./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3005696611 <...> Warning: Permanently added '10.128.10.22' (ECDSA) to the list of known hosts. execve("./syz-executor3005696611", ["./syz-executor3005696611"], 0x7fff782b6380 /* 10 vars */) = 0 brk(NULL) = 0x555556346000 brk(0x555556346c40) = 0x555556346c40 arch_prctl(ARCH_SET_FS, 0x555556346300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555563465d0) = 355 set_robust_list(0x5555563465e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f82e1d2f640, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f82e1d2fd10}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f82e1d2f6e0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f82e1d2fd10}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3005696611", 4096) = 28 brk(0x555556367c40) = 0x555556367c40 brk(0x555556368000) = 0x555556368000 mprotect(0x7f82e1df2000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 355 mkdir("./syzkaller.9V7ej4", 0700) = 0 chmod("./syzkaller.9V7ej4", 0777) = 0 chdir("./syzkaller.9V7ej4") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 23.136468][ T23] audit: type=1400 audit(1686810105.690:66): avc: denied { execmem } for pid=355 comm="syz-executor300" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563465d0) = 356 ./strace-static-x86_64: Process 356 attached [pid 356] set_robust_list(0x5555563465e0, 24) = 0 [pid 356] chdir("./0") = 0 [pid 356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 356] setpgid(0, 0) = 0 [pid 356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 356] write(3, "1000", 4) = 4 [pid 356] close(3) = 0 [pid 356] symlink("/dev/binderfs", "./binderfs") = 0 [pid 356] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f82e1cfe000 [pid 356] mprotect(0x7f82e1cff000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 356] clone(child_stack=0x7f82e1d1e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[358], tls=0x7f82e1d1e700, child_tidptr=0x7f82e1d1e9d0) = 358 [pid 356] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 358 attached [pid 358] set_robust_list(0x7f82e1d1e9e0, 24) = 0 [pid 358] memfd_create("syzkaller", 0) = 3 [pid 358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82d98fe000 [pid 358] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 358] munmap(0x7f82d98fe000, 262144) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 358] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 358] close(3) = 0 [pid 358] mkdir("./file1", 0777) = 0 [ 23.173978][ T23] audit: type=1400 audit(1686810105.730:67): avc: denied { read write } for pid=355 comm="syz-executor300" name="loop0" dev="devtmpfs" ino=9262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.209966][ T23] audit: type=1400 audit(1686810105.740:68): avc: denied { open } for pid=355 comm="syz-executor300" path="/dev/loop0" dev="devtmpfs" ino=9262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.234903][ T23] audit: type=1400 audit(1686810105.740:69): avc: denied { ioctl } for pid=355 comm="syz-executor300" path="/dev/loop0" dev="devtmpfs" ino=9262 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.260784][ T23] audit: type=1400 audit(1686810105.770:70): avc: denied { mounton } for pid=356 comm="syz-executor300" path="/root/syzkaller.9V7ej4/0/file1" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 23.278141][ T358] EXT4-fs (loop0): 1 orphan inode deleted [ 23.299532][ T358] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.308461][ T23] audit: type=1400 audit(1686810105.860:71): avc: denied { mount } for pid=356 comm="syz-executor300" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 358] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 358] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 358] chdir("./file1") = 0 [pid 358] ioctl(4, LOOP_CLR_FD) = 0 [pid 358] close(4) = 0 [pid 358] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] <... futex resumed>) = 0 [pid 356] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... futex resumed>) = 1 [pid 358] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 358] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 358] futex(0x7f82e1df87a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 356] <... futex resumed>) = 0 [pid 356] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 356] futex(0x7f82e1df87bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f82d991d000 [pid 356] mprotect(0x7f82d991e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 356] clone(child_stack=0x7f82d993d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[362], tls=0x7f82d993d700, child_tidptr=0x7f82d993d9d0) = 362 [pid 356] futex(0x7f82e1df87b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7f82e1df87bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... futex resumed>) = 0 [pid 358] fallocate(4, 0, 35143, 7) = 0 [pid 358] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7f82e1df87a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 362 attached [pid 362] set_robust_list(0x7f82d993d9e0, 24) = 0 [pid 362] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 362] futex(0x7f82e1df87bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] <... futex resumed>) = 0 [pid 356] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 356] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... futex resumed>) = 0 [pid 358] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 358] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] <... futex resumed>) = 0 [pid 356] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... futex resumed>) = 1 [pid 358] write(0, "\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48\xb7\x71\xb3\xc3\xb8\x06\x60\x1d\x4b\x7a\x5f\x1e\x7c\xb6\x0a\x34\xda\x12\xb2\x6f\xad\xc9\x46\xcc\xd2\x3b\x6a\xfb\x12\xc1\xce\xe6\x20\x8b\xb8\xae\x2e\x2b\x32\x28\xe7\xeb\x78\x4c\x60\x8b\x9a\x07\xad\x74\x7b\x94\x3a\x77\x03\xd8\xca\xcb\x26\xad\x1e\x02\xca\x87"..., 4096) = -1 EBADF (Bad file descriptor) [pid 358] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] <... futex resumed>) = 0 [pid 356] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... futex resumed>) = 1 [pid 358] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48"..., 22455190 [pid 362] <... futex resumed>) = 1 [pid 362] futex(0x7f82e1df87b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 358] <... write resumed>) = 262144 [pid 358] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] <... futex resumed>) = 0 [pid 356] exit_group(0) = ? [pid 362] <... futex resumed>) = ? [pid 362] +++ exited with 0 +++ [pid 358] <... futex resumed>) = ? [ 23.308479][ T358] ext4 filesystem being mounted at /root/syzkaller.9V7ej4/0/file1 supports timestamps until 2038 (0x7fffffff) [ 23.347851][ T23] audit: type=1400 audit(1686810105.900:72): avc: denied { write } for pid=356 comm="syz-executor300" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [pid 358] +++ exited with 0 +++ [pid 356] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=356, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556347620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 23.370001][ T23] audit: type=1400 audit(1686810105.900:73): avc: denied { add_name } for pid=356 comm="syz-executor300" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 23.391354][ T23] audit: type=1400 audit(1686810105.900:74): avc: denied { create } for pid=356 comm="syz-executor300" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 23.412007][ T23] audit: type=1400 audit(1686810105.900:75): avc: denied { read write open } for pid=356 comm="syz-executor300" path="/root/syzkaller.9V7ej4/0/file1/bus" dev="loop0" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555634f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555634f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x555556347620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563465d0) = 363 ./strace-static-x86_64: Process 363 attached [pid 363] set_robust_list(0x5555563465e0, 24) = 0 [pid 363] chdir("./1") = 0 [pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 363] setpgid(0, 0) = 0 [pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 363] write(3, "1000", 4) = 4 [pid 363] close(3) = 0 [pid 363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 363] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f82e1cfe000 [pid 363] mprotect(0x7f82e1cff000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 363] clone(child_stack=0x7f82e1d1e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 364 attached , parent_tid=[364], tls=0x7f82e1d1e700, child_tidptr=0x7f82e1d1e9d0) = 364 [pid 364] set_robust_list(0x7f82e1d1e9e0, 24) = 0 [pid 364] futex(0x7f82e1df87a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 363] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 364] <... futex resumed>) = 0 [pid 363] <... futex resumed>) = 1 [pid 364] memfd_create("syzkaller", 0) = 3 [pid 364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82d98fe000 [pid 363] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 364] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 364] munmap(0x7f82d98fe000, 262144) = 0 [pid 364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 364] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 364] close(3) = 0 [pid 364] mkdir("./file1", 0777) = 0 [pid 364] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 364] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 364] chdir("./file1") = 0 [pid 364] ioctl(4, LOOP_CLR_FD) = 0 [pid 364] close(4) = 0 [pid 364] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 364] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... open resumed>) = 4 [pid 364] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 364] fallocate(4, 0, 35143, 7 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7f82e1df87bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f82d991d000 [pid 363] mprotect(0x7f82d991e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 363] clone(child_stack=0x7f82d993d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 368 attached , parent_tid=[368], tls=0x7f82d993d700, child_tidptr=0x7f82d993d9d0) = 368 [pid 368] set_robust_list(0x7f82d993d9e0, 24) = 0 [pid 368] futex(0x7f82e1df87b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 364] <... fallocate resumed>) = 0 [pid 363] futex(0x7f82e1df87b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] <... futex resumed>) = 0 [pid 363] <... futex resumed>) = 1 [pid 368] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 