./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1883543801 <...> Warning: Permanently added '10.128.0.128' (ED25519) to the list of known hosts. execve("./syz-executor1883543801", ["./syz-executor1883543801"], 0x7ffe09843450 /* 10 vars */) = 0 brk(NULL) = 0x5555562da000 brk(0x5555562dad40) = 0x5555562dad40 arch_prctl(ARCH_SET_FS, 0x5555562da3c0) = 0 set_tid_address(0x5555562da690) = 5824 set_robust_list(0x5555562da6a0, 24) = 0 rseq(0x5555562dace0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1883543801", 4096) = 28 getrandom("\xa5\x79\xbe\x6b\x55\xce\x01\x05", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555562dad40 brk(0x5555562fbd40) = 0x5555562fbd40 brk(0x5555562fc000) = 0x5555562fc000 mprotect(0x7f30bb837000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.P2yvek", 0700) = 0 chmod("./syzkaller.P2yvek", 0777) = 0 chdir("./syzkaller.P2yvek") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5825 attached , child_tidptr=0x5555562da690) = 5825 [pid 5825] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5825] chdir("./0") = 0 [pid 5825] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5825] setpgid(0, 0) = 0 [pid 5825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5825] write(3, "1000", 4) = 4 [pid 5825] close(3) = 0 [pid 5825] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5825] write(1, "executing program\n", 18executing program ) = 18 [pid 5825] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5825] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5825] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5825] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5825] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5827 attached => {parent_tid=[5827]}, 88) = 5827 [pid 5827] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 5825] rt_sigprocmask(SIG_SETMASK, [], [pid 5827] <... rseq resumed>) = 0 [pid 5825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5827] set_robust_list(0x7f30bb7649a0, 24 [pid 5825] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] <... set_robust_list resumed>) = 0 [pid 5825] <... futex resumed>) = 0 [pid 5827] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5825] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5827] memfd_create("syzkaller", 0) = 3 [pid 5827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5827] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5827] munmap(0x7f30b3200000, 138412032) = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5827] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5827] close(3) = 0 [pid 5827] close(4) = 0 [pid 5827] mkdir("./file1", 0777) = 0 [pid 5827] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5827] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5827] chdir("./file1") = 0 [ 87.658132][ T5827] loop0: detected capacity change from 0 to 32768 [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5827] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5827] mkdirat(AT_FDCWD, "./bus", 000 [pid 5825] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 87.725684][ T5827] syz-executor188: attempt to access beyond end of device [ 87.725684][ T5827] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 87.740339][ T5827] metapage_write_end_io: I/O error [ 87.745906][ T5827] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 87.745906][ T5827] [ 87.757089][ T5827] ERROR: (device loop0): remounting filesystem as read-only [ 87.766118][ T5827] ERROR: (device loop0): diWrite: ixpxd invalid [ 87.766118][ T5827] [pid 5825] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5825] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5825] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5825] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5828 attached [pid 5828] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5827] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5828] <... rseq resumed>) = 0 [pid 5827] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... clone3 resumed> => {parent_tid=[5828]}, 88) = 5828 [pid 5827] <... futex resumed>) = 0 [pid 5825] rt_sigprocmask(SIG_SETMASK, [], [pid 5827] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5825] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5828] set_robust_list(0x7f30bb7439a0, 24) = 0 [pid 5828] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5828] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5828] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5828] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] <... futex resumed>) = 0 [ 87.775661][ T5827] ERROR: (device loop0): txCommit: [ 87.775661][ T5827] [ 87.785066][ T5827] blkno = 8f7c0, nblocks = 1 [ 87.789907][ T5827] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 87.789907][ T5827] [ 87.801388][ T5827] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 87.801388][ T5827] [ 87.810766][ T5827] ialloc: diAlloc returned -5! [pid 5828] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] exit_group(0 [pid 5828] <... futex resumed>) = ? [pid 5827] <... futex resumed>) = ? [pid 5825] <... exit_group resumed>) = ? [pid 5828] +++ exited with 0 +++ [pid 5827] +++ exited with 0 +++ [pid 5825] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5825, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 87.920996][ T12] kworker/u8:0: attempt to access beyond end of device [ 87.920996][ T12] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 87.935129][ T12] metapage_write_end_io: I/O error newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5829 attached , child_tidptr=0x5555562da690) = 5829 [pid 5829] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5829] chdir("./1") = 0 [pid 5829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5829] setpgid(0, 0) = 0 [pid 5829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5829] write(3, "1000", 4) = 4 [pid 5829] close(3) = 0 [pid 5829] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5829] write(1, "executing program\n", 18executing program ) = 18 [pid 5829] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5829] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5829] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5829] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5829] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5829] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5831 attached [pid 5831] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5831] set_robust_list(0x7f30bb7649a0, 24 [pid 5829] <... clone3 resumed> => {parent_tid=[5831]}, 88) = 5831 [pid 5831] <... set_robust_list resumed>) = 0 [pid 5831] rt_sigprocmask(SIG_SETMASK, [], [pid 5829] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] memfd_create("syzkaller", 0) = 3 [pid 5831] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5831] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5831] munmap(0x7f30b3200000, 138412032) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5831] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5831] close(3) = 0 [pid 5831] close(4) = 0 [pid 5831] mkdir("./file1", 0777) = 0 [pid 5831] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5831] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 88.544330][ T5831] loop0: detected capacity change from 0 to 32768 [pid 5831] chdir("./file1") = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5831] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5831] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... futex resumed>) = 0 [pid 5829] <... futex resumed>) = 1 [pid 5831] mkdirat(AT_FDCWD, "./bus", 000 [ 88.649545][ T5831] syz-executor188: attempt to access beyond end of device [ 88.649545][ T5831] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 88.663771][ T5831] metapage_write_end_io: I/O error [ 88.668958][ T5831] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 88.668958][ T5831] [ 88.680576][ T5831] ERROR: (device loop0): remounting filesystem as read-only [ 88.687902][ T5831] ERROR: (device loop0): diWrite: ixpxd invalid [ 88.687902][ T5831] [pid 5829] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5829] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5829] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5829] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5829] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5832 attached [pid 5832] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5829] <... clone3 resumed> => {parent_tid=[5832]}, 88) = 5832 [pid 5832] <... rseq resumed>) = 0 [pid 5829] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] set_robust_list(0x7f30bb7439a0, 24 [pid 5829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... set_robust_list resumed>) = 0 [pid 5832] rt_sigprocmask(SIG_SETMASK, [], [pid 5829] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5829] <... futex resumed>) = 0 [pid 5832] mkdir(".", 0777 [pid 5829] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5832] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5831] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5832] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... futex resumed>) = 1 [pid 5831] <... futex resumed>) = 0 [pid 5829] <... futex resumed>) = 0 [pid 5832] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] exit_group(0 [pid 5832] <... futex resumed>) = ? [pid 5831] <... futex resumed>) = ? [pid 5829] <... exit_group resumed>) = ? [pid 5832] +++ exited with 0 +++ [pid 5831] +++ exited with 0 +++ [pid 5829] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5829, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 88.696393][ T5831] ERROR: (device loop0): txCommit: [ 88.696393][ T5831] [ 88.705505][ T5831] blkno = 8f7c0, nblocks = 1 [ 88.710272][ T5831] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 88.710272][ T5831] [ 88.720799][ T5831] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 88.720799][ T5831] [ 88.730080][ T5831] ialloc: diAlloc returned -5! openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 88.795621][ T12] kworker/u8:0: attempt to access beyond end of device [ 88.795621][ T12] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 88.809516][ T12] metapage_write_end_io: I/O error newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5835 attached , child_tidptr=0x5555562da690) = 5835 [pid 5835] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5835] chdir("./2") = 0 [pid 5835] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5835] setpgid(0, 0) = 0 [pid 5835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5835] write(3, "1000", 4) = 4 [pid 5835] close(3) = 0 [pid 5835] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5835] write(1, "executing program\n", 18) = 18 [pid 5835] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5835] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5835] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5835] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5835] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5835] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5835] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5836 attached => {parent_tid=[5836]}, 88) = 5836 [pid 5835] rt_sigprocmask(SIG_SETMASK, [], [pid 5836] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 5835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5836] <... rseq resumed>) = 0 [pid 5835] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] set_robust_list(0x7f30bb7649a0, 24 [pid 5835] <... futex resumed>) = 0 [pid 5836] <... set_robust_list resumed>) = 0 [pid 5835] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5836] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5836] memfd_create("syzkaller", 0) = 3 [pid 5836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5836] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5836] munmap(0x7f30b3200000, 138412032) = 0 [pid 5836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5836] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5836] close(3) = 0 [pid 5836] close(4) = 0 [pid 5836] mkdir("./file1", 0777) = 0 [pid 5836] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5836] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5836] chdir("./file1") = 0 [pid 5836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5836] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] <... futex resumed>) = 0 [pid 5836] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5835] <... futex resumed>) = 0 [pid 5836] mkdirat(AT_FDCWD, "./bus", 000 [ 89.434407][ T5836] loop0: detected capacity change from 0 to 32768 [ 89.484106][ T5836] syz-executor188: attempt to access beyond end of device [ 89.484106][ T5836] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 89.498702][ T5836] metapage_write_end_io: I/O error [ 89.504930][ T5836] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 89.504930][ T5836] [ 89.515862][ T5836] ERROR: (device loop0): remounting filesystem as read-only [ 89.523277][ T5836] ERROR: (device loop0): diWrite: ixpxd invalid [ 89.523277][ T5836] [pid 5835] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5835] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5835] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5835] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5835] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5835] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5837 attached [pid 5837] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5836] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5835] <... clone3 resumed> => {parent_tid=[5837]}, 88) = 5837 [pid 5837] <... rseq resumed>) = 0 [pid 5837] set_robust_list(0x7f30bb7439a0, 24 [pid 5836] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] rt_sigprocmask(SIG_SETMASK, [], [pid 5837] <... set_robust_list resumed>) = 0 [pid 5836] <... futex resumed>) = 0 [pid 5835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5837] rt_sigprocmask(SIG_SETMASK, [], [pid 5836] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5837] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5835] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5837] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5837] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] <... futex resumed>) = 0 [pid 5837] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] exit_group(0 [pid 5837] <... futex resumed>) = ? [pid 5836] <... futex resumed>) = ? [pid 5835] <... exit_group resumed>) = ? [pid 5836] +++ exited with 0 +++ [pid 5837] +++ exited with 0 +++ [pid 5835] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5835, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 89.531776][ T5836] ERROR: (device loop0): txCommit: [ 89.531776][ T5836] [ 89.540253][ T5836] blkno = 8f7c0, nblocks = 1 [ 89.544868][ T5836] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 89.544868][ T5836] [ 89.555892][ T5836] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 89.555892][ T5836] [ 89.565774][ T5836] ialloc: diAlloc returned -5! openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 89.645098][ T1112] kworker/u8:5: attempt to access beyond end of device [ 89.645098][ T1112] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 89.658997][ T1112] metapage_write_end_io: I/O error umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5838 attached , child_tidptr=0x5555562da690) = 5838 [pid 5838] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5838] chdir("./3") = 0 [pid 5838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5838] setpgid(0, 0) = 0 [pid 5838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5838] write(3, "1000", 4) = 4 [pid 5838] close(3) = 0 [pid 5838] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5838] write(1, "executing program\n", 18executing program ) = 18 [pid 5838] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5838] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5838] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5838] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5839 attached [pid 5839] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5838] <... clone3 resumed> => {parent_tid=[5839]}, 88) = 5839 [pid 5839] set_robust_list(0x7f30bb7649a0, 24 [pid 5838] rt_sigprocmask(SIG_SETMASK, [], [pid 5839] <... set_robust_list resumed>) = 0 [pid 5838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5839] rt_sigprocmask(SIG_SETMASK, [], [pid 5838] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5838] <... futex resumed>) = 0 [pid 5839] memfd_create("syzkaller", 0 [pid 5838] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5839] <... memfd_create resumed>) = 3 [pid 5839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5839] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5839] munmap(0x7f30b3200000, 138412032) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5839] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5839] close(3) = 0 [pid 5839] close(4) = 0 [pid 5839] mkdir("./file1", 0777) = 0 [pid 5839] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5839] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5839] chdir("./file1") = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5839] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 90.287700][ T5839] loop0: detected capacity change from 0 to 32768 [pid 5839] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] <... futex resumed>) = 0 [pid 5838] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5838] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] <... futex resumed>) = 0 [ 90.353341][ T5839] syz-executor188: attempt to access beyond end of device [ 90.353341][ T5839] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 90.368010][ T5839] metapage_write_end_io: I/O error [ 90.375019][ T5839] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 90.375019][ T5839] [ 90.386156][ T5839] ERROR: (device loop0): remounting filesystem as read-only [ 90.394188][ T5839] ERROR: (device loop0): diWrite: ixpxd invalid [ 90.394188][ T5839] [pid 5839] mkdirat(AT_FDCWD, "./bus", 000 [pid 5838] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5838] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5838] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5838] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5839] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5838] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5839] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0} [pid 5839] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5842 attached [pid 5839] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 5842] set_robust_list(0x7f30bb7439a0, 24) = 0 [pid 5842] rt_sigprocmask(SIG_SETMASK, [], [pid 5838] <... clone3 resumed> => {parent_tid=[5842]}, 88) = 5842 [pid 5842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5838] rt_sigprocmask(SIG_SETMASK, [], [pid 5842] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5838] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... futex resumed>) = 0 [pid 5838] <... futex resumed>) = 1 [pid 5842] mkdir(".", 0777 [pid 5838] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5842] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5842] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5842] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5838] <... futex resumed>) = 0 [pid 5838] exit_group(0) = ? [pid 5842] +++ exited with 0 +++ [pid 5839] <... futex resumed>) = ? [pid 5839] +++ exited with 0 +++ [pid 5838] +++ exited with 0 +++ [ 90.404979][ T5839] ERROR: (device loop0): txCommit: [ 90.404979][ T5839] [ 90.413564][ T5839] blkno = 8f7c0, nblocks = 1 [ 90.418181][ T5839] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 90.418181][ T5839] [ 90.429179][ T5839] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 90.429179][ T5839] [ 90.438425][ T5839] ialloc: diAlloc returned -5! --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5838, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 90.577527][ T12] kworker/u8:0: attempt to access beyond end of device [ 90.577527][ T12] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 90.591414][ T12] metapage_write_end_io: I/O error umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = 0 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5843 attached , child_tidptr=0x5555562da690) = 5843 [pid 5843] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5843] chdir("./4") = 0 [pid 5843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5843] setpgid(0, 0) = 0 [pid 5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5843] write(3, "1000", 4) = 4 [pid 5843] close(3) = 0 [pid 5843] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5843] write(1, "executing program\n", 18) = 18 [pid 5843] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5843] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5843] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5843] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5843] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5844 attached [pid 5844] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5844] set_robust_list(0x7f30bb7649a0, 24) = 0 [pid 5844] rt_sigprocmask(SIG_SETMASK, [], [pid 5843] <... clone3 resumed> => {parent_tid=[5844]}, 88) = 5844 [pid 5844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5843] rt_sigprocmask(SIG_SETMASK, [], [pid 5844] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5843] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5843] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... futex resumed>) = 0 [pid 5843] <... futex resumed>) = 1 [pid 5843] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5844] memfd_create("syzkaller", 0) = 3 [pid 5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5844] munmap(0x7f30b3200000, 138412032) = 0 [pid 5844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5844] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5844] close(3) = 0 [pid 5844] close(4) = 0 [pid 5844] mkdir("./file1", 0777) = 0 [ 91.275248][ T5844] loop0: detected capacity change from 0 to 32768 [pid 5844] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5844] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5844] chdir("./file1") = 0 [pid 5844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5844] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5843] <... futex resumed>) = 0 [pid 5844] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5843] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5843] <... futex resumed>) = 0 [pid 5844] mkdirat(AT_FDCWD, "./bus", 000 [ 91.378371][ T5844] syz-executor188: attempt to access beyond end of device [ 91.378371][ T5844] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 91.392858][ T5844] metapage_write_end_io: I/O error [ 91.398101][ T5844] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 91.398101][ T5844] [ 91.409357][ T5844] ERROR: (device loop0): remounting filesystem as read-only [ 91.416772][ T5844] ERROR: (device loop0): diWrite: ixpxd invalid [ 91.416772][ T5844] [pid 5843] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5843] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5843] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5843] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5843] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5845 attached => {parent_tid=[5845]}, 88) = 5845 [pid 5845] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5843] rt_sigprocmask(SIG_SETMASK, [], [pid 5845] <... rseq resumed>) = 0 [pid 5843] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5845] set_robust_list(0x7f30bb7439a0, 24) = 0 [pid 5843] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] rt_sigprocmask(SIG_SETMASK, [], [pid 5843] <... futex resumed>) = 0 [pid 5845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5843] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5845] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5845] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "" [pid 5844] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5845] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5844] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5845] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5843] <... futex resumed>) = 0 [pid 5845] <... futex resumed>) = 1 [pid 5843] exit_group(0 [pid 5845] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5843] <... exit_group resumed>) = ? [pid 5845] +++ exited with 0 +++ [pid 5844] <... futex resumed>) = ? [pid 5844] +++ exited with 0 +++ [pid 5843] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5843, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 91.425245][ T5844] ERROR: (device loop0): txCommit: [ 91.425245][ T5844] [ 91.433547][ T5844] blkno = 8f7c0, nblocks = 1 [ 91.438163][ T5844] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 91.438163][ T5844] [ 91.449533][ T5844] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 91.449533][ T5844] [ 91.459699][ T5844] ialloc: diAlloc returned -5! newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 91.544920][ T1112] kworker/u8:5: attempt to access beyond end of device [ 91.544920][ T1112] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 91.558814][ T1112] metapage_write_end_io: I/O error umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = 0 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5846 