 [pid 5121] exit_group(0) = ? [pid 5128] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 62.410382][ T5076] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5126] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5126] <... futex resumed>) = 0 [pid 5124] +++ exited with 0 +++ [pid 5121] +++ exited with 0 +++ [pid 5128] chdir("./file0" [pid 5126] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5121, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5128] <... chdir resumed>) = 0 [pid 5116] <... write resumed>) = 262144 [pid 5128] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] <... futex resumed>) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5115] <... futex resumed>) = 0 [pid 5075] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5126] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5126] <... futex resumed>) = 0 [pid 5115] <... futex resumed>) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5126] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5116] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5128] <... open resumed>) = 4 [pid 5076] <... umount2 resumed>) = 0 [pid 5075] <... openat resumed>) = 3 [pid 5128] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5075] fstat(3, [pid 5128] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5126] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5128] <... mount resumed>) = 0 [pid 5126] <... futex resumed>) = 0 [pid 5075] getdents64(3, [pid 5126] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... getdents64 resumed>0x5555560e3620 /* 4 entries */, 32768) = 104 [pid 5128] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5128] <... futex resumed>) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5122] <... write resumed>) = 1048576 [pid 5076] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5128] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] lstat("./1/binderfs", [pid 5128] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5126] <... futex resumed>) = 0 [pid 5122] <... futex resumed>) = 0 [pid 5117] exit_group(0 [pid 5076] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5128] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5126] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... exit_group resumed>) = ? [pid 5075] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5128] <... open resumed>) = 5 [pid 5122] +++ exited with 0 +++ [pid 5117] +++ exited with 0 +++ [pid 5076] lstat("./1/bus", [pid 5128] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] unlink("./1/binderfs" [pid 5128] <... futex resumed>) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5076] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5071] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5117, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5128] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] <... unlink resumed>) = 0 [pid 5128] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5126] <... futex resumed>) = 0 [pid 5115] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5076] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5075] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5128] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5126] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5128] <... openat resumed>) = 6 [pid 5076] <... openat resumed>) = 4 [pid 5128] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] fstat(4, [pid 5128] <... futex resumed>) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5076] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5071] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5128] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... write resumed>) = 1048576 [pid 5076] getdents64(4, [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5128] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5126] <... futex resumed>) = 0 [pid 5116] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... getdents64 resumed>0x5555560eb660 /* 2 entries */, 32768) = 48 [pid 5071] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5128] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5126] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... futex resumed>) = 0 [pid 5115] exit_group(0 [pid 5076] getdents64(4, [pid 5071] <... openat resumed>) = 3 [pid 5115] <... exit_group resumed>) = ? [pid 5076] <... getdents64 resumed>0x5555560eb660 /* 0 entries */, 32768) = 0 [pid 5071] fstat(3, [pid 5116] +++ exited with 0 +++ [pid 5115] +++ exited with 0 +++ [pid 5076] close(4 [pid 5071] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5128] <... write resumed>) = 262144 [pid 5076] <... close resumed>) = 0 [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5071] getdents64(3, [pid 5076] rmdir("./1/bus" [pid 5073] restart_syscall(<... resuming interrupted clone ...> [pid 5071] <... getdents64 resumed>0x5555560e3620 /* 4 entries */, 32768) = 104 [pid 5076] <... rmdir resumed>) = 0 [pid 5073] <... restart_syscall resumed>) = 0 [pid 5071] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5076] getdents64(3, [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5076] <... getdents64 resumed>0x5555560e3620 /* 0 entries */, 32768) = 0 [pid 5071] lstat("./1/binderfs", [pid 5128] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] close(3 [pid 5073] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5071] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5128] <... futex resumed>) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5076] <... close resumed>) = 0 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5071] unlink("./1/binderfs" [pid 5128] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5126] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] rmdir("./1" [pid 5073] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5071] <... unlink resumed>) = 0 [pid 5126] <... futex resumed>) = 0 [pid 5123] <... write resumed>) = 1048576 [pid 5076] <... rmdir resumed>) = 0 [ 62.545183][ T5111] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [pid 5073] <... openat resumed>) = 3 [pid 5071] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5126] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] exit_group(0 [pid 5076] mkdir("./2", 0777 [pid 5073] fstat(3, [pid 5076] <... mkdir resumed>) = 0 [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5076] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5073] getdents64(3, [pid 5076] <... openat resumed>) = 3 [pid 5073] <... getdents64 resumed>0x5555560e3620 /* 4 entries */, 32768) = 104 [pid 5076] ioctl(3, LOOP_CLR_FD [pid 5073] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5076] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5076] close(3 [pid 5073] lstat("./1/binderfs", [pid 5076] <... close resumed>) = 0 [pid 5073] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5076] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5073] unlink("./1/binderfs" [pid 5123] <... futex resumed>) = ? [pid 5120] <... exit_group resumed>) = ? [pid 5073] <... unlink resumed>) = 0 [pid 5123] +++ exited with 0 +++ [pid 5076] <... clone resumed>, child_tidptr=0x5555560e25d0) = 5138 [pid 5073] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5120] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- ./strace-static-x86_64: Process 5138 attached [pid 5072] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5138] set_robust_list(0x5555560e25e0, 24 [pid 5072] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5138] <... set_robust_list resumed>) = 0 [pid 5072] <... openat resumed>) = 3 [pid 5138] chdir("./2" [pid 5072] fstat(3, [pid 5138] <... chdir resumed>) = 0 [pid 5072] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5138] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5072] getdents64(3, [pid 5138] <... prctl resumed>) = 0 [pid 5072] <... getdents64 resumed>0x5555560e3620 /* 4 entries */, 32768) = 104 [pid 5138] setpgid(0, 0 [pid 5072] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5138] <... setpgid resumed>) = 0 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5072] lstat("./1/binderfs", [pid 5138] <... openat resumed>) = 3 [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5138] write(3, "1000", 4 [pid 5072] unlink("./1/binderfs" [pid 5138] <... write resumed>) = 4 [pid 5072] <... unlink resumed>) = 0 [pid 5138] close(3 [pid 