363] futex(0x7f82e1df87bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... mount resumed>) = 0 [pid 368] futex(0x7f82e1df87bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 363] <... futex resumed>) = 0 [pid 368] futex(0x7f82e1df87b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 363] futex(0x7f82e1df87b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] <... futex resumed>) = 0 [pid 363] <... futex resumed>) = 1 [pid 368] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 363] futex(0x7f82e1df87bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... open resumed>) = 5 [pid 368] futex(0x7f82e1df87bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7f82e1df87b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] write(0, "\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48\xb7\x71\xb3\xc3\xb8\x06\x60\x1d\x4b\x7a\x5f\x1e\x7c\xb6\x0a\x34\xda\x12\xb2\x6f\xad\xc9\x46\xcc\xd2\x3b\x6a\xfb\x12\xc1\xce\xe6\x20\x8b\xb8\xae\x2e\x2b\x32\x28\xe7\xeb\x78\x4c\x60\x8b\x9a\x07\xad\x74\x7b\x94\x3a\x77\x03\xd8\xca\xcb\x26\xad\x1e\x02\xca\x87"..., 4096) = -1 EBADF (Bad file descriptor) [pid 363] <... futex resumed>) = 0 [pid 368] futex(0x7f82e1df87bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] futex(0x7f82e1df87bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... futex resumed>) = 0 [pid 363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 368] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48"..., 22455190 [pid 363] futex(0x7f82e1df87b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7f82e1df87bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] futex(0x7f82e1df87a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 368] <... write resumed>) = 262144 [pid 368] futex(0x7f82e1df87bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 363] <... futex resumed>) = 0 [pid 368] futex(0x7f82e1df87b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 363] exit_group(0) = ? [pid 368] <... futex resumed>) = ? [pid 368] +++ exited with 0 +++ [pid 364] <... futex resumed>) = ? [pid 364] +++ exited with 0 +++ [pid 363] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=363, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556347620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 23.527029][ T364] EXT4-fs (loop0): 1 orphan inode deleted [ 23.532682][ T364] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.541497][ T364] ext4 filesystem being mounted at /root/syzkaller.9V7ej4/1/file1 supports timestamps until 2038 (0x7fffffff) umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555634f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555634f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x555556347620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 370 attached , child_tidptr=0x5555563465d0) = 370 [pid 370] set_robust_list(0x5555563465e0, 24) = 0 [pid 370] chdir("./2") = 0 [pid 370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 370] setpgid(0, 0) = 0 [pid 370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 370] write(3, "1000", 4) = 4 [pid 370] close(3) = 0 [pid 370] symlink("/dev/binderfs", "./binderfs") = 0 [pid 370] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f82e1cfe000 [pid 370] mprotect(0x7f82e1cff000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 370] clone(child_stack=0x7f82e1d1e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 371 attached , parent_tid=[371], tls=0x7f82e1d1e700, child_tidptr=0x7f82e1d1e9d0) = 371 [pid 371] set_robust_list(0x7f82e1d1e9e0, 24) = 0 [pid 371] futex(0x7f82e1df87a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 370] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] <... futex resumed>) = 0 [pid 371] memfd_create("syzkaller", 0) = 3 [pid 371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82d98fe000 [pid 370] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 371] munmap(0x7f82d98fe000, 262144) = 0 [pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 371] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 371] close(3) = 0 [pid 371] mkdir("./file1", 0777) = 0 [pid 371] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 371] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 371] chdir("./file1") = 0 [pid 371] ioctl(4, LOOP_CLR_FD) = 0 [pid 371] close(4) = 0 [pid 371] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] <... futex resumed>) = 0 [pid 371] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 370] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] <... open resumed>) = 4 [pid 370] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] <... futex resumed>) = 0 [pid 371] <... futex resumed>) = 1 [pid 370] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] fallocate(4, 0, 35143, 7 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7f82e1df87bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 371] <... fallocate resumed>) = 0 [pid 371] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] <... mmap resumed>) = 0x7f82d991d000 [pid 371] <... futex resumed>) = 0 [pid 370] mprotect(0x7f82d991e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 371] futex(0x7f82e1df87a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 370] clone(child_stack=0x7f82d993d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 