attached , child_tidptr=0x5555562da690) = 5846 [pid 5846] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5846] chdir("./5") = 0 [pid 5846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5846] setpgid(0, 0) = 0 [pid 5846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5846] write(3, "1000", 4) = 4 [pid 5846] close(3) = 0 [pid 5846] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5846] write(1, "executing program\n", 18executing program ) = 18 [pid 5846] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5846] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5846] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 91.941963][ T10] cfg80211: failed to load regulatory.db [pid 5846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5846] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5846] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5846] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5847 attached => {parent_tid=[5847]}, 88) = 5847 [pid 5847] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5847] set_robust_list(0x7f30bb7649a0, 24) = 0 [pid 5847] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5847] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5846] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5846] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] <... futex resumed>) = 0 [pid 5847] memfd_create("syzkaller", 0 [pid 5846] <... futex resumed>) = 1 [pid 5846] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5847] <... memfd_create resumed>) = 3 [pid 5847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5847] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5847] munmap(0x7f30b3200000, 138412032) = 0 [pid 5847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5847] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5847] close(3) = 0 [pid 5847] close(4) = 0 [pid 5847] mkdir("./file1", 0777) = 0 [pid 5847] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5847] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5847] chdir("./file1") = 0 [pid 5847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 92.223609][ T5847] loop0: detected capacity change from 0 to 32768 [pid 5847] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5846] <... futex resumed>) = 0 [pid 5847] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5846] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5846] <... futex resumed>) = 0 [pid 5847] mkdirat(AT_FDCWD, "./bus", 000 [pid 5846] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5846] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 92.291105][ T5847] metapage_write_end_io: I/O error [ 92.296316][ T5847] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 92.296316][ T5847] [ 92.307326][ T5847] ERROR: (device loop0): remounting filesystem as read-only [ 92.315071][ T5847] ERROR: (device loop0): diWrite: ixpxd invalid [ 92.315071][ T5847] [ 92.324354][ T5847] ERROR: (device loop0): txCommit: [ 92.324354][ T5847] [ 92.333686][ T5847] blkno = 8f7c0, nblocks = 1 [pid 5846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5846] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5846] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5846] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5848 attached [pid 5848] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5846] <... clone3 resumed> => {parent_tid=[5848]}, 88) = 5848 [pid 5848] <... rseq resumed>) = 0 [pid 5848] set_robust_list(0x7f30bb7439a0, 24 [pid 5846] rt_sigprocmask(SIG_SETMASK, [], [pid 5848] <... set_robust_list resumed>) = 0 [pid 5846] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5848] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5846] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] mkdir(".", 0777 [pid 5846] <... futex resumed>) = 0 [pid 5848] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5848] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "" [pid 5846] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5848] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5848] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5847] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5846] <... futex resumed>) = 0 [pid 5848] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5847] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5847] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5846] exit_group(0 [pid 5847] <... futex resumed>) = ? [pid 5846] <... exit_group resumed>) = ? [pid 5847] +++ exited with 0 +++ [pid 5848] <... futex resumed>) = ? [pid 5848] +++ exited with 0 +++ [pid 5846] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5846, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 92.338315][ T5847] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 92.338315][ T5847] [ 92.348639][ T5847] ERROR: (device loop0): remounting filesystem as read-only [ 92.356937][ T5847] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 92.356937][ T5847] [ 92.366412][ T5847] ialloc: diAlloc returned -5! openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 92.468449][ T5824] metapage_write_end_io: I/O error newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5849 attached [pid 5849] set_robust_list(0x5555562da6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x5555562da690) = 5849 [pid 5849] <... set_robust_list resumed>) = 0 [pid 5849] chdir("./6") = 0 [pid 5849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5849] setpgid(0, 0) = 0 [pid 5849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5849] write(3, "1000", 4) = 4 [pid 5849] close(3) = 0 [pid 5849] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5849] write(1, "executing program\n", 18) = 18 [pid 5849] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5849] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5849] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5849] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5849] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5850 attached => {parent_tid=[5850]}, 88) = 5850 [pid 5849] rt_sigprocmask(SIG_SETMASK, [], [pid 5850] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 5849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5850] <... rseq resumed>) = 0 [pid 5849] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] set_robust_list(0x7f30bb7649a0, 24 [pid 5849] <... futex resumed>) = 0 [pid 5850] <... set_robust_list resumed>) = 0 [pid 5850] rt_sigprocmask(SIG_SETMASK, [], [pid 5849] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5850] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5850] memfd_create("syzkaller", 0) = 3 [pid 5850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5850] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5850] munmap(0x7f30b3200000, 138412032) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5850] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5850] close(3) = 0 [pid 5850] close(4) = 0 [pid 5850] mkdir("./file1", 0777) = 0 [pid 5850] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5850] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 93.144173][ T5850] loop0: detected capacity change from 0 to 32768 [pid 5850] chdir("./file1") = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5850] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5849] <... futex resumed>) = 0 [pid 5850] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5849] <... futex resumed>) = 0 [pid 5850] mkdirat(AT_FDCWD, "./bus", 000 [ 93.238288][ T5850] bio_check_eod: 2 callbacks suppressed [ 93.238302][ T5850] syz-executor188: attempt to access beyond end of device [ 93.238302][ T5850] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 93.258078][ T5850] metapage_write_end_io: I/O error [ 93.263335][ T5850] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 93.263335][ T5850] [ 93.274036][ T5850] ERROR: (device loop0): remounting filesystem as read-only [ 93.281424][ T5850] ERROR: (device loop0): diWrite: ixpxd invalid [pid 5849] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5849] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5849] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5849] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5849] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5851 attached => {parent_tid=[5851]}, 88) = 5851 [pid 5849] rt_sigprocmask(SIG_SETMASK, [], [pid 5851] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5851] <... rseq resumed>) = 0 [pid 5849] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5851] set_robust_list(0x7f30bb7439a0, 24 [pid 5849] <... futex resumed>) = 0 [pid 5851] <... set_robust_list resumed>) = 0 [pid 5849] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5851] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5851] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5851] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5851] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] <... futex resumed>) = 0 [pid 5851] <... futex resumed>) = 1 [pid 5851] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5850] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5850] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5850] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] exit_group(0 [pid 5851] <... futex resumed>) = ? [pid 5850] <... futex resumed>) = ? [pid 5849] <... exit_group resumed>) = ? [pid 5851] +++ exited with 0 +++ [pid 5850] +++ exited with 0 +++ [pid 5849] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5849, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 93.281424][ T5850] [ 93.290075][ T5850] ERROR: (device loop0): txCommit: [ 93.290075][ T5850] [ 93.298245][ T5850] blkno = 8f7c0, nblocks = 1 [ 93.303221][ T5850] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 93.303221][ T5850] [ 93.315032][ T5850] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 93.315032][ T5850] [ 93.324742][ T5850] ERROR: (device loop0): remounting filesystem as read-only [ 93.332678][ T5850] ialloc: diAlloc returned -5! umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 93.442920][ T5824] syz-executor188: attempt to access beyond end of device [ 93.442920][ T5824] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 93.457124][ T5824] metapage_write_end_io: I/O error umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5852 attached , child_tidptr=0x5555562da690) = 5852 [pid 5852] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5852] chdir("./7") = 0 [pid 5852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5852] setpgid(0, 0) = 0 [pid 5852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] write(3, "1000", 4) = 4 [pid 5852] close(3) = 0 [pid 5852] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5852] write(1, "executing program\n", 18) = 18 [pid 5852] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5852] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5852] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5852] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5852] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5853 attached [pid 5853] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5852] <... clone3 resumed> => {parent_tid=[5853]}, 88) = 5853 [pid 5853] set_robust_list(0x7f30bb7649a0, 24 [pid 5852] rt_sigprocmask(SIG_SETMASK, [], [pid 5853] <... set_robust_list resumed>) = 0 [pid 5852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5853] rt_sigprocmask(SIG_SETMASK, [], [pid 5852] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5852] <... futex resumed>) = 0 [pid 5853] memfd_create("syzkaller", 0 [pid 5852] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5853] <... memfd_create resumed>) = 3 [pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5853] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5853] munmap(0x7f30b3200000, 138412032) = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5853] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5853] close(3) = 0 [pid 5853] close(4) = 0 [pid 5853] mkdir("./file1", 0777) = 0 [pid 5853] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [ 94.111262][ T5853] loop0: detected capacity change from 0 to 32768 [pid 5853] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5853] chdir("./file1") = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5853] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] <... futex resumed>) = 0 [pid 5852] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 94.215522][ T5853] syz-executor188: attempt to access beyond end of device [ 94.215522][ T5853] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 94.229739][ T5853] metapage_write_end_io: I/O error [ 94.235187][ T5853] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 94.235187][ T5853] [ 94.246237][ T5853] ERROR: (device loop0): remounting filesystem as read-only [ 94.253811][ T5853] ERROR: (device loop0): diWrite: ixpxd invalid [ 94.253811][ T5853] [pid 5853] mkdirat(AT_FDCWD, "./bus", 000 [pid 5852] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5852] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5852] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5852] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5852] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5854 attached [pid 5854] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5852] <... clone3 resumed> => {parent_tid=[5854]}, 88) = 5854 [pid 5854] <... rseq resumed>) = 0 [pid 5852] rt_sigprocmask(SIG_SETMASK, [], [pid 5854] set_robust_list(0x7f30bb7439a0, 24 [pid 5852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5854] <... set_robust_list resumed>) = 0 [pid 5854] rt_sigprocmask(SIG_SETMASK, [], [pid 5852] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5854] mkdir(".", 0777 [pid 5852] <... futex resumed>) = 0 [pid 5854] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5852] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5854] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5854] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5852] <... futex resumed>) = 0 [pid 5853] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5853] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] exit_group(0 [pid 5854] <... futex resumed>) = ? [pid 5853] <... futex resumed>) = ? [pid 5852] <... exit_group resumed>) = ? [pid 5854] +++ exited with 0 +++ [pid 5853] +++ exited with 0 +++ [pid 5852] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5852, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- [ 94.262284][ T5853] ERROR: (device loop0): txCommit: [ 94.262284][ T5853] [ 94.270532][ T5853] blkno = 8f7c0, nblocks = 1 [ 94.275164][ T5853] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 94.275164][ T5853] [ 94.286622][ T5853] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 94.286622][ T5853] [ 94.295953][ T5853] ERROR: (device loop0): remounting filesystem as read-only [ 94.303495][ T5853] ialloc: diAlloc returned -5! restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 94.425287][ T5824] syz-executor188: attempt to access beyond end of device [ 94.425287][ T5824] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 94.439547][ T5824] metapage_write_end_io: I/O error umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = 0 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5855 attached , child_tidptr=0x5555562da690) = 5855 [pid 5855] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5855] chdir("./8") = 0 [pid 5855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5855] setpgid(0, 0) = 0 [pid 5855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5855] write(3, "1000", 4) = 4 [pid 5855] close(3) = 0 [pid 5855] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5855] write(1, "executing program\n", 18) = 18 [pid 5855] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5855] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5855] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5855] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5855] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5855] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5856 attached [pid 5856] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5855] <... clone3 resumed> => {parent_tid=[5856]}, 88) = 5856 [pid 5856] set_robust_list(0x7f30bb7649a0, 24 [pid 5855] rt_sigprocmask(SIG_SETMASK, [], [pid 5856] <... set_robust_list resumed>) = 0 [pid 5855] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5856] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5855] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] memfd_create("syzkaller", 0 [pid 5855] <... futex resumed>) = 0 [pid 5856] <... memfd_create resumed>) = 3 [pid 5855] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5856] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5856] munmap(0x7f30b3200000, 138412032) = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5856] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5856] close(3) = 0 [pid 5856] close(4) = 0 [pid 5856] mkdir("./file1", 0777) = 0 [pid 5856] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5856] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5856] chdir("./file1") = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5856] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5856] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5855] <... futex resumed>) = 0 [pid 5855] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = 0 [pid 5855] <... futex resumed>) = 1 [pid 5856] mkdirat(AT_FDCWD, "./bus", 000 [ 95.113088][ T5856] loop0: detected capacity change from 0 to 32768 [ 95.168368][ T5856] syz-executor188: attempt to access beyond end of device [ 95.168368][ T5856] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 95.184060][ T5856] metapage_write_end_io: I/O error [ 95.189288][ T5856] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 95.189288][ T5856] [ 95.200526][ T5856] ERROR: (device loop0): remounting filesystem as read-only [ 95.208124][ T5856] ERROR: (device loop0): diWrite: ixpxd invalid [ 95.208124][ T5856] [pid 5855] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5855] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5855] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5856] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5855] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5856] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5856] <... futex resumed>) = 0 [pid 5856] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5855] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0} => {parent_tid=[5858]}, 88) = 5858 ./strace-static-x86_64: Process 5858 attached [pid 5858] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5855] rt_sigprocmask(SIG_SETMASK, [], [pid 5858] <... rseq resumed>) = 0 [pid 5855] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5858] set_robust_list(0x7f30bb7439a0, 24 [pid 5855] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5858] <... set_robust_list resumed>) = 0 [pid 5855] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5858] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5858] mkdir(".", 0777) = -1 EEXIST (File exists) [ 95.217286][ T5856] ERROR: (device loop0): txCommit: [ 95.217286][ T5856] [ 95.226823][ T5856] blkno = 8f7c0, nblocks = 1 [ 95.231731][ T5856] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 95.231731][ T5856] [ 95.243448][ T5856] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 95.243448][ T5856] [ 95.252940][ T5856] ialloc: diAlloc returned -5! [pid 5858] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5858] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5855] <... futex resumed>) = 0 [pid 5858] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5855] exit_group(0 [pid 5858] <... futex resumed>) = ? [pid 5856] <... futex resumed>) = ? [pid 5858] +++ exited with 0 +++ [pid 5856] +++ exited with 0 +++ [pid 5855] <... exit_group resumed>) = ? [pid 5855] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5855, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 95.391198][ T12] kworker/u8:0: attempt to access beyond end of device [ 95.391198][ T12] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 95.405077][ T12] metapage_write_end_io: I/O error umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = 0 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5859 attached , child_tidptr=0x5555562da690) = 5859 [pid 5859] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5859] chdir("./9") = 0 [pid 5859] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5859] setpgid(0, 0) = 0 [pid 5859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5859] write(3, "1000", 4) = 4 [pid 5859] close(3) = 0 [pid 5859] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5859] write(1, "executing program\n", 18) = 18 [pid 5859] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5859] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5859] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5859] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5859] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5859] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5859] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5860 attached [pid 5860] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5860] set_robust_list(0x7f30bb7649a0, 24 [pid 5859] <... clone3 resumed> => {parent_tid=[5860]}, 88) = 5860 [pid 5860] <... set_robust_list resumed>) = 0 [pid 5859] rt_sigprocmask(SIG_SETMASK, [], [pid 5860] rt_sigprocmask(SIG_SETMASK, [], [pid 5859] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5860] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5859] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] memfd_create("syzkaller", 0 [pid 5859] <... futex resumed>) = 0 [pid 5859] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5860] <... memfd_create resumed>) = 3 [pid 5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5860] munmap(0x7f30b3200000, 138412032) = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5860] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5860] close(3) = 0 [pid 5860] close(4) = 0 [pid 5860] mkdir("./file1", 0777) = 0 [pid 5860] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5860] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5860] chdir("./file1") = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5860] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5859] <... futex resumed>) = 0 [pid 5860] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5859] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5859] <... futex resumed>) = 0 [pid 5860] mkdirat(AT_FDCWD, "./bus", 000 [ 96.024877][ T5860] loop0: detected capacity change from 0 to 32768 [ 96.062469][ T5860] syz-executor188: attempt to access beyond end of device [pid 5859] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5859] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 96.062469][ T5860] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 96.076780][ T5860] metapage_write_end_io: I/O error [ 96.082187][ T5860] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 96.082187][ T5860] [ 96.094491][ T5860] ERROR: (device loop0): remounting filesystem as read-only [ 96.101930][ T5860] ERROR: (device loop0): diWrite: ixpxd invalid [ 96.101930][ T5860] [ 96.110502][ T5860] ERROR: (device loop0): txCommit: [ 96.110502][ T5860] [ 96.118685][ T5860] blkno = 8f7c0, nblocks = 1 [pid 5859] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5859] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5859] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5859] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0} => {parent_tid=[5861]}, 88) = 5861 ./strace-static-x86_64: Process 5861 attached [pid 5859] rt_sigprocmask(SIG_SETMASK, [], [pid 5861] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5860] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5861] <... rseq resumed>) = 0 [pid 5860] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5861] set_robust_list(0x7f30bb7439a0, 24 [pid 5860] <... futex resumed>) = 0 [pid 5859] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... set_robust_list resumed>) = 0 [pid 5860] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5859] <... futex resumed>) = 0 [pid 5861] rt_sigprocmask(SIG_SETMASK, [], [pid 5859] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5861] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5861] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5861] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5861] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5859] <... futex resumed>) = 0 [pid 5861] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5859] exit_group(0 [pid 5861] <... futex resumed>) = ? [pid 5860] <... futex resumed>) = ? [ 96.123629][ T5860] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 96.123629][ T5860] [ 96.135507][ T5860] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 96.135507][ T5860] [ 96.145078][ T5860] ialloc: diAlloc returned -5! [pid 5859] <... exit_group resumed>) = ? [pid 5861] +++ exited with 0 +++ [pid 5860] +++ exited with 0 +++ [pid 5859] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5859, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 96.273829][ T1112] kworker/u8:5: attempt to access beyond end of device [ 96.273829][ T1112] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 96.287742][ T1112] metapage_write_end_io: I/O error umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file1") = 0 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5862 attached , child_tidptr=0x5555562da690) = 5862 [pid 5862] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5862] chdir("./10") = 0 [pid 5862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5862] setpgid(0, 0) = 0 [pid 5862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5862] write(3, "1000", 4) = 4 [pid 5862] close(3) = 0 [pid 5862] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5862] write(1, "executing program\n", 18) = 18 [pid 5862] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5862] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5862] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5862] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5862] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5862] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5862] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5863 attached [pid 5863] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 5862] <... clone3 resumed> => {parent_tid=[5863]}, 88) = 5863 [pid 5863] <... rseq resumed>) = 0 [pid 5862] rt_sigprocmask(SIG_SETMASK, [], [pid 5863] set_robust_list(0x7f30bb7649a0, 24 [pid 5862] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5863] <... set_robust_list resumed>) = 0 [pid 5863] rt_sigprocmask(SIG_SETMASK, [], [pid 5862] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5863] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5862] <... futex resumed>) = 0 [pid 5862] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5863] memfd_create("syzkaller", 0) = 3 [pid 5863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5863] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5863] munmap(0x7f30b3200000, 138412032) = 0 [pid 5863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5863] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5863] close(3) = 0 [pid 5863] close(4) = 0 [pid 5863] mkdir("./file1", 0777) = 0 [pid 5863] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5863] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5863] chdir("./file1") = 0 [pid 5863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5863] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5862] <... futex resumed>) = 0 [pid 5863] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5862] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5863] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5862] <... futex resumed>) = 0 [pid 5863] mkdirat(AT_FDCWD, "./bus", 000 [ 96.903188][ T5863] loop0: detected capacity change from 0 to 32768 [pid 5862] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5862] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5862] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5862] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [ 96.960113][ T5863] syz-executor188: attempt to access beyond end of device [ 96.960113][ T5863] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 96.974560][ T5863] metapage_write_end_io: I/O error [ 96.979747][ T5863] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 96.979747][ T5863] [ 96.991248][ T5863] ERROR: (device loop0): remounting filesystem as read-only [ 96.998627][ T5863] ERROR: (device loop0): diWrite: ixpxd invalid [ 96.998627][ T5863] [pid 5862] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5862] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5864 attached [pid 5864] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5862] <... clone3 resumed> => {parent_tid=[5864]}, 88) = 5864 [pid 5864] <... rseq resumed>) = 0 [pid 5863] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5862] rt_sigprocmask(SIG_SETMASK, [], [pid 5864] set_robust_list(0x7f30bb7439a0, 24 [pid 5863] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... set_robust_list resumed>) = 0 [pid 5863] <... futex resumed>) = 0 [pid 5864] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5862] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5863] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5864] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5862] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = 0 [pid 5864] mkdir(".", 0777 [pid 5862] <... futex resumed>) = 1 [pid 5864] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5862] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5864] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5864] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5862] <... futex resumed>) = 0 [pid 5862] exit_group(0 [pid 5863] <... futex resumed>) = ? [pid 5862] <... exit_group resumed>) = ? [pid 5863] +++ exited with 0 +++ [pid 5864] +++ exited with 0 +++ [pid 5862] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5862, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 97.008819][ T5863] ERROR: (device loop0): txCommit: [ 97.008819][ T5863] [ 97.017572][ T5863] blkno = 8f7c0, nblocks = 1 [ 97.022420][ T5863] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 97.022420][ T5863] [ 97.033267][ T5863] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 97.033267][ T5863] [ 97.042790][ T5863] ialloc: diAlloc returned -5! newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 97.131261][ T12] kworker/u8:0: attempt to access beyond end of device [ 97.131261][ T12] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 97.145175][ T12] metapage_write_end_io: I/O error umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = 0 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5865 attached , child_tidptr=0x5555562da690) = 5865 [pid 5865] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5865] chdir("./11") = 0 [pid 5865] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5865] setpgid(0, 0) = 0 [pid 5865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5865] write(3, "1000", 4) = 4 [pid 5865] close(3) = 0 [pid 5865] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5865] write(1, "executing program\n", 18) = 18 [pid 5865] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5865] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5865] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5865] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5865] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5865] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5866 attached [pid 5866] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5866] set_robust_list(0x7f30bb7649a0, 24 [pid 5865] <... clone3 resumed> => {parent_tid=[5866]}, 88) = 5866 [pid 5866] <... set_robust_list resumed>) = 0 [pid 5865] rt_sigprocmask(SIG_SETMASK, [], [pid 5866] rt_sigprocmask(SIG_SETMASK, [], [pid 5865] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5866] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5865] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] memfd_create("syzkaller", 0 [pid 5865] <... futex resumed>) = 0 [pid 5865] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5866] <... memfd_create resumed>) = 3 [pid 5866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5866] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5866] munmap(0x7f30b3200000, 138412032) = 0 [pid 5866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5866] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5866] close(3) = 0 [pid 5866] close(4) = 0 [pid 5866] mkdir("./file1", 0777) = 0 [pid 5866] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5866] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5866] chdir("./file1") = 0 [pid 5866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 97.792057][ T5866] loop0: detected capacity change from 0 to 32768 [pid 5866] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5865] <... futex resumed>) = 0 [pid 5866] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5865] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5865] <... futex resumed>) = 0 [pid 5866] mkdirat(AT_FDCWD, "./bus", 000 [ 97.856711][ T5866] metapage_write_end_io: I/O error [ 97.866009][ T5866] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 97.866009][ T5866] [ 97.877180][ T5866] ERROR: (device loop0): remounting filesystem as read-only [ 97.885449][ T5866] ERROR: (device loop0): diWrite: ixpxd invalid [ 97.885449][ T5866] [ 97.894784][ T5866] ERROR: (device loop0): txCommit: [ 97.894784][ T5866] [pid 5865] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5865] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5865] <... futex resumed>) = 0 [pid 5865] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5865] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE [pid 5866] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] <... mprotect resumed>) = 0 [pid 5866] <... futex resumed>) = 0 [pid 5866] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5865] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5865] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5867 attached [pid 5867] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 5865] <... clone3 resumed> => {parent_tid=[5867]}, 88) = 5867 [pid 5867] set_robust_list(0x7f30bb7439a0, 24) = 0 [pid 5867] rt_sigprocmask(SIG_SETMASK, [], [pid 5865] rt_sigprocmask(SIG_SETMASK, [], [pid 5867] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5865] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5867] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5865] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5865] <... futex resumed>) = 0 [pid 5865] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5867] mkdir(".", 0777) = -1 EEXIST (File exists) [ 97.903377][ T5866] blkno = 8f7c0, nblocks = 1 [ 97.907991][ T5866] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 97.907991][ T5866] [ 97.919103][ T5866] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 97.919103][ T5866] [ 97.928417][ T5866] ialloc: diAlloc returned -5! [pid 5867] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5867] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5865] <... futex resumed>) = 0 [pid 5865] exit_group(0 [pid 5866] <... futex resumed>) = ? [pid 5866] +++ exited with 0 +++ [pid 5865] <... exit_group resumed>) = ? [pid 5867] +++ exited with 0 +++ [pid 5865] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5865, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file1") = 0 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 98.081239][ T59] metapage_write_end_io: I/O error close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5868 attached , child_tidptr=0x5555562da690) = 5868 [pid 5868] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5868] chdir("./12") = 0 [pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5868] setpgid(0, 0) = 0 [pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5868] write(3, "1000", 4) = 4 [pid 5868] close(3) = 0 [pid 5868] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5868] write(1, "executing program\n", 18executing program ) = 18 [pid 5868] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5868] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5868] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5869 attached => {parent_tid=[5869]}, 88) = 5869 [pid 5868] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 5868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] <... rseq resumed>) = 0 [pid 5869] set_robust_list(0x7f30bb7649a0, 24 [pid 5868] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5869] <... set_robust_list resumed>) = 0 [pid 5869] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5869] memfd_create("syzkaller", 0) = 3 [pid 5869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5869] munmap(0x7f30b3200000, 138412032) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5869] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5869] close(3) = 0 [pid 5869] close(4) = 0 [pid 5869] mkdir("./file1", 0777) = 0 [ 98.500109][ T5869] loop0: detected capacity change from 0 to 32768 [pid 5869] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5869] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5869] chdir("./file1") = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5869] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5869] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] <... futex resumed>) = 0 [pid 5868] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... futex resumed>) = 0 [pid 5868] <... futex resumed>) = 1 [pid 5869] mkdirat(AT_FDCWD, "./bus", 000 [ 98.593825][ T5869] bio_check_eod: 2 callbacks suppressed [ 98.593845][ T5869] syz-executor188: attempt to access beyond end of