5072] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5138] <... close resumed>) = 0 [pid 5138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5138] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1eae612000 [pid 5138] mprotect(0x7f1eae613000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5138] clone(child_stack=0x7f1eae6323f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5139], tls=0x7f1eae632700, child_tidptr=0x7f1eae6329d0) = 5139 [pid 5138] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 62.602630][ T5111] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 62.616605][ T56] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5138] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5139 attached [pid 5139] set_robust_list(0x7f1eae6329e0, 24) = 0 [pid 5139] memfd_create("syzkaller", 0) = 3 [pid 5139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1ea6212000 [pid 5126] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 62.655999][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 62.671638][ T9] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 62.700828][ T5111] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 62.710632][ T56] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 62.724001][ T9] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 62.724445][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5139] munmap(0x7f1ea6212000, 1048576) = 0 [pid 5139] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5139] ioctl(4, LOOP_SET_FD, 3 [pid 5128] <... write resumed>) = 1048576 [pid 5128] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] exit_group(0) = ? [pid 5128] +++ exited with 0 +++ [pid 5126] +++ exited with 0 +++ [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5126, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5074] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] getdents64(3, 0x5555560e3620 /* 4 entries */, 32768) = 104 [pid 5074] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5074] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] unlink("./1/binderfs") = 0 [pid 5074] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5139] <... ioctl resumed>) = 0 [pid 5139] close(3) = 0 [ 62.737245][ T9] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 62.761543][ T5111] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #19: comm kworker/u4:6: mark_inode_dirty error [ 62.774278][ T9] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #19: comm kworker/u4:0: mark_inode_dirty error [ 62.788744][ T5139] loop5: detected capacity change from 0 to 2048 [pid 5139] mkdir("./bus", 0777) = 0 [ 62.792925][ T1157] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 62.801246][ T11] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 62.817573][ T5111] EXT4-fs (loop4): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 64 with error 117 [ 62.820432][ T1157] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 62.830557][ T56] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 62.852205][ T9] EXT4-fs (loop1): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 64 with error 117 [ 62.856336][ T5111] EXT4-fs (loop4): This should not happen!! Data will be lost [ 62.856336][ T5111] [ 62.874433][ T9] EXT4-fs (loop1): This should not happen!! Data will be lost [ 62.874433][ T9] [ 62.876862][ T56] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #19: comm kworker/u4:4: mark_inode_dirty error [ 62.896458][ T11] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #19: comm kworker/u4:1: mark_inode_dirty error [ 62.898427][ T5111] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 62.909604][ T9] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 62.922096][ T56] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 64 with error 117 [ 62.933603][ T1157] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 62.950899][ T5075] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 62.964672][ T11] EXT4-fs (loop2): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 64 with error 117 [ 62.966991][ T5139] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 62.977147][ T11] EXT4-fs (loop2): This should not happen!! Data will be lost [ 62.977147][ T11] [ 62.995276][ T56] EXT4-fs (loop0): This should not happen!! Data will be lost [ 62.995276][ T56] [ 63.000600][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 63.012136][ T5072] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.020997][ T1157] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #19: comm kworker/u4:5: mark_inode_dirty error [ 63.021412][ T5139] ext4 filesystem being mounted at /root/syzkaller.37SiAZ/2/bus supports timestamps until 2038 (0x7fffffff) [pid 5139] mount("/dev/loop5", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue" [pid 5075] <... umount2 resumed>) = 0 [ 63.033782][ T5073] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.041592][ T1157] EXT4-fs (loop3): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 64 with error 117 [ 63.066633][ T56] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 63.074359][ T1157] EXT4-fs (loop3): This should not happen!! Data will be lost [ 63.074359][ T1157] [pid 5075] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5139] <... mount resumed>) = 0 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5139] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5075] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5139] <... openat resumed>) = 3 [pid 5075] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5139] chdir("./bus" [pid 5075] <... openat resumed>) = 4 [pid 5139] <... chdir resumed>) = 0 [pid 5139] ioctl(4, LOOP_CLR_FD) = 0 [pid 5075] fstat(4, [pid 5139] close(4 [pid 5075] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5139] <... close resumed>) = 0 [pid 5075] getdents64(4, [pid 5139] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... getdents64 resumed>0x5555560eb660 /* 2 entries */, 32768) = 48 [pid 5139] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] getdents64(4, 0x5555560eb660 /* 0 entries */, 32768) = 0 [pid 5075] close(4) = 0 [pid 5075] rmdir("./1/bus") = 0 [pid 5075] getdents64(3, 0x5555560e3620 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5075] rmdir("./1") = 0 [pid 5075] mkdir("./2", 0777 [pid 5138] <... futex resumed>) = 0 [pid 5075] <... mkdir resumed>) = 0 [pid 5138] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5138] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] chdir("./file0") = 0 [pid 5139] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5139] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5138] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... open resumed>) = 4 [pid 5075] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5139] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... openat resumed>) = 3 [pid 5139] <... futex resumed>) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5139] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5138] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... mount resumed>) = 0 [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5075] close(3) = 0 [pid 5075] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5139] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 63.098721][ T1157] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5138] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... open resumed>) = 5 [pid 5139] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5139] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... clone resumed>, child_tidptr=0x5555560e25d0) = 5143 [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5139] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 5139] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... umount2 resumed>) = 0 [pid 5139] <... futex resumed>) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5143 attached [pid 5139] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5138] <... futex resumed>) = 0 [pid 5143] set_robust_list(0x5555560e25e0, 24 [pid 5138] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... umount2 resumed>) = 0 [pid 5143] <... set_robust_list resumed>) = 0 [pid 5143] chdir("./2") = 0 [pid 5143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5073] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5143] setpgid(0, 0) = 0 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5073] lstat("./1/bus", [pid 