375 attached , parent_tid=[375], tls=0x7f82d993d700, child_tidptr=0x7f82d993d9d0) = 375 [pid 375] set_robust_list(0x7f82d993d9e0, 24) = 0 [pid 375] futex(0x7f82e1df87b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 370] futex(0x7f82e1df87b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 375] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 375] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 375] futex(0x7f82e1df87bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] futex(0x7f82e1df87b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 370] <... futex resumed>) = 1 [pid 375] <... futex resumed>) = 0 [pid 370] futex(0x7f82e1df87bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] futex(0x7f82e1df87b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 370] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] <... futex resumed>) = 0 [pid 370] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 371] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] write(0, "\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48\xb7\x71\xb3\xc3\xb8\x06\x60\x1d\x4b\x7a\x5f\x1e\x7c\xb6\x0a\x34\xda\x12\xb2\x6f\xad\xc9\x46\xcc\xd2\x3b\x6a\xfb\x12\xc1\xce\xe6\x20\x8b\xb8\xae\x2e\x2b\x32\x28\xe7\xeb\x78\x4c\x60\x8b\x9a\x07\xad\x74\x7b\x94\x3a\x77\x03\xd8\xca\xcb\x26\xad\x1e\x02\xca\x87"..., 4096) = -1 EBADF (Bad file descriptor) [pid 371] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] <... futex resumed>) = 0 [pid 371] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48"..., 22455190 [pid 370] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] <... write resumed>) = 262144 [pid 371] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] <... futex resumed>) = 0 [pid 371] futex(0x7f82e1df87a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 370] exit_group(0 [pid 375] <... futex resumed>) = ? [pid 370] <... exit_group resumed>) = ? [pid 375] +++ exited with 0 +++ [pid 371] <... futex resumed>) = ? [pid 371] +++ exited with 0 +++ [pid 370] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=370, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556347620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 [ 23.707197][ T371] EXT4-fs (loop0): 1 orphan inode deleted [ 23.712841][ T371] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.721568][ T371] ext4 filesystem being mounted at /root/syzkaller.9V7ej4/2/file1 supports timestamps until 2038 (0x7fffffff) umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555634f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555634f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x555556347620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563465d0) = 376 ./strace-static-x86_64: Process 376 attached [pid 376] set_robust_list(0x5555563465e0, 24) = 0 [pid 376] chdir("./3") = 0 [pid 376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 376] setpgid(0, 0) = 0 [pid 376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 376] write(3, "1000", 4) = 4 [pid 376] close(3) = 0 [pid 376] symlink("/dev/binderfs", "./binderfs") = 0 [pid 376] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f82e1cfe000 [pid 376] mprotect(0x7f82e1cff000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 376] clone(child_stack=0x7f82e1d1e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 377 attached , parent_tid=[377], tls=0x7f82e1d1e700, child_tidptr=0x7f82e1d1e9d0) = 377 [pid 376] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 377] set_robust_list(0x7f82e1d1e9e0, 24) = 0 [pid 377] memfd_create("syzkaller", 0) = 3 [pid 377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82d98fe000 [pid 377] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 377] munmap(0x7f82d98fe000, 262144) = 0 [pid 377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 377] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 377] close(3) = 0 [pid 377] mkdir("./file1", 0777) = 0 [pid 377] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 377] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 377] chdir("./file1") = 0 [pid 377] ioctl(4, LOOP_CLR_FD) = 0 [pid 377] close(4) = 0 [pid 377] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] <... futex resumed>) = 0 [pid 377] <... futex resumed>) = 1 [pid 376] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 377] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 377] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 377] fallocate(4, 0, 35143, 7 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7f82e1df87bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f82d991d000 [pid 376] mprotect(0x7f82d991e000, 131072, PROT_READ|PROT_WRITE [pid 377] <... fallocate resumed>) = 0 [pid 376] <... mprotect resumed>) = 0 [pid 376] clone(child_stack=0x7f82d993d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 381 attached [pid 381] set_robust_list(0x7f82d993d9e0, 24) = 0 [pid 381] futex(0x7f82e1df87b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 377] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] <... clone resumed>, parent_tid=[381], tls=0x7f82d993d700, child_tidptr=0x7f82d993d9d0) = 381 [pid 376] futex(0x7f82e1df87b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 381] <... futex resumed>) = 0 [pid 381] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 376] futex(0x7f82e1df87bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] <... mount resumed>) = 0 [pid 381] futex(0x7f82e1df87bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] futex(0x7f82e1df87b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 377] <... futex resumed>) = 1 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 377] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 377] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 377] write(0, "\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48\xb7\x71\xb3\xc3\xb8\x06\x60\x1d\x4b\x7a\x5f\x1e\x7c\xb6\x0a\x34\xda\x12\xb2\x6f\xad\xc9\x46\xcc\xd2\x3b\x6a\xfb\x12\xc1\xce\xe6\x20\x8b\xb8\xae\x2e\x2b\x32\x28\xe7\xeb\x78\x4c\x60\x8b\x9a\x07\xad\x74\x7b\x94\x3a\x77\x03\xd8\xca\xcb\x26\xad\x1e\x02\xca\x87"..., 4096) = -1 EBADF (Bad file descriptor) [pid 377] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 377] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48"..., 22455190) = 262144 [pid 377] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 376] <... futex resumed>) = 0 [pid 377] futex(0x7f82e1df87a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 376] exit_group(0) = ? [pid 381] <... futex resumed>) = ? [pid 381] +++ exited with 0 +++ [pid 377] <... futex resumed>) = ? [pid 377] +++ exited with 0 +++ [pid 376] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=376, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556347620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 23.846463][ T377] EXT4-fs (loop0): 1 orphan inode deleted [ 23.852000][ T377] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.860861][ T377] ext4 filesystem being mounted at /root/syzkaller.9V7ej4/3/file1 supports timestamps until 2038 (0x7fffffff) umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555634f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555634f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x555556347620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563465d0) = 382 ./strace-static-x86_64: Process 382 attached [pid 382] set_robust_list(0x5555563465e0, 24) = 0 [pid 382] chdir("./4") = 0 [pid 382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 382] setpgid(0, 0) = 0 [pid 382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 382] write(3, "1000", 4) = 4 [pid 382] close(3) = 0 [pid 382] symlink("/dev/binderfs", "./binderfs") = 0 [pid 382] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f82e1cfe000 [pid 382] mprotect(0x7f82e1cff000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 382] clone(child_stack=0x7f82e1d1e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[383], tls=0x7f82e1d1e700, child_tidptr=0x7f82e1d1e9d0) = 383 [pid 382] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 383 attached [pid 383] set_robust_list(0x7f82e1d1e9e0, 24) = 0 [pid 383] memfd_create("syzkaller", 0) = 3 [pid 383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82d98fe000 [pid 383] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 383] munmap(0x7f82d98fe000, 262144) = 0 [pid 383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 383] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 383] close(3) = 0 [pid 383] mkdir("./file1", 0777) = 0 [pid 383] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 383] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 383] chdir("./file1") = 0 [pid 383] ioctl(4, LOOP_CLR_FD) = 0 [pid 383] close(4) = 0 [pid 383] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 1 [pid 383] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 383] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7f82e1df87bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f82d991d000 [pid 382] mprotect(0x7f82d991e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 382] clone(child_stack=0x7f82d993d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[388], tls=0x7f82d993d700, child_tidptr=0x7f82d993d9d0) = 388 [pid 382] futex(0x7f82e1df87b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7f82e1df87bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 1 [pid 383] fallocate(4, 0, 35143, 7) = 0 [pid 383] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] futex(0x7f82e1df87a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 388 attached [pid 388] set_robust_list(0x7f82d993d9e0, 24) = 0 [pid 388] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 388] futex(0x7f82e1df87bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 382] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 0 [pid 383] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 383] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 1 [pid 383] write(0, "\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48\xb7\x71\xb3\xc3\xb8\x06\x60\x1d\x4b\x7a\x5f\x1e\x7c\xb6\x0a\x34\xda\x12\xb2\x6f\xad\xc9\x46\xcc\xd2\x3b\x6a\xfb\x12\xc1\xce\xe6\x20\x8b\xb8\xae\x2e\x2b\x32\x28\xe7\xeb\x78\x4c\x60\x8b\x9a\x07\xad\x74\x7b\x94\x3a\x77\x03\xd8\xca\xcb\x26\xad\x1e\x02\xca\x87"..., 4096) = -1 EBADF (Bad file descriptor) [pid 383] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 1 [pid 383] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48"..., 22455190 [pid 