device [ 98.593845][ T5869] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 98.613772][ T5869] metapage_write_end_io: I/O error [ 98.618967][ T5869] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 98.618967][ T5869] [ 98.629711][ T5869] ERROR: (device loop0): remounting filesystem as read-only [ 98.637153][ T5869] ERROR: (device loop0): diWrite: ixpxd invalid [pid 5868] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5868] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5868] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5870 attached => {parent_tid=[5870]}, 88) = 5870 [pid 5870] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 5868] rt_sigprocmask(SIG_SETMASK, [], [pid 5870] set_robust_list(0x7f30bb7439a0, 24 [pid 5868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5870] <... set_robust_list resumed>) = 0 [pid 5868] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5868] <... futex resumed>) = 0 [pid 5870] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5868] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5870] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5869] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5870] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] <... futex resumed>) = 1 [pid 5869] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] <... futex resumed>) = 0 [pid 5870] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] exit_group(0 [pid 5870] <... futex resumed>) = ? [pid 5870] +++ exited with 0 +++ [pid 5869] <... futex resumed>) = ? [pid 5868] <... exit_group resumed>) = ? [pid 5869] +++ exited with 0 +++ [pid 5868] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5868, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 98.637153][ T5869] [ 98.645695][ T5869] ERROR: (device loop0): txCommit: [ 98.645695][ T5869] [ 98.654235][ T5869] blkno = 8f7c0, nblocks = 1 [ 98.658852][ T5869] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 98.658852][ T5869] [ 98.669488][ T5869] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 98.669488][ T5869] [ 98.678770][ T5869] ialloc: diAlloc returned -5! umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 98.772749][ T12] kworker/u8:0: attempt to access beyond end of device [ 98.772749][ T12] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 98.786682][ T12] metapage_write_end_io: I/O error umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = 0 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5871 attached , child_tidptr=0x5555562da690) = 5871 [pid 5871] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5871] chdir("./13") = 0 [pid 5871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5871] setpgid(0, 0) = 0 [pid 5871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5871] write(3, "1000", 4) = 4 [pid 5871] close(3) = 0 [pid 5871] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5871] write(1, "executing program\n", 18) = 18 [pid 5871] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5871] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5871] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5871] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5872 attached [pid 5872] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5871] <... clone3 resumed> => {parent_tid=[5872]}, 88) = 5872 [pid 5872] set_robust_list(0x7f30bb7649a0, 24 [pid 5871] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] <... set_robust_list resumed>) = 0 [pid 5871] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] <... futex resumed>) = 0 [pid 5871] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5872] memfd_create("syzkaller", 0) = 3 [pid 5872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5872] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5872] munmap(0x7f30b3200000, 138412032) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5872] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5872] close(3) = 0 [pid 5872] close(4) = 0 [pid 5872] mkdir("./file1", 0777) = 0 [pid 5872] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5872] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5872] chdir("./file1") = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 99.432599][ T5872] loop0: detected capacity change from 0 to 32768 [pid 5872] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5871] <... futex resumed>) = 0 [pid 5872] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5871] <... futex resumed>) = 0 [pid 5872] mkdirat(AT_FDCWD, "./bus", 000 [ 99.504557][ T5872] syz-executor188: attempt to access beyond end of device [ 99.504557][ T5872] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 99.518733][ T5872] metapage_write_end_io: I/O error [ 99.525461][ T5872] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 99.525461][ T5872] [ 99.536195][ T5872] ERROR: (device loop0): remounting filesystem as read-only [ 99.543579][ T5872] ERROR: (device loop0): diWrite: ixpxd invalid [ 99.543579][ T5872] [pid 5871] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5871] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5871] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5871] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5873 attached [pid 5873] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 5873] set_robust_list(0x7f30bb7439a0, 24) = 0 [pid 5873] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] <... clone3 resumed> => {parent_tid=[5873]}, 88) = 5873 [pid 5873] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] rt_sigprocmask(SIG_SETMASK, [], [pid 5873] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... futex resumed>) = 0 [pid 5871] <... futex resumed>) = 1 [pid 5873] mkdir(".", 0777 [pid 5871] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5873] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5873] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5873] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5871] <... futex resumed>) = 0 [pid 5873] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5872] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] exit_group(0 [pid 5873] <... futex resumed>) = ? [pid 5872] <... futex resumed>) = ? [pid 5871] <... exit_group resumed>) = ? [pid 5873] +++ exited with 0 +++ [pid 5872] +++ exited with 0 +++ [pid 5871] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5871, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- [ 99.552373][ T5872] ERROR: (device loop0): txCommit: [ 99.552373][ T5872] [ 99.560665][ T5872] blkno = 8f7c0, nblocks = 1 [ 99.565290][ T5872] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 99.565290][ T5872] [ 99.575744][ T5872] ERROR: (device loop0): remounting filesystem as read-only [ 99.584135][ T5872] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 99.584135][ T5872] [ 99.593389][ T5872] ialloc: diAlloc returned -5! restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 99.705236][ T5824] syz-executor188: attempt to access beyond end of device [ 99.705236][ T5824] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 99.719604][ T5824] metapage_write_end_io: I/O error umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = 0 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5874 attached [pid 5874] set_robust_list(0x5555562da6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x5555562da690) = 5874 [pid 5874] <... set_robust_list resumed>) = 0 [pid 5874] chdir("./14") = 0 [pid 5874] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5874] setpgid(0, 0) = 0 [pid 5874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5874] write(3, "1000", 4) = 4 [pid 5874] close(3) = 0 [pid 5874] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5874] write(1, "executing program\n", 18) = 18 [pid 5874] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5874] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5874] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5874] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5874] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5874] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5874] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5875 attached [pid 5875] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5874] <... clone3 resumed> => {parent_tid=[5875]}, 88) = 5875 [pid 5875] set_robust_list(0x7f30bb7649a0, 24 [pid 5874] rt_sigprocmask(SIG_SETMASK, [], [pid 5875] <... set_robust_list resumed>) = 0 [pid 5874] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5875] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5874] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5875] memfd_create("syzkaller", 0 [pid 5874] <... futex resumed>) = 0 [pid 5874] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5875] <... memfd_create resumed>) = 3 [pid 5875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5875] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5875] munmap(0x7f30b3200000, 138412032) = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5875] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5875] close(3) = 0 [pid 5875] close(4) = 0 [pid 5875] mkdir("./file1", 0777) = 0 [pid 5875] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5875] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5875] chdir("./file1") = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5875] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5874] <... futex resumed>) = 0 [pid 5875] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5874] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5874] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5875] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 100.296369][ T5875] loop0: detected capacity change from 0 to 32768 [pid 5875] mkdirat(AT_FDCWD, "./bus", 000 [pid 5874] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 100.340732][ T5875] syz-executor188: attempt to access beyond end of device [ 100.340732][ T5875] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 100.356313][ T5875] metapage_write_end_io: I/O error [ 100.361864][ T5875] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 100.361864][ T5875] [ 100.373246][ T5875] ERROR: (device loop0): remounting filesystem as read-only [ 100.381202][ T5875] ERROR: (device loop0): diWrite: ixpxd invalid [ 100.381202][ T5875] [pid 5874] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5874] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5875] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5874] <... mmap resumed>) = 0x7f30bb723000 [pid 5875] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE [pid 5875] <... futex resumed>) = 0 [pid 5874] <... mprotect resumed>) = 0 [pid 5875] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5874] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5874] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5876 attached [pid 5876] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5874] <... clone3 resumed> => {parent_tid=[5876]}, 88) = 5876 [pid 5876] <... rseq resumed>) = 0 [pid 5876] set_robust_list(0x7f30bb7439a0, 24) = 0 [pid 5874] rt_sigprocmask(SIG_SETMASK, [], [pid 5876] rt_sigprocmask(SIG_SETMASK, [], [pid 5874] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5876] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5876] mkdir(".", 0777 [pid 5874] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5874] <... futex resumed>) = 0 [pid 5876] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "" [pid 5874] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5876] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5876] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... futex resumed>) = 0 [pid 5876] <... futex resumed>) = 1 [pid 5874] exit_group(0 [pid 5875] <... futex resumed>) = ? [pid 5876] +++ exited with 0 +++ [pid 5875] +++ exited with 0 +++ [pid 5874] <... exit_group resumed>) = ? [pid 5874] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5874, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- [ 100.389710][ T5875] ERROR: (device loop0): txCommit: [ 100.389710][ T5875] [ 100.400928][ T5875] blkno = 8f7c0, nblocks = 1 [ 100.405553][ T5875] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 100.405553][ T5875] [ 100.416670][ T5875] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 100.416670][ T5875] [ 100.425917][ T5875] ialloc: diAlloc returned -5! restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 100.515516][ T59] kworker/u8:4: attempt to access beyond end of device [ 100.515516][ T59] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 100.529412][ T59] metapage_write_end_io: I/O error umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = 0 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5877 