5143] <... openat resumed>) = 3 [pid 5143] write(3, "1000", 4 [pid 5072] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5143] <... write resumed>) = 4 [pid 5143] close(3 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5143] <... close resumed>) = 0 [pid 5072] lstat("./1/bus", [pid 5143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5073] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5143] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... write resumed>) = 262144 [pid 5143] <... futex resumed>) = 0 [pid 5072] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5073] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5143] <... mmap resumed>) = 0x7f1eae612000 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5143] mprotect(0x7f1eae613000, 131072, PROT_READ|PROT_WRITE [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5143] <... mprotect resumed>) = 0 [pid 5072] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5143] clone(child_stack=0x7f1eae6323f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5072] <... openat resumed>) = 4 [pid 5072] fstat(4, [pid 5143] <... clone resumed>, parent_tid=[5144], tls=0x7f1eae632700, child_tidptr=0x7f1eae6329d0) = 5144 [pid 5072] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5143] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] getdents64(4, [pid 5143] <... futex resumed>) = 0 [pid 5072] <... getdents64 resumed>0x5555560eb660 /* 2 entries */, 32768) = 48 [pid 5143] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5072] getdents64(4, 0x5555560eb660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./1/bus") = 0 [pid 5072] getdents64(3, 0x5555560e3620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./1") = 0 [pid 5072] mkdir("./2", 0777) = 0 [pid 5072] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5072] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5072] close(3) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560e25d0) = 5145 ./strace-static-x86_64: Process 5144 attached [pid 5144] set_robust_list(0x7f1eae6329e0, 24) = 0 [pid 5144] memfd_create("syzkaller", 0 [pid 5139] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... memfd_create resumed>) = 3 [pid 5139] <... futex resumed>) = 1 [pid 5144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5139] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] <... mmap resumed>) = 0x7f1ea6212000 [pid 5144] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5139] <... futex resumed>) = 0 [pid 5138] <... futex resumed>) = 1 [pid 5139] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5138] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... openat resumed>) = 4 ./strace-static-x86_64: Process 5145 attached [pid 5145] set_robust_list(0x5555560e25e0, 24) = 0 [pid 5145] chdir("./2") = 0 [pid 5145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5145] setpgid(0, 0) = 0 [pid 5145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5145] write(3, "1000", 4) = 4 [pid 5145] close(3) = 0 [pid 5145] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5145] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1eae612000 [pid 5145] mprotect(0x7f1eae613000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5073] fstat(4, [pid 5145] clone(child_stack=0x7f1eae6323f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] getdents64(4, [pid 5145] <... clone resumed>, parent_tid=[5146], tls=0x7f1eae632700, child_tidptr=0x7f1eae6329d0) = 5146 [pid 5145] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] <... getdents64 resumed>0x5555560eb660 /* 2 entries */, 32768) = 48 [pid 5145] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5073] getdents64(4, 0x5555560eb660 /* 0 entries */, 32768) = 0 [pid 5073] close(4) = 0 [pid 5073] rmdir("./1/bus" [pid 5144] <... write resumed>) = 1048576 [pid 5073] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 5146 attached [pid 5146] set_robust_list(0x7f1eae6329e0, 24) = 0 [pid 5146] memfd_create("syzkaller", 0) = 3 [pid 5146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1ea6212000 [pid 5073] getdents64(3, 0x5555560e3620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5073] rmdir("./1") = 0 [pid 5073] mkdir("./2", 0777) = 0 [pid 5073] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5073] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5073] close(3 [pid 5138] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5073] <... close resumed>) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5146] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5073] <... clone resumed>, child_tidptr=0x5555560e25d0) = 5147 [ 63.196997][ T5071] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.219958][ T5074] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5144] munmap(0x7f1ea6212000, 1048576) = 0 ./strace-static-x86_64: Process 5147 attached [pid 5147] set_robust_list(0x5555560e25e0, 24 [pid 5144] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5147] <... set_robust_list resumed>) = 0 [pid 5144] <... openat resumed>) = 4 [pid 5144] ioctl(4, LOOP_SET_FD, 3 [pid 5147] chdir("./2") = 0 [pid 5071] <... umount2 resumed>) = 0 [pid 5147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5144] <... ioctl resumed>) = 0 [pid 5144] close(3) = 0 [pid 5144] mkdir("./bus", 0777 [pid 5147] setpgid(0, 0) = 0 [pid 5147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5071] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5147] <... openat resumed>) = 3 [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5147] write(3, "1000", 4) = 4 [pid 5071] lstat("./1/bus", [pid 5144] <... mkdir resumed>) = 0 [pid 5146] <... write resumed>) = 1048576 [pid 5146] munmap(0x7f1ea6212000, 1048576 [pid 5147] close(3 [pid 5146] <... munmap resumed>) = 0 [pid 5074] <... umount2 resumed>) = 0 [pid 5071] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5147] <... close resumed>) = 0 [pid 5144] mount("/dev/loop4", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue" [pid 5071] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5147] symlink("/dev/binderfs", "./binderfs" [pid 5146] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5139] <... write resumed>) = 1048576 [pid 5147] <... symlink resumed>) = 0 [pid 5146] <... openat resumed>) = 4 [pid 5139] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5147] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] ioctl(4, LOOP_SET_FD, 3 [pid 5139] <... futex resumed>) = 0 [ 63.287497][ T5144] loop4: detected capacity change from 0 to 2048 [pid 5147] <... futex resumed>) = 0 [pid 5139] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5138] exit_group(0 [pid 5147] <... mmap resumed>) = 0x7f1eae612000 [pid 5146] <... ioctl resumed>) = 0 [pid 5138] <... exit_group resumed>) = ? [pid 5074] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5071] <... openat resumed>) = 4 [pid 5147] mprotect(0x7f1eae613000, 131072, PROT_READ|PROT_WRITE [pid 5071] fstat(4, [pid 5139] <... futex resumed>) = ? [pid 5147] <... mprotect resumed>) = 0 [pid 5147] clone(child_stack=0x7f1eae6323f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5139] +++ exited with 0 +++ [pid 5138] +++ exited with 0 +++ [pid 5071] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5076] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5138, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5071] getdents64(4, [pid 5147] <... clone resumed>, parent_tid=[5148], tls=0x7f1eae632700, child_tidptr=0x7f1eae6329d0) = 5148 [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5147] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] lstat("./1/bus", [pid 5071] <... getdents64 resumed>0x5555560eb660 /* 2 entries */, 32768) = 48 [pid 5147] <... futex resumed>) = 0 [pid 5076] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5147] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5076] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5071] getdents64(4, [pid 5076] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5074] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5071] <... getdents64 resumed>0x5555560eb660 /* 0 entries */, 32768) = 0 [pid 5076] <... openat resumed>) = 3 [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5071] close(4 [pid 5076] fstat(3, [pid 5074] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5076] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5074] <... openat resumed>) = 4 [pid 