388] futex(0x7f82e1df87b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 383] <... write resumed>) = 262144 [pid 383] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 382] <... futex resumed>) = 0 [pid 383] futex(0x7f82e1df87a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 382] exit_group(0) = ? [pid 388] <... futex resumed>) = ? [pid 388] +++ exited with 0 +++ [pid 383] <... futex resumed>) = ? [pid 383] +++ exited with 0 +++ [pid 382] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=382, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556347620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 [ 24.006795][ T383] EXT4-fs (loop0): 1 orphan inode deleted [ 24.012424][ T383] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 24.021639][ T383] ext4 filesystem being mounted at /root/syzkaller.9V7ej4/4/file1 supports timestamps until 2038 (0x7fffffff) umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555634f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555634f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x555556347620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563465d0) = 389 ./strace-static-x86_64: Process 389 attached [pid 389] set_robust_list(0x5555563465e0, 24) = 0 [pid 389] chdir("./5") = 0 [pid 389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 389] setpgid(0, 0) = 0 [pid 389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 389] write(3, "1000", 4) = 4 [pid 389] close(3) = 0 [pid 389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 389] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f82e1cfe000 [pid 389] mprotect(0x7f82e1cff000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 389] clone(child_stack=0x7f82e1d1e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 390 attached [pid 390] set_robust_list(0x7f82e1d1e9e0, 24) = 0 [pid 390] futex(0x7f82e1df87a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] <... clone resumed>, parent_tid=[390], tls=0x7f82e1d1e700, child_tidptr=0x7f82e1d1e9d0) = 390 [pid 389] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 390] <... futex resumed>) = 0 [pid 390] memfd_create("syzkaller", 0) = 3 [pid 390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82d98fe000 [pid 389] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 390] munmap(0x7f82d98fe000, 262144) = 0 [pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 390] close(3) = 0 [pid 390] mkdir("./file1", 0777) = 0 [pid 390] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 390] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 390] chdir("./file1") = 0 [pid 390] ioctl(4, LOOP_CLR_FD) = 0 [pid 390] close(4) = 0 [pid 390] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... futex resumed>) = 1 [pid 390] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 390] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7f82e1df87bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f82d991d000 [pid 389] mprotect(0x7f82d991e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 389] clone(child_stack=0x7f82d993d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[394], tls=0x7f82d993d700, child_tidptr=0x7f82d993d9d0) = 394 [pid 389] futex(0x7f82e1df87b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7f82e1df87bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... futex resumed>) = 1 [pid 390] fallocate(4, 0, 35143, 7) = 0 [pid 390] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7f82e1df87a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 394 attached [pid 394] set_robust_list(0x7f82d993d9e0, 24) = 0 [pid 394] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 394] futex(0x7f82e1df87bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... futex resumed>) = 0 [pid 390] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 394] futex(0x7f82e1df87b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 390] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... futex resumed>) = 1 [pid 390] write(0, "\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48\xb7\x71\xb3\xc3\xb8\x06\x60\x1d\x4b\x7a\x5f\x1e\x7c\xb6\x0a\x34\xda\x12\xb2\x6f\xad\xc9\x46\xcc\xd2\x3b\x6a\xfb\x12\xc1\xce\xe6\x20\x8b\xb8\xae\x2e\x2b\x32\x28\xe7\xeb\x78\x4c\x60\x8b\x9a\x07\xad\x74\x7b\x94\x3a\x77\x03\xd8\xca\xcb\x26\xad\x1e\x02\xca\x87"..., 4096) = -1 EBADF (Bad file descriptor) [pid 390] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... futex resumed>) = 1 [pid 390] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48"..., 22455190) = 262144 [pid 390] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 389] <... futex resumed>) = 0 [pid 389] exit_group(0) = ? [pid 394] <... futex resumed>) = ? [pid 390] <... futex resumed>) = ? [pid 390] +++ exited with 0 +++ [pid 394] +++ exited with 0 +++ [pid 389] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=389, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556347620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 [ 24.176866][ T390] EXT4-fs (loop0): 1 orphan inode deleted [ 24.182460][ T390] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 24.191639][ T390] ext4 filesystem being mounted at /root/syzkaller.9V7ej4/5/file1 supports timestamps until 2038 (0x7fffffff) umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555634f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555634f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x555556347620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563465d0) = 395 ./strace-static-x86_64: Process 395 attached [pid 395] set_robust_list(0x5555563465e0, 24) = 0 [pid 395] chdir("./6") = 0 [pid 395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 395] setpgid(0, 0) = 0 [pid 395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 395] write(3, "1000", 4) = 4 [pid 395] close(3) = 0 [pid 395] symlink("/dev/binderfs", "./binderfs") = 0 [pid 395] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f82e1cfe000 [pid 395] mprotect(0x7f82e1cff000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 395] clone(child_stack=0x7f82e1d1e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[396], tls=0x7f82e1d1e700, child_tidptr=0x7f82e1d1e9d0) = 396 [pid 395] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 396 attached [pid 396] set_robust_list(0x7f82e1d1e9e0, 24) = 0 [pid 396] memfd_create("syzkaller", 0) = 3 [pid 396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f82d98fe000 [pid 396] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 396] munmap(0x7f82d98fe000, 262144) = 0 [pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 396] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 396] close(3) = 0 [pid 396] mkdir("./file1", 0777) = 0 [pid 396] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0 [pid 396] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 396] chdir("./file1") = 0 [pid 396] ioctl(4, LOOP_CLR_FD) = 0 [pid 396] close(4) = 0 [pid 396] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 395] <... futex resumed>) = 0 [pid 396] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 395] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7f82e1df87ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] <... open resumed>) = 4 [pid 396] futex(0x7f82e1df87ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7f82e1df87a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7f82e1df87bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f82d991d000 [pid 395] mprotect(0x7f82d991e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 395] clone(child_stack=0x7f82d993d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 400 attached , parent_tid=[400], tls=0x7f82d993d700, child_tidptr=0x7f82d993d9d0) = 400 [pid 395] futex(0x7f82e1df87b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 400] set_robust_list(0x7f82d993d9e0, 24 [pid 395] <... futex resumed>) = 0 [pid 400] <... set_robust_list resumed>) = 0 [pid 395] futex(0x7f82e1df87bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 400] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 400] futex(0x7f82e1df87bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 400] futex(0x7f82e1df87b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7f82e1df87b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 400] <... futex resumed>) = 0 [pid 395] <... futex resumed>) = 1 [pid 400] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 395] futex(0x7f82e1df87bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 400] <... open resumed>) = 5 [pid 400] futex(0x7f82e1df87bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 395] <... futex resumed>) = 0 [pid 400] futex(0x7f82e1df87b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 395] futex(0x7f82e1df87b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7f82e1df87bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 400] write(0, "\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48\xb7\x71\xb3\xc3\xb8\x06\x60\x1d\x4b\x7a\x5f\x1e\x7c\xb6\x0a\x34\xda\x12\xb2\x6f\xad\xc9\x46\xcc\xd2\x3b\x6a\xfb\x12\xc1\xce\xe6\x20\x8b\xb8\xae\x2e\x2b\x32\x28\xe7\xeb\x78\x4c\x60\x8b\x9a\x07\xad\x74\x7b\x94\x3a\x77\x03\xd8\xca\xcb\x26\xad\x1e\x02\xca\x87"..., 4096) = -1 EBADF (Bad file descriptor) [pid 400] futex(0x7f82e1df87bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 395] <... futex resumed>) = 0 [pid 400] futex(0x7f82e1df87b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 395] futex(0x7f82e1df87b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 400] <... futex resumed>) = 0 [pid 395] <... futex resumed>) = 1 [pid 400] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5d\x0f\x1b\xc7\x13\x63\xce\x46\xd7\xd6\x8a\x9a\x08\x09\x94\xde\x4f\x56\xb8\x75\x79\xb6\x4c\x51\x1a\xae\x21\xa9\x1e\xb2\xdb\x3a\x04\x37\xf8\x48"..., 22455190 [pid 395] futex(0x7f82e1df87bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] fallocate(4, 0, 35143, 7 [pid 400] <... write resumed>) = 262144 [pid 400] futex(0x7f82e1df87bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 400] futex(0x7f82e1df87b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 395] <... futex resumed>) = 0 [ 24.306887][ T396] EXT4-fs (loop0): 1 orphan inode deleted [ 24.312544][ T396] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 24.321366][ T396] ext4 filesystem being mounted at /root/syzkaller.9V7ej4/6/file1 supports timestamps until 2038 (0x7fffffff) [ 24.346614][ T396] EXT4-fs error (device loop0): ext4_map_blocks:617: inode #3: block 9: comm syz-executor300: lblock 0 mapped to illegal pblock 9 (length 1) [ 24.361551][ T396] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6085: Out of memory [ 24.370912][ T396] ------------[ cut here ]------------ [ 24.376277][ T396] kernel BUG at fs/ext4/ext4.h:2981! [ 24.381455][ T396] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 24.387283][ T396] CPU: 1 PID: 396 Comm: syz-executor300 Not tainted 5.4.242-syzkaller-00010-g39a9b92e9828 #0 [ 24.397344][ T396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 24.407438][ T396] RIP: 0010:ext4_mb_find_by_goal+0xc10/0xc50 [ 24.413256][ T396] Code: fc ff ff 89 d1 80 e1 07 80 c1 03 38 c1 0f 8c 0d fc ff ff 48 89 d7 e8 6f 90 c8 ff 48 8b 54 24 30 e9 fb fb ff ff e8 40 d6 98 ff <0f> 0b e8 29 97 6f ff e8 34 d6 98 ff 0f 0b e8 2d d6 98 ff 0f 0b e8 [ 24.433210][ T396] RSP: 0018:ffff8881f4ff7400 EFLAGS: 00010293 [ 24.439200][ T396] RAX: ffffffff81cb53a0 RBX: 0000000000000001 RCX: ffff8881f31cbf00 [ 24.447100][ T396] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [pid 395] exit_group(0) = ? [pid 400] <... futex resumed>) = ? [pid 400] +++ exited with 0 +++ [ 24.454910][ T396] RBP: ffff8881f4ff7510 R08: ffffffff81cb48c9 R09: ffffed103b80b9fa [ 24.462724][ T396] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 24.470532][ T396] R13: ffff8881f3bd73f0 R14: 1ffff1103e9fee90 R15: 1ffff1103e77ae7e [ 24.478360][ T396] FS: 00007f82e1d1e700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 24.487225][ T396] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.493631][ T396] CR2: 00007f82e1db3dc0 CR3: 00000001db5fd000 CR4: 00000000003406a0 [ 24.501587][ T396] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.509468][ T396] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.517277][ T396] Call Trace: [ 24.520418][ T396] ? ext4_mb_new_blocks+0x29f/0x2d10 [ 24.525527][ T396] ? ext4_map_blocks+0xa83/0x1c40 [ 24.530389][ T396] ? vfs_fallocate+0x551/0x6b0 [ 24.534989][ T396] ? ext4_mb_use_inode_pa+0x4a0/0x4a0 [ 24.540205][ T396] ext4_mb_regular_allocator+0x229/0x10d0 [ 24.545752][ T396] ? ext4_mb_initialize_context+0x7e3/0xbb0 [ 24.551491][ T396] ? ext4_mb_normalize_request+0x1090/0x1090 [ 24.557307][ T396] ext4_mb_new_blocks+0x59a/0x2d10 [ 24.562252][ T396] ? memset+0x1f/0x40 [ 24.566059][ T396] ? ext4_ext_check_overlap+0x180/0x5b0 [ 24.571457][ T396] ? ext4_inode_to_goal_block+0x265/0x360 [ 24.577005][ T396] ext4_ext_map_blocks+0x1e70/0x7450 [ 24.582130][ T396] ? debug_smp_processor_id+0x20/0x20 [ 24.587332][ T396] ? check_preemption_disabled+0x9f/0x320 [ 24.592887][ T396] ? ext4_ext_release+0x10/0x10 [ 24.597567][ T396] ? check_preemption_disabled+0x9f/0x320 [ 24.603125][ T396] ? debug_smp_processor_id+0x20/0x20 [ 24.608339][ T396] ? newidle_balance+0x50a/0x930 [ 24.613104][ T396] ? check_preemption_disabled+0x9f/0x320 [ 24.619192][ T396] ? _raw_read_unlock+0x21/0x40 [ 24.623863][ T396] ? ext4_es_lookup_extent+0x54f/0x9c0 [ 24.629173][ T396] ? _raw_spin_unlock_irq+0x4a/0x60 [ 24.634194][ T396] ext4_map_blocks+0xa83/0x1c40 [ 24.638883][ T396] ? ext4_issue_zeroout+0x150/0x150 [ 24.643914][ T396] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 24.648863][ T396] ? __ext4_journal_start_sb+0x295/0x460 [ 24.654352][ T396] ext4_alloc_file_blocks+0x3b1/0xc20 [ 24.659557][ T396] ? trace_ext4_fallocate_enter+0x1d0/0x1d0 [ 24.665266][ T396] ? down_read_killable+0x220/0x220 [ 24.670590][ T396] ? check_preemption_disabled+0x9f/0x320 [ 24.676144][ T396] ? avc_policy_seqno+0x17/0x70 [ 24.680825][ T396] ? debug_smp_processor_id+0x20/0x20 [ 24.686039][ T396] ? selinux_file_permission+0x2be/0x530 [ 24.691519][ T396] ? trace_ext4_fallocate_enter+0x26/0x1d0 [ 24.697158][ T396] ? inode_newsize_ok+0x17c/0x1b0 [ 24.702007][ T396] ext4_fallocate+0x3b5/0x570 [ 24.706521][ T396] vfs_fallocate+0x551/0x6b0 [ 24.710946][ T396] __x64_sys_fallocate+0xb9/0x100 [ 24.715824][ T396] do_syscall_64+0xca/0x1c0 [ 24.720152][ T396] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 24.725869][ T396] Modules linked in: [ 24.729657][ T396] ---[ end trace bf263aa9d18d23fc ]--- [ 24.734946][ T396] RIP: 0010:ext4_mb_find_by_goal+0xc10/0xc50 [ 24.740800][ T396] Code: fc ff ff 89 d1 80 e1 07 80 c1 03 38 c1 0f 8c 0d fc ff ff 48 89 d7 e8 6f 90 c8 ff 48 8b 54 24 30 e9 fb fb ff ff e8 40 d6 98 ff <0f> 0b e8 29 97 6f ff e8 34 d6 98 ff 0f 0b e8 2d d6 98 ff 0f 0b e8 [ 24.760274][ T396] RSP: 0018:ffff8881f4ff7400 EFLAGS: 00010293 [ 24.766252][ T396] RAX: ffffffff81cb53a0 RBX: 0000000000000001 RCX: ffff8881f31cbf00 [ 24.774055][ T396] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 24.781868][ T396] RBP: ffff8881f4ff7510 R08: ffffffff81cb48c9 R09: ffffed103b80b9fa [ 24.789690][ T396] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 24.797490][ T396] R13: ffff8881f3bd73f0 R14: 1ffff1103e9fee90 R15: 1ffff1103e77ae7e [ 24.805316][ T396] FS: 00007f82e1d1e700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 24.814058][ T396] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.820560][ T396] CR2: 00007f82e1db3dc0 CR3: 00000001db5fd000 CR4: 00000000003406a0 [ 24.828322][ T396] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.836122][ T396] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.843993][ T396] Kernel panic - not syncing: Fatal exception [ 24.850230][ T396] Kernel Offset: disabled [ 24.854359][ T396] Rebooting in 86400 seconds..