attached , child_tidptr=0x5555562da690) = 5877 [pid 5877] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5877] chdir("./15") = 0 [pid 5877] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5877] setpgid(0, 0) = 0 [pid 5877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5877] write(3, "1000", 4) = 4 [pid 5877] close(3) = 0 [pid 5877] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5877] write(1, "executing program\n", 18executing program ) = 18 [pid 5877] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5877] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5877] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5877] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5877] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5877] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5877] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5878 attached => {parent_tid=[5878]}, 88) = 5878 [pid 5877] rt_sigprocmask(SIG_SETMASK, [], [pid 5878] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5878] set_robust_list(0x7f30bb7649a0, 24 [pid 5877] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] <... set_robust_list resumed>) = 0 [pid 5877] <... futex resumed>) = 0 [pid 5878] rt_sigprocmask(SIG_SETMASK, [], [pid 5877] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5878] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5878] memfd_create("syzkaller", 0) = 3 [pid 5878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5878] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5878] munmap(0x7f30b3200000, 138412032) = 0 [pid 5878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5878] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5878] close(3) = 0 [pid 5878] close(4) = 0 [pid 5878] mkdir("./file1", 0777) = 0 [pid 5878] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5878] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5878] chdir("./file1") = 0 [pid 5878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5878] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5877] <... futex resumed>) = 0 [pid 5878] mkdirat(AT_FDCWD, "./bus", 000 [ 101.151075][ T5878] loop0: detected capacity change from 0 to 32768 [pid 5877] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 101.200966][ T5878] syz-executor188: attempt to access beyond end of device [ 101.200966][ T5878] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 101.217129][ T5878] metapage_write_end_io: I/O error [ 101.223838][ T5878] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 101.223838][ T5878] [ 101.234764][ T5878] ERROR: (device loop0): remounting filesystem as read-only [ 101.242164][ T5878] ERROR: (device loop0): diWrite: ixpxd invalid [ 101.242164][ T5878] [pid 5877] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5877] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5877] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5878] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5877] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE [pid 5878] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... mprotect resumed>) = 0 [pid 5878] <... futex resumed>) = 0 [pid 5877] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5878] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5877] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5879 attached [pid 5879] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 5879] set_robust_list(0x7f30bb7439a0, 24) = 0 [pid 5877] <... clone3 resumed> => {parent_tid=[5879]}, 88) = 5879 [pid 5879] rt_sigprocmask(SIG_SETMASK, [], [pid 5877] rt_sigprocmask(SIG_SETMASK, [], [pid 5879] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5879] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5877] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5877] <... futex resumed>) = 0 [pid 5879] mkdir(".", 0777 [pid 5877] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5879] <... mkdir resumed>) = -1 EEXIST (File exists) [ 101.250705][ T5878] ERROR: (device loop0): txCommit: [ 101.250705][ T5878] [ 101.259693][ T5878] blkno = 8f7c0, nblocks = 1 [ 101.264361][ T5878] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 101.264361][ T5878] [ 101.275691][ T5878] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 101.275691][ T5878] [ 101.285016][ T5878] ialloc: diAlloc returned -5! [pid 5879] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5879] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = 0 [pid 5879] <... futex resumed>) = 1 [pid 5877] exit_group(0 [pid 5879] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5877] <... exit_group resumed>) = ? [pid 5879] +++ exited with 0 +++ [pid 5878] <... futex resumed>) = ? [pid 5878] +++ exited with 0 +++ [pid 5877] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5877, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 101.423917][ T12] kworker/u8:0: attempt to access beyond end of device [ 101.423917][ T12] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 101.437845][ T12] metapage_write_end_io: I/O error openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file1") = 0 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5880 attached , child_tidptr=0x5555562da690) = 5880 [pid 5880] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5880] chdir("./16") = 0 [pid 5880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5880] setpgid(0, 0) = 0 [pid 5880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5880] write(3, "1000", 4) = 4 [pid 5880] close(3) = 0 [pid 5880] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5880] write(1, "executing program\n", 18) = 18 [pid 5880] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5880] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5880] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5880] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5880] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5880] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5880] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5881 attached [pid 5881] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5880] <... clone3 resumed> => {parent_tid=[5881]}, 88) = 5881 [pid 5881] set_robust_list(0x7f30bb7649a0, 24 [pid 5880] rt_sigprocmask(SIG_SETMASK, [], [pid 5881] <... set_robust_list resumed>) = 0 [pid 5880] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5881] rt_sigprocmask(SIG_SETMASK, [], [pid 5880] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5880] <... futex resumed>) = 0 [pid 5881] memfd_create("syzkaller", 0 [pid 5880] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5881] <... memfd_create resumed>) = 3 [pid 5881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5881] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5881] munmap(0x7f30b3200000, 138412032) = 0 [pid 5881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5881] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5881] close(3) = 0 [pid 5881] close(4) = 0 [pid 5881] mkdir("./file1", 0777) = 0 [pid 5881] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5881] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5881] chdir("./file1") = 0 [pid 5881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5881] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... futex resumed>) = 0 [pid 5880] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5881] <... futex resumed>) = 1 [pid 5880] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 102.014895][ T5881] loop0: detected capacity change from 0 to 32768 [pid 5881] mkdirat(AT_FDCWD, "./bus", 000 [pid 5880] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5880] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 102.073080][ T5881] syz-executor188: attempt to access beyond end of device [ 102.073080][ T5881] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 102.087917][ T5881] metapage_write_end_io: I/O error [ 102.094384][ T5881] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 102.094384][ T5881] [ 102.105471][ T5881] ERROR: (device loop0): remounting filesystem as read-only [ 102.112945][ T5881] ERROR: (device loop0): diWrite: ixpxd invalid [ 102.112945][ T5881] [pid 5880] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5880] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5880] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5880] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5882 attached [pid 5882] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 5882] set_robust_list(0x7f30bb7439a0, 24) = 0 [pid 5882] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5882] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5880] <... clone3 resumed> => {parent_tid=[5882]}, 88) = 5882 [pid 5881] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5881] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] rt_sigprocmask(SIG_SETMASK, [], [pid 5881] <... futex resumed>) = 0 [pid 5880] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5881] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5880] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5880] <... futex resumed>) = 1 [pid 5882] mkdir(".", 0777 [pid 5880] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5882] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5882] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5882] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5880] <... futex resumed>) = 0 [pid 5882] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5880] exit_group(0 [pid 5882] <... futex resumed>) = ? [pid 5881] <... futex resumed>) = ? [pid 5882] +++ exited with 0 +++ [pid 5881] +++ exited with 0 +++ [pid 5880] <... exit_group resumed>) = ? [pid 5880] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5880, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 102.121430][ T5881] ERROR: (device loop0): txCommit: [ 102.121430][ T5881] [ 102.130035][ T5881] blkno = 8f7c0, nblocks = 1 [ 102.134860][ T5881] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 102.134860][ T5881] [ 102.146938][ T5881] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 102.146938][ T5881] [ 102.156605][ T5881] ialloc: diAlloc returned -5! umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 102.274661][ T1112] kworker/u8:5: attempt to access beyond end of device [ 102.274661][ T1112] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 102.288561][ T1112] metapage_write_end_io: I/O error umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file1") = 0 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5883 attached , child_tidptr=0x5555562da690) = 5883 [pid 5883] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5883] chdir("./17") = 0 [pid 5883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5883] setpgid(0, 0) = 0 [pid 5883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5883] write(3, "1000", 4) = 4 [pid 5883] close(3) = 0 [pid 5883] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5883] write(1, "executing program\n", 18) = 18 [pid 5883] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5883] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5883] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5883] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5883] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5883] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5884 attached [pid 5884] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5883] <... clone3 resumed> => {parent_tid=[5884]}, 88) = 5884 [pid 5884] set_robust_list(0x7f30bb7649a0, 24) = 0 [pid 5883] rt_sigprocmask(SIG_SETMASK, [], [pid 5884] rt_sigprocmask(SIG_SETMASK, [], [pid 5883] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5884] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5884] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5883] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5884] memfd_create("syzkaller", 0 [pid 5883] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5884] <... memfd_create resumed>) = 3 [pid 5884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5884] munmap(0x7f30b3200000, 138412032) = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5884] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5884] close(3) = 0 [pid 5884] close(4) = 0 [pid 5884] mkdir("./file1", 0777) = 0 [pid 5884] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5884] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5884] chdir("./file1") = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5884] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5884] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5884] <... futex resumed>) = 0 [pid 5884] mkdirat(AT_FDCWD, "./bus", 000 [ 