5071] <... close resumed>) = 0 [pid 5076] getdents64(3, [pid 5074] fstat(4, [pid 5071] rmdir("./1/bus" [pid 5146] close(3 [pid 5076] <... getdents64 resumed>0x5555560e3620 /* 4 entries */, 32768) = 104 [pid 5074] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 5148 attached [pid 5146] <... close resumed>) = 0 [pid 5076] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5074] getdents64(4, [pid 5071] <... rmdir resumed>) = 0 [pid 5148] set_robust_list(0x7f1eae6329e0, 24 [pid 5146] mkdir("./bus", 0777 [pid 5076] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] <... getdents64 resumed>0x5555560eb660 /* 2 entries */, 32768) = 48 [pid 5148] <... set_robust_list resumed>) = 0 [pid 5146] <... mkdir resumed>) = 0 [pid 5076] lstat("./2/binderfs", [pid 5074] getdents64(4, [pid 5071] getdents64(3, [pid 5146] mount("/dev/loop1", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue" [pid 5074] <... getdents64 resumed>0x5555560eb660 /* 0 entries */, 32768) = 0 [pid 5148] memfd_create("syzkaller", 0 [pid 5076] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5074] close(4 [pid 5071] <... getdents64 resumed>0x5555560e3620 /* 0 entries */, 32768) = 0 [pid 5148] <... memfd_create resumed>) = 3 [pid 5076] unlink("./2/binderfs" [pid 5074] <... close resumed>) = 0 [pid 5076] <... unlink resumed>) = 0 [pid 5074] rmdir("./1/bus" [pid 5071] close(3 [pid 5148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5076] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5074] <... rmdir resumed>) = 0 [pid 5074] getdents64(3, [pid 5071] <... close resumed>) = 0 [pid 5148] <... mmap resumed>) = 0x7f1ea6212000 [pid 5074] <... getdents64 resumed>0x5555560e3620 /* 0 entries */, 32768) = 0 [pid 5074] close(3 [pid 5071] rmdir("./1" [pid 5074] <... close resumed>) = 0 [pid 5074] rmdir("./1") = 0 [pid 5074] mkdir("./2", 0777) = 0 [pid 5074] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5074] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5074] close(3) = 0 [pid 5074] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5148] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5074] <... clone resumed>, child_tidptr=0x5555560e25d0) = 5153 [pid 5071] <... rmdir resumed>) = 0 [ 63.342922][ T5146] loop1: detected capacity change from 0 to 2048 [ 63.379756][ T5144] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5071] mkdir("./2", 0777) = 0 [pid 5144] <... mount resumed>) = 0 [pid 5144] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5144] chdir("./bus") = 0 [pid 5144] ioctl(4, LOOP_CLR_FD) = 0 [pid 5144] close(4) = 0 [pid 5144] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... futex resumed>) = 1 [pid 5144] chdir("./file0") = 0 [pid 5144] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... futex resumed>) = 1 [pid 5144] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 5144] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... openat resumed>) = 3 [pid 5071] ioctl(3, LOOP_CLR_FD [pid 5144] <... futex resumed>) = 1 [pid 5071] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5071] close(3 [pid 5144] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 5071] <... close resumed>) = 0 [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5154 attached [pid 5144] <... mount resumed>) = 0 [pid 5071] <... clone resumed>, child_tidptr=0x5555560e25d0) = 5154 [pid 5154] set_robust_list(0x5555560e25e0, 24 [pid 5144] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5153 attached [pid 5154] <... set_robust_list resumed>) = 0 [pid 5144] <... futex resumed>) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5154] chdir("./2" [pid 5153] set_robust_list(0x5555560e25e0, 24 [pid 5144] <... open resumed>) = 5 [pid 5154] <... chdir resumed>) = 0 [pid 5153] <... set_robust_list resumed>) = 0 [pid 5144] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5153] chdir("./2" [pid 5144] <... futex resumed>) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5144] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5143] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] setpgid(0, 0 [pid 5153] <... chdir resumed>) = 0 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... setpgid resumed>) = 0 [pid 5153] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5144] <... openat resumed>) = 6 [ 63.403526][ T5144] ext4 filesystem being mounted at /root/syzkaller.9Bvr2W/2/bus supports timestamps until 2038 (0x7fffffff) [ 63.407001][ T56] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 63.436661][ T5146] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5153] <... prctl resumed>) = 0 [pid 5144] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] setpgid(0, 0 [pid 5144] <... futex resumed>) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5153] <... setpgid resumed>) = 0 [pid 5143] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... openat resumed>) = 3 [pid 5144] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5143] <... futex resumed>) = 0 [pid 5153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5143] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] write(3, "1000", 4 [pid 5153] <... openat resumed>) = 3 [pid 5144] <... write resumed>) = 262144 [pid 5148] <... write resumed>) = 1048576 [pid 5154] <... write resumed>) = 4 [pid 5153] write(3, "1000", 4 [pid 5148] munmap(0x7f1ea6212000, 1048576 [pid 5154] close(3 [pid 5153] <... write resumed>) = 4 [pid 5154] <... close resumed>) = 0 [pid 5153] close(3 [pid 5154] symlink("/dev/binderfs", "./binderfs" [pid 5153] <... close resumed>) = 0 [pid 5153] symlink("/dev/binderfs", "./binderfs" [pid 5154] <... symlink resumed>) = 0 [pid 5153] <... symlink resumed>) = 0 [pid 5154] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] <... futex resumed>) = 0 [pid 5153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5153] <... mmap resumed>) = 0x7f1eae612000 [pid 5154] <... mmap resumed>) = 0x7f1eae612000 [pid 5154] mprotect(0x7f1eae613000, 131072, PROT_READ|PROT_WRITE [pid 5153] mprotect(0x7f1eae613000, 131072, PROT_READ|PROT_WRITE [pid 5154] <... mprotect resumed>) = 0 [pid 5153] <... mprotect resumed>) = 0 [pid 5148] <... munmap resumed>) = 0 [pid 5144] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] clone(child_stack=0x7f1eae6323f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5153] clone(child_stack=0x7f1eae6323f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5148] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5144] <... futex resumed>) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5148] <... openat resumed>) = 4 [pid 5144] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5143] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] ioctl(4, LOOP_SET_FD, 3 [pid 5146] <... mount resumed>) = 0 [pid 5146] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5146] chdir("./bus") = 0 [pid 5146] ioctl(4, LOOP_CLR_FD) = 0 [pid 5146] close(4) = 0 [pid 5146] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... futex resumed>) = 0 [pid 5145] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... futex resumed>) = 1 [pid 5146] chdir("./file0"./strace-static-x86_64: Process 5155 attached [pid 5155] set_robust_list(0x7f1eae6329e0, 24) = 0 [ 63.459895][ T5146] ext4 filesystem being mounted at /root/syzkaller.150DvK/2/bus supports timestamps until 2038 (0x7fffffff) [ 63.479054][ T56] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 63.503529][ T5148] loop2: detected capacity change from 0 to 2048 [pid 5155] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5156 attached [pid 5154] <... clone resumed>, parent_tid=[5155], tls=0x7f1eae632700, child_tidptr=0x7f1eae6329d0) = 5155 [pid 5153] <... clone resumed>, parent_tid=[5156], tls=0x7f1eae632700, child_tidptr=0x7f1eae6329d0) = 5156 [pid 5148] <... ioctl resumed>) = 0 [pid 5146] <... chdir resumed>) = 0 [pid 5156] set_robust_list(0x7f1eae6329e0, 24 [pid 5154] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] close(3 [pid 5146] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... set_robust_list resumed>) = 0 [pid 5154] <... futex resumed>) = 0 [pid 5153] <... futex resumed>) = 0 [pid 5146] <... futex resumed>) = 1 [pid 5148] <... close resumed>) = 0 [pid 5154] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5153] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5146] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5148] mkdir("./bus", 0777 [pid 5156] memfd_create("syzkaller", 0 [pid 5145] <... futex resumed>) = 0 [pid 5148] <... mkdir resumed>) = 0 [pid 5145] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... memfd_create resumed>) = 3 [pid 5148] mount("/dev/loop2", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue" [pid 5146] <... futex resumed>) = 0 [pid 5145] <... futex resumed>) = 1 [pid 5156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5146] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5145] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5155] memfd_create("syzkaller", 0 [pid 5146] <... open resumed>) = 4 [pid 5156] <... mmap resumed>) = 0x7f1ea6212000 [pid 5146] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5155] <... memfd_create resumed>) = 3 [pid 5146] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5145] <... futex resumed>) = 0 [pid 5155] <... mmap resumed>) = 0x7f1ea6212000 [pid 5146] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5145] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... mount resumed>) = 0 [pid 5146] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5146] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5145] <... futex resumed>) = 0 [pid 5146] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5145] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... open resumed>) = 5 [pid 5146] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5146] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5145] <... futex resumed>) = 0 [pid 5143] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5146] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5145] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... openat resumed>) = 6 [pid 5146] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [ 63.510228][ T56] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5146] <... futex resumed>) = 1 [pid 5146] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5145] <... futex resumed>) = 0 [pid 5145] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5145] <... futex resumed>) = 1 [pid 5146] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5145] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... write resumed>) = 1048576 [ 63.549496][ T56] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #19: comm kworker/u4:4: mark_inode_dirty error [ 63.568369][ T56] EXT4-fs (loop5): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 64 with error 117 [ 63.584959][ T56] EXT4-fs (loop5): This should not happen!! Data will be lost [ 63.584959][ T56] [pid 5145] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5145] futex(0x7f1eae70b7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1ea62f1000 [pid 5145] mprotect(0x7f1ea62f2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5145] clone(child_stack=0x7f1ea63113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5159], tls=0x7f1ea6311700, child_tidptr=0x7f1ea63119d0) = 5159 [pid 5145] futex(0x7f1eae70b7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5145] futex(0x7f1eae70b7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5159 attached [pid 5156] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5155] munmap(0x7f1ea6212000, 1048576 [pid 5148] <... mount resumed>) = 0 [pid 5146] <... write resumed>) = 262144 [pid 5159] set_robust_list(0x7f1ea63119e0, 24 [pid 5155] <... munmap resumed>) = 0 [pid 5148] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5146] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... set_robust_list resumed>) = 0 [pid 5155] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5148] <... openat resumed>) = 3 [pid 5146] <... futex resumed>) = 0 [pid 5159] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5155] <... openat resumed>) = 4 [pid 5148] chdir("./bus" [pid 5146] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 63.600253][ T56] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 63.600269][ T5148] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 63.600358][ T5148] ext4 filesystem being mounted at /root/syzkaller.l97uKM/2/bus supports timestamps until 2038 (0x7fffffff) [ 63.649353][ T5076] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5155] ioctl(4, LOOP_SET_FD, 3 [pid 5148] <... chdir resumed>) = 0 [pid 5145] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5148] ioctl(4, LOOP_CLR_FD) = 0 [pid 5148] close(4) = 0 [pid 5148] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] <... futex resumed>) = 0 [pid 5156] <... write resumed>) = 1048576 [pid 5148] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... ioctl resumed>) = 0 [pid 5148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5147] <... futex resumed>) = 0 [pid 5144] <... write resumed>) = 1048576 [pid 5156] munmap(0x7f1ea6212000, 1048576 [pid 5155] close(3 [pid 5148] chdir("./file0" [pid 5147] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... munmap resumed>) = 0 [pid 5155] <... close resumed>) = 0 [pid 5148] <... chdir resumed>) = 0 [pid 5144] <... futex resumed>) = 0 [pid 5156] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5155] mkdir("./bus", 0777 [pid 5148] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... openat resumed>) = 4 [pid 5155] <... mkdir resumed>) = 0 [pid 5148] <... futex resumed>) = 1 [pid 5147] <... futex resumed>) = 0 [pid 5144] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] exit_group(0 [ 63.679397][ T5155] loop0: detected capacity change from 0 to 2048 [pid 5156] ioctl(4, LOOP_SET_FD, 3 [pid 5155] mount("/dev/loop0", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue" [pid 5148] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... umount2 resumed>) = 0 [pid 5143] <... exit_group resumed>) = ? [pid 5076] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5147] <... futex resumed>) = 0 [pid 5144] <... futex resumed>) = ? [pid 5076] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5148] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5147] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] lstat("./2/bus", [pid 5144] +++ exited with 0 +++ [pid 5148] <... open resumed>) = 4 [pid 5143] +++ exited with 0 +++ [pid 5076] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5148] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5148] <... futex resumed>) = 1 [pid 5147] <... futex resumed>) = 0 [pid 5076] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5075] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5143, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5159] <... write resumed>) = 1048576 [pid 5148] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5075] restart_syscall(<... resuming interrupted clone ...> [pid 5156] <... ioctl resumed>) = 0 [pid 5159] futex(0x7f1eae70b7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] close(3 [pid 5148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5147] <... futex resumed>) = 0 [pid 5145] exit_group(0 [pid 5076] <... openat resumed>) = 4 [pid 5075] <... restart_syscall resumed>) = 0 [pid 5159] <... futex resumed>) = ? [pid 5156] <... close resumed>) = 0 [pid 5148] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5147] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5146] <... futex resumed>) = ? [pid 5145] <... exit_group resumed>) = ? [pid 5076] fstat(4, [pid 5159] +++ exited with 0 +++ [pid 5156] mkdir("./bus", 0777 [pid 5148] <... mount resumed>) = 0 [pid 5146] +++ exited with 0 +++ [pid 5145] +++ exited with 0 +++ [pid 5076] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5148] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] getdents64(4, [pid 5075] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5145, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5156] <... mkdir resumed>) = 0 [pid 5148] <... futex resumed>) = 1 [pid 5147] <... futex resumed>) = 0 [pid 5076] <... getdents64 resumed>0x5555560eb660 /* 2 entries */, 32768) = 48 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5156] mount("/dev/loop3", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue" [pid 5148] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] getdents64(4, [pid 5075] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5147] <... futex resumed>) = 0 [pid 5076] <... getdents64 resumed>0x5555560eb660 /* 0 entries */, 32768) = 0 [pid 5075] <... openat resumed>) = 3 [pid 5072] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5148] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5147] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] close(4 [pid 5075] fstat(3, [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5148] <... open resumed>) = 5 [pid 5076] <... close resumed>) = 0 [pid 5075] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5076] rmdir("./2/bus" [pid 5075] getdents64(3, [pid 5072] <... openat resumed>) = 3 [ 63.738741][ T5156] loop3: detected capacity change from 0 to 2048 [pid 5148] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... rmdir resumed>) = 0 [pid 5075] <... getdents64 resumed>0x5555560e3620 /* 4 entries */, 32768) = 104 [pid 5072] fstat(3, [pid 5076] getdents64(3, [pid 5075] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5076] <... getdents64 resumed>0x5555560e3620 /* 0 entries */, 32768) = 0 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5072] getdents64(3, [pid 5076] close(3 [pid 5075] lstat("./2/binderfs", [pid 5072] <... getdents64 resumed>0x5555560e3620 /* 4 entries */, 32768) = 104 [pid 5076] <... close resumed>) = 0 [pid 5075] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5076] rmdir("./2" [pid 5075] unlink("./2/binderfs" [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5076] <... rmdir resumed>) = 0 [pid 5075] <... unlink resumed>) = 0 [pid 5072] lstat("./2/binderfs", [pid 5076] mkdir("./3", 0777 [pid 5075] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5076] <... mkdir resumed>) = 0 [pid 5072] unlink("./2/binderfs" [pid 5148] <... futex resumed>) = 1 [pid 5147] <... futex resumed>) = 0 [pid 5076] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5072] <... unlink resumed>) = 0 [pid 5076] <... openat resumed>) = 3 [pid 5072] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5076] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5076] close(3) = 0 [pid 5076] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5163 attached [pid 5155] <... mount resumed>) = 0 [pid 5148] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5147] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] set_robust_list(0x5555560e25e0, 24 [pid 5155] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5163] <... set_robust_list resumed>) = 0 [pid 5155] <... openat resumed>) = 3 [pid 5163] chdir("./3" [pid 5155] chdir("./bus" [pid 5163] <... chdir resumed>) = 0 [pid 5155] <... chdir resumed>) = 0 [pid 5163] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5155] ioctl(4, LOOP_CLR_FD [pid 5163] <... prctl resumed>) = 0 [pid 5155] <... ioctl resumed>) = 0 [pid 5163] setpgid(0, 0 [pid 5155] close(4 [pid 5163] <... setpgid resumed>) = 0 [pid 5155] <... close resumed>) = 0 [pid 5163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5155] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... openat resumed>) = 3 [pid 5155] <... futex resumed>) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5163] write(3, "1000", 4 [pid 5155] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... write resumed>) = 4 [pid 5155] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5154] <... futex resumed>) = 0 [pid 5163] close(3 [pid 5155] chdir("./file0" [pid 5154] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] <... close resumed>) = 0 [pid 5163] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5163] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1eae612000 [ 63.786645][ T5155] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 63.799426][ T56] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 63.809725][ T5155] ext4 filesystem being mounted at /root/syzkaller.zzCyOE/2/bus supports timestamps until 2038 (0x7fffffff) [pid 5163] mprotect(0x7f1eae613000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5163] clone(child_stack=0x7f1eae6323f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5165], tls=0x7f1eae632700, child_tidptr=0x7f1eae6329d0) = 5165 [pid 5163] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5155] <... chdir resumed>) = 0 [pid 5148] <... openat resumed>) = 6 [pid 5147] <... futex resumed>) = 0 [pid 5076] <... clone resumed>, child_tidptr=0x5555560e25d0) = 5163 [pid 5155] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... futex resumed>) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5148] <... futex resumed>) = 0 [pid 5147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5155] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5148] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5165 attached [pid 5148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5147] <... futex resumed>) = 0 [pid 5165] set_robust_list(0x7f1eae6329e0, 24 [pid 5148] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5147] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... futex resumed>) = 0 [ 63.825802][ T9] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 63.842289][ T56] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 63.867844][ T5156] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5155] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5165] <... set_robust_list resumed>) = 0 [pid 5165] memfd_create("syzkaller", 0) = 3 [pid 5165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1ea6212000 [pid 5165] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5147] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5147] futex(0x7f1eae70b7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1ea62f1000 [pid 5147] mprotect(0x7f1ea62f2000, 131072, PROT_READ|PROT_WRITE [pid 5154] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5147] <... mprotect resumed>) = 0 [pid 5155] <... open resumed>) = 4 [pid 5154] futex(0x7f1eae70b7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] clone(child_stack=0x7f1ea63113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5154] <... futex resumed>) = 0 [pid 5154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5155] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... clone resumed>, parent_tid=[5166], tls=0x7f1ea6311700, child_tidptr=0x7f1ea63119d0) = 5166 [pid 5147] futex(0x7f1eae70b7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7f1eae70b7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5166 attached [pid 5166] set_robust_list(0x7f1ea63119e0, 24) = 0 [pid 5166] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5154] <... mmap resumed>) = 0x7f1ea62f1000 [pid 5154] mprotect(0x7f1ea62f2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5154] clone(child_stack=0x7f1ea63113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5167], tls=0x7f1ea6311700, child_tidptr=0x7f1ea63119d0) = 5167 [pid 5154] futex(0x7f1eae70b7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 63.879409][ T9] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 63.880746][ T56] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 63.905137][ T9] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 63.919595][ T9] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #19: comm kworker/u4:0: mark_inode_dirty error [pid 5154] futex(0x7f1eae70b7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5167 attached [pid 5165] <... write resumed>) = 1048576 [pid 5167] set_robust_list(0x7f1ea63119e0, 24) = 0 [pid 5165] munmap(0x7f1ea6212000, 1048576 [pid 5167] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5147] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5167] futex(0x7f1eae70b7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... munmap resumed>) = 0 [pid 5165] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 63.938188][ T5148] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm syz-executor333: Invalid inode table block 0 in block_group 0 [ 63.962187][ T5156] ext4 filesystem being mounted at /root/syzkaller.nPbvLT/2/bus supports timestamps until 2038 (0x7fffffff) [ 63.975127][ T9] EXT4-fs (loop1): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 64 with error 117 [pid 5165] ioctl(4, LOOP_SET_FD, 3 [pid 5167] <... futex resumed>) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5154] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... mount resumed>) = 0 [pid 5156] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5156] chdir("./bus") = 0 [pid 5156] ioctl(4, LOOP_CLR_FD) = 0 [pid 5156] close(4 [pid 5167] futex(0x7f1eae70b7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] <... futex resumed>) = 0 [pid 5166] <... write resumed>) = 1048576 [pid 5155] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5166] futex(0x7f1eae70b7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] <... open resumed>) = 5 [pid 5166] futex(0x7f1eae70b7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5155] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 63.981239][ T5165] loop5: detected capacity change from 0 to 2048 [ 63.991988][ T9] EXT4-fs (loop1): This should not happen!! Data will be lost [ 63.991988][ T9] [ 64.007569][ T56] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #19: comm kworker/u4:4: mark_inode_dirty error [ 64.008048][ T9] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 5154] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... ioctl resumed>) = 0 [pid 5156] <... close resumed>) = 0 [pid 5155] <... futex resumed>) = 0 [pid 5165] close(3 [pid 5156] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5165] <... close resumed>) = 0 [pid 5156] <... futex resumed>) = 1 [pid 5155] <... openat resumed>) = 6 [pid 5165] mkdir("./bus", 0777 [pid 5156] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... mkdir resumed>) = 0 [pid 5155] <... futex resumed>) = 1 [pid 5165] mount("/dev/loop5", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue" [pid 5155] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] <... futex resumed>) = 0 [pid 5153] <... futex resumed>) = 0 [pid 5154] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... futex resumed>) = 0 [pid 5154] <... futex resumed>) = 1 [pid 5153] <... futex resumed>) = 1 [pid 5156] chdir("./file0" [pid 5154] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... chdir resumed>) = 0 [pid 5156] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5156] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5153] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... open resumed>) = 4 [pid 5153] <... futex resumed>) = 0 [pid 5156] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... futex resumed>) = 0 [pid 5153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5156] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5153] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... mount resumed>) = 0 [pid 5153] <... futex resumed>) = 0 [pid 5156] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... futex resumed>) = 0 [pid 5153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5156] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5153] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... open resumed>) = 5 [pid 5153] <... futex resumed>) = 0 [pid 5156] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... futex resumed>) = 0 [pid 5153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 64.024981][ T5148] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 64.045703][ T56] EXT4-fs (loop4): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 64 with error 117 [ 64.060039][ T5148] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #19: comm syz-executor333: mark_inode_dirty error [ 64.060959][ T5072] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5156] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5153] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... openat resumed>) = 6 [pid 5155] <... futex resumed>) = 0 [pid 5153] <... futex resumed>) = 0 [pid 5156] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... futex resumed>) = 0 [pid 5153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5156] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5153] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5153] <... futex resumed>) = 0 [pid 5154] futex(0x7f1eae70b7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... futex resumed>) = 0 [pid 5154] <... futex resumed>) = 1 [pid 5167] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5154] futex(0x7f1eae70b7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 64.071871][ T56] EXT4-fs (loop4): This should not happen!! Data will be lost [ 64.071871][ T56] [ 64.094592][ T5148] ------------[ cut here ]------------ [ 64.100598][ T5148] kernel BUG at fs/ext4/ext4.h:3332! [ 64.107754][ T5148] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 64.113862][ T5148] CPU: 0 PID: 5148 Comm: syz-executor333 Not tainted 6.3.0-rc3-syzkaller #0 [ 64.122554][ T5148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 64.132615][ T5148] RIP: 0010:ext4_get_group_info+0x399/0x3a0 [ 64.138535][ T5148] Code: 4f ff 8b 74 24 04 48 c7 c7 60 ab 0b 8d 4c 89 f2 e8 dc d5 2d 02 43 80 3c 2c 00 0f 85 23 fd ff ff e9 26 fd ff ff e8 d7 45 4f ff <0f> 0b 0f 1f 44 00 00 55 41 57 41 56 41 54 53 48 89 fb 49 bf 00 00 [ 64.158398][ T5148] RSP: 0018:ffffc900043e73b0 EFLAGS: 00010293 [ 64.164485][ T5148] RAX: ffffffff823b2749 RBX: 00000000fffffac6 RCX: ffff888018ae8000 [ 64.172462][ T5148] RDX: 0000000000000000 RSI: 00000000fffffac6 RDI: 0000000000000001 [ 64.180435][ T5148] RBP: 0000000000000001 R08: ffffffff823b2419 R09: ffffed100e93b4ba [ 64.188411][ T5148] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff110058644cf [ 64.196383][ T5148] R13: dffffc0000000000 R14: ffff88802c324000 R15: ffff88802c322678 [ 64.204357][ T5148] FS: 00007f1eae632700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 64.213311][ T5148] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 64.219894][ T5148] CR2: 00007f1eae633000 CR3: 00000000772fb000 CR4: 00000000003506f0 [ 64.227868][ T5148] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 64.235838][ T5148] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 64.243812][ T5148] Call Trace: [ 64.247108][ T5148] [ 64.250042][ T5148] ext4_mb_load_buddy_gfp+0xc3/0x820 [ 64.255337][ T5148] ? ext4_get_group_number+0x166/0x240 [ 64.260803][ T5148] ext4_discard_preallocations+0x84d/0x10e0 [ 64.266701][ T5148] ? mb_clear_bits+0x110/0x110 [ 64.271481][ T5148] ? __down_write_common+0x161/0x200 [ 64.276773][ T5148] ? ext4_journal_check_start+0x179/0x240 [ 64.282503][ T5148] ? __ext4_journal_start_sb+0x26b/0x5a0 [ 64.288173][ T5148] ext4_truncate+0x98b/0x1150 [ 64.292866][ T5148] ? __ext4_mark_inode_dirty+0x870/0x870 [ 64.298503][ T5148] ? ext4_journal_check_start+0x179/0x240 [ 64.304234][ T5148] ext4_write_begin+0xaa6/0xee0 [ 64.309102][ T5148] ? ext4_readahead+0x110/0x110 [ 64.313957][ T5148] ? fault_in_iov_iter_readable+0x49/0x280 [ 64.319774][ T5148] ? fault_in_readable+0x15a/0x350 [ 64.324891][ T5148] ext4_da_write_begin+0x42c/0x960 [ 64.330018][ T5148] ? ext4_dirty_folio+0x310/0x310 [ 64.335052][ T5148] ? fault_in_iov_iter_readable+0xdf/0x280 [ 64.340863][ T5148] generic_perform_write+0x300/0x5e0 [ 64.346159][ T5148] ? generic_file_direct_write+0x460/0x460 [ 64.351971][ T5148] ? clear_nonspinnable+0x60/0x60 [ 64.357095][ T5148] ? __lock_acquire+0x125b/0x1f80 [ 64.362224][ T5148] ? ext4_write_checks+0x255/0x2c0 [ 64.367345][ T5148] ext4_buffered_write_iter+0x122/0x3a0 [ 64.372897][ T5148] ext4_file_write_iter+0x1d6/0x1930 [ 64.378185][ T5148] ? read_lock_is_recursive+0x20/0x20 [ 64.383744][ T5148] ? ext4_file_read_iter+0x670/0x670 [ 64.389030][ T5148] ? rcu_is_watching+0x15/0xb0 [ 64.393799][ T5148] ? trace_contention_end+0x3c/0xf0 [ 64.399012][ T5148] vfs_write+0x7b2/0xbb0 [ 64.403273][ T5148] ? file_end_write+0x250/0x250 [ 64.408228][ T5148] ? mutex_lock_nested+0x1b/0x20 [ 64.413197][ T5148] ? __fdget_pos+0x254/0x2f0 [ 64.417799][ T5148] ? ksys_write+0x7b/0x2c0 [ 64.422223][ T5148] ksys_write+0x1a0/0x2c0 [ 64.426571][ T5148] ? __ia32_sys_read+0x90/0x90 [ 64.431344][ T5148] ? syscall_enter_from_user_mode+0x32/0x260 [ 64.437329][ T5148] ? syscall_enter_from_user_mode+0x8c/0x260 [ 64.443315][ T5148] do_syscall_64+0x41/0xc0 [ 64.447737][ T5148] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 64.453647][ T5148] RIP: 0033:0x7f1eae686769 [ 64.458064][ T5148] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 64.477683][ T5148] RSP: 002b:00007f1eae6322f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 64.486100][ T5148] RAX: ffffffffffffffda RBX: 00007f1eae70b7a0 RCX: 00007f1eae686769 [ 64.494080][ T5148] RDX: 000000000208e24b RSI: 0000000020000000 RDI: 0000000000000006 [ 64.502050][ T5148] RBP: 00007f1eae6d892c R08: 0000000000000000 R09: 0000000000000000 [ 64.510019][ T5148] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 64.518028][ T5148] R13: 6f6f6c2f7665642f R14: 632e79726f6d656d R15: 00007f1eae70b7a8 [ 64.526013][ T5148] [ 64.529030][ T5148] Modules linked in: [pid 5155] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5154] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5153] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5153] futex(0x7f1eae70b7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1ea62f1000 [pid 5153] mprotect(0x7f1ea62f2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5153] clone(child_stack=0x7f1ea63113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5170], tls=0x7f1ea6311700, child_tidptr=0x7f1ea63119d0) = 5170 [pid 5153] futex(0x7f1eae70b7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... write resumed>) = 262144 [pid 5153] <... futex resumed>) = 0 [pid 5156] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] futex(0x7f1eae70b7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5170 attached [pid 5170] set_robust_list(0x7f1ea63119e0, 24) = 0 [ 64.534088][ T5155] EXT4-fs error (device loop0): ext4_xattr_block_get:612: inode #19: comm syz-executor333: corrupted xattr block 176: invalid header [ 64.544311][ T5165] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 64.558783][ T56] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5170] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5167] <... write resumed>) = 1048576 [pid 5165] <... mount resumed>) = 0 [pid 5165] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5165] chdir("./bus") = 0 [pid 5165] ioctl(4, LOOP_CLR_FD) = 0 [pid 5165] close(4 [ 64.583617][ T5165] ext4 filesystem being mounted at /root/syzkaller.37SiAZ/3/bus supports timestamps until 2038 (0x7fffffff) [ 64.595694][ T5155] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm syz-executor333: Invalid inode table block 0 in block_group 0 [ 64.610233][ T5155] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 64.620144][ T5148] ---[ end trace 0000000000000000 ]--- [ 64.623357][ T5155] EXT4-fs error (device loop0): ext4_dirty_inode:6113: inode #19: comm syz-executor333: mark_inode_dirty error [pid 5167] futex(0x7f1eae70b7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 64.625707][ T5148] RIP: 0010:ext4_get_group_info+0x399/0x3a0 [ 64.643333][ T5148] Code: 4f ff 8b 74 24 04 48 c7 c7 60 ab 0b 8d 4c 89 f2 e8 dc d5 2d 02 43 80 3c 2c 00 0f 85 23 fd ff ff e9 26 fd ff ff e8 d7 45 4f ff <0f> 0b 0f 1f 44 00 00 55 41 57 41 56 41 54 53 48 89 fb 49 bf 00 00 [ 64.663263][ T5148] RSP: 0018:ffffc900043e73b0 EFLAGS: 00010293 [ 64.669382][ T5148] RAX: ffffffff823b2749 RBX: 00000000fffffac6 RCX: ffff888018ae8000 [ 64.674055][ T5075] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5167] futex(0x7f1eae70b7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] <... close resumed>) = 0 [pid 5165] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... write resumed>) = 1048576 [pid 5170] futex(0x7f1eae70b7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] futex(0x7f1eae70b7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] <... futex resumed>) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5072] <... umount2 resumed>) = 0 [ 64.677608][ T5148] RDX: 0000000000000000 RSI: 00000000fffffac6 RDI: 0000000000000001 [ 64.694723][ T5148] RBP: 0000000000000001 R08: ffffffff823b2419 R09: ffffed100e93b4ba [ 64.703365][ T5148] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff110058644cf [ 64.711709][ T5155] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm syz-executor333: Invalid inode table block 0 in block_group 0 [ 64.716448][ T5148] R13: dffffc0000000000 R14: ffff88802c324000 R15: ffff88802c322678 [ 64.732720][ T5155] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5165] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] exit_group(0 [pid 5156] <... futex resumed>) = ? [pid 5153] <... exit_group resumed>) = ? [pid 5170] <... futex resumed>) = ? [pid 5163] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] +++ exited with 0 +++ [pid 5170] +++ exited with 0 +++ [pid 5165] <... futex resumed>) = 0 [pid 5163] <... futex resumed>) = 1 [pid 5153] +++ exited with 0 +++ [pid 5163] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] chdir("./file0" [pid 5074] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5153, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5165] <... chdir resumed>) = 0 [pid 5165] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5074] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5165] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5163] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5165] <... futex resumed>) = 0 [pid 5163] <... futex resumed>) = 1 [pid 5165] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5163] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... open resumed>) = 4 [pid 5074] <... openat resumed>) = 3 [pid 5074] fstat(3, [pid 5165] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5165] <... futex resumed>) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5074] getdents64(3, [pid 5165] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5163] <... futex resumed>) = 0 [pid 5074] <... getdents64 resumed>0x5555560e3620 /* 4 entries */, 32768) = 104 [pid 5165] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5163] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... mount resumed>) = 0 [pid 5075] <... umount2 resumed>) = 0 [pid 5074] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5165] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5165] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5163] <... futex resumed>) = 0 [pid 5165] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5163] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... open resumed>) = 5 [pid 5165] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5165] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5163] <... futex resumed>) = 0 [pid 5165] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5163] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... openat resumed>) = 6 [pid 5165] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5165] futex(0x7f1eae70b7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5163] <... futex resumed>) = 0 [pid 5165] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 64.745054][ T5155] EXT4-fs error (device loop0): ext4_dirty_inode:6113: inode #19: comm syz-executor333: mark_inode_dirty error [ 64.762709][ T5148] FS: 00007f1eae632700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 64.763121][ T5155] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor333: Invalid block bitmap block 0 in block_group 0 [ 64.772021][ T5148] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [pid 5163] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... write resumed>) = 262144 [pid 5075] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5074] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5072] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5165] futex(0x7f1eae70b7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... futex resumed>) = 0 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5163] futex(0x7f1eae70b7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] lstat("./2/binderfs", [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5075] lstat("./2/bus", [pid 5163] <... futex resumed>) = 0 [pid 5074] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5163] futex(0x7f1eae70b7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] lstat("./2/bus", [pid 5074] unlink("./2/binderfs" [pid 5075] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5165] <... futex resumed>) = 1 [pid 5165] write(5, "\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5075] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5074] <... unlink resumed>) = 0 [pid 5072] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5075] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5074] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5075] <... openat resumed>) = 4 [pid 5072] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5075] fstat(4, [pid 5072] <... openat resumed>) = 4 [pid 5075] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 64.793586][ T5148] CR2: 00007ffe303a4db8 CR3: 00000000772fb000 CR4: 00000000003506f0 [ 64.804715][ T5148] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 64.812731][ T5148] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 64.828922][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 64.829042][ T5148] Kernel panic - not syncing: Fatal exception [ 64.841745][ T5148] Kernel Offset: disabled [ 64.852126][ T5148] Rebooting in 86400 seconds..