102.912422][ T5884] loop0: detected capacity change from 0 to 32768 [ 102.960453][ T5884] metapage_write_end_io: I/O error [ 102.965719][ T5884] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 102.965719][ T5884] [ 102.977198][ T5884] ERROR: (device loop0): remounting filesystem as read-only [ 102.985553][ T5884] ERROR: (device loop0): diWrite: ixpxd invalid [ 102.985553][ T5884] [ 102.994112][ T5884] ERROR: (device loop0): txCommit: [ 102.994112][ T5884] [ 103.002592][ T5884] blkno = 8f7c0, nblocks = 1 [pid 5883] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5883] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5884] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5883] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5884] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5883] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5884] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5883] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0} => {parent_tid=[5885]}, 88) = 5885 ./strace-static-x86_64: Process 5885 attached [pid 5885] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5883] rt_sigprocmask(SIG_SETMASK, [], [pid 5885] <... rseq resumed>) = 0 [pid 5883] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5885] set_robust_list(0x7f30bb7439a0, 24 [pid 5883] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... set_robust_list resumed>) = 0 [pid 5883] <... futex resumed>) = 0 [pid 5885] rt_sigprocmask(SIG_SETMASK, [], [pid 5883] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5885] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5885] mkdir(".", 0777) = -1 EEXIST (File exists) [ 103.007210][ T5884] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 103.007210][ T5884] [ 103.017825][ T5884] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 103.017825][ T5884] [ 103.027217][ T5884] ialloc: diAlloc returned -5! [pid 5885] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5885] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5885] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] exit_group(0 [pid 5885] <... futex resumed>) = ? [pid 5884] <... futex resumed>) = ? [pid 5885] +++ exited with 0 +++ [pid 5884] +++ exited with 0 +++ [pid 5883] <... exit_group resumed>) = ? [pid 5883] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5883, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 103.169029][ T12] metapage_write_end_io: I/O error umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = 0 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5886 attached , child_tidptr=0x5555562da690) = 5886 [pid 5886] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5886] chdir("./18") = 0 [pid 5886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5886] setpgid(0, 0) = 0 [pid 5886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5886] write(3, "1000", 4) = 4 [pid 5886] close(3) = 0 [pid 5886] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5886] write(1, "executing program\n", 18) = 18 [pid 5886] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5886] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5886] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5886] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5886] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5886] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5887 attached [pid 5887] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5887] set_robust_list(0x7f30bb7649a0, 24 [pid 5886] <... clone3 resumed> => {parent_tid=[5887]}, 88) = 5887 [pid 5887] <... set_robust_list resumed>) = 0 [pid 5886] rt_sigprocmask(SIG_SETMASK, [], [pid 5887] rt_sigprocmask(SIG_SETMASK, [], [pid 5886] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5887] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5886] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] memfd_create("syzkaller", 0 [pid 5886] <... futex resumed>) = 0 [pid 5886] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5887] <... memfd_create resumed>) = 3 [pid 5887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5887] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5887] munmap(0x7f30b3200000, 138412032) = 0 [pid 5887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5887] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5887] close(3) = 0 [pid 5887] close(4) = 0 [pid 5887] mkdir("./file1", 0777) = 0 [pid 5887] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5887] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5887] chdir("./file1") = 0 [pid 5887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5887] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5886] <... futex resumed>) = 0 [pid 5886] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... futex resumed>) = 0 [pid 5886] <... futex resumed>) = 1 [pid 5887] mkdirat(AT_FDCWD, "./bus", 000 [ 103.845374][ T5887] loop0: detected capacity change from 0 to 32768 [ 103.900875][ T5887] bio_check_eod: 2 callbacks suppressed [ 103.900894][ T5887] syz-executor188: attempt to access beyond end of device [ 103.900894][ T5887] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 103.922842][ T5887] metapage_write_end_io: I/O error [ 103.928289][ T5887] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 103.928289][ T5887] [ 103.939601][ T5887] ERROR: (device loop0): remounting filesystem as read-only [pid 5886] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5886] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5886] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5886] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5886] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5888 attached => {parent_tid=[5888]}, 88) = 5888 [pid 5888] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 5886] rt_sigprocmask(SIG_SETMASK, [], [pid 5888] set_robust_list(0x7f30bb7439a0, 24) = 0 [pid 5886] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5888] rt_sigprocmask(SIG_SETMASK, [], [pid 5886] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5886] <... futex resumed>) = 0 [pid 5888] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5886] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5888] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5887] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5888] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5888] <... futex resumed>) = 1 [pid 5887] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5886] <... futex resumed>) = 0 [pid 5888] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5886] exit_group(0 [pid 5888] <... futex resumed>) = ? [pid 5887] <... futex resumed>) = ? [pid 5888] +++ exited with 0 +++ [pid 5886] <... exit_group resumed>) = ? [pid 5887] +++ exited with 0 +++ [pid 5886] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5886, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- [ 103.948026][ T5887] ERROR: (device loop0): diWrite: ixpxd invalid [ 103.948026][ T5887] [ 103.956571][ T5887] ERROR: (device loop0): txCommit: [ 103.956571][ T5887] [ 103.965259][ T5887] blkno = 8f7c0, nblocks = 1 [ 103.970205][ T5887] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 103.970205][ T5887] [ 103.981989][ T5887] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 103.981989][ T5887] [ 103.991477][ T5887] ialloc: diAlloc returned -5! restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 104.075358][ T12] kworker/u8:0: attempt to access beyond end of device [ 104.075358][ T12] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 104.089282][ T12] metapage_write_end_io: I/O error umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file1") = 0 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5889 attached , child_tidptr=0x5555562da690) = 5889 [pid 5889] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5889] chdir("./19") = 0 [pid 5889] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5889] setpgid(0, 0) = 0 [pid 5889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5889] write(3, "1000", 4) = 4 [pid 5889] close(3) = 0 [pid 5889] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5889] write(1, "executing program\n", 18executing program ) = 18 [pid 5889] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5889] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5889] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5889] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5889] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5889] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5890 attached [pid 5890] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5889] <... clone3 resumed> => {parent_tid=[5890]}, 88) = 5890 [pid 5890] set_robust_list(0x7f30bb7649a0, 24 [pid 5889] rt_sigprocmask(SIG_SETMASK, [], [pid 5890] <... set_robust_list resumed>) = 0 [pid 5889] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5890] rt_sigprocmask(SIG_SETMASK, [], [pid 5889] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5889] <... futex resumed>) = 0 [pid 5889] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5890] memfd_create("syzkaller", 0) = 3 [pid 5890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5890] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5890] munmap(0x7f30b3200000, 138412032) = 0 [pid 5890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5890] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5890] close(3) = 0 [pid 5890] close(4) = 0 [pid 5890] mkdir("./file1", 0777) = 0 [pid 5890] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5890] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5890] chdir("./file1") = 0 [pid 5890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5890] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5889] <... futex resumed>) = 0 [pid 5890] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5889] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5889] <... futex resumed>) = 0 [pid 5890] mkdirat(AT_FDCWD, "./bus", 000 [ 104.689507][ T5890] loop0: detected capacity change from 0 to 32768 [ 104.722537][ T5890] syz-executor188: attempt to access beyond end of device [ 104.722537][ T5890] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [pid 5889] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5889] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5889] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5889] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5889] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5891 attached => {parent_tid=[5891]}, 88) = 5891 [pid 5891] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5889] rt_sigprocmask(SIG_SETMASK, [], [pid 5891] <... rseq resumed>) = 0 [pid 5889] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5891] set_robust_list(0x7f30bb7439a0, 24 [pid 5889] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... set_robust_list resumed>) = 0 [pid 5889] <... futex resumed>) = 0 [pid 5891] rt_sigprocmask(SIG_SETMASK, [], [pid 5889] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5891] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5891] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5891] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [ 104.736819][ T5890] metapage_write_end_io: I/O error [ 104.746517][ T5890] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 104.746517][ T5890] [ 104.757900][ T5890] ERROR: (device loop0): remounting filesystem as read-only [ 104.765580][ T5890] ERROR: (device loop0): diWrite: ixpxd invalid [ 104.765580][ T5890] [ 104.777985][ T5890] ERROR: (device loop0): txCommit: [ 104.777985][ T5890] [pid 5891] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5889] <... futex resumed>) = 0 [pid 5891] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5890] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5890] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5889] exit_group(0 [pid 5891] <... futex resumed>) = ? [pid 5890] <... futex resumed>) = ? [pid 5889] <... exit_group resumed>) = ? [pid 5891] +++ exited with 0 +++ [pid 5890] +++ exited with 0 +++ [pid 5889] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5889, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 104.792667][ T5890] blkno = 8f7c0, nblocks = 1 [ 104.797461][ T5890] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 104.797461][ T5890] [ 104.808015][ T5890] ERROR: (device loop0): remounting filesystem as read-only [ 104.816496][ T5890] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 104.816496][ T5890] [ 104.825886][ T5890] ialloc: diAlloc returned -5! umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 104.929642][ T5824] syz-executor188: attempt to access beyond end of device [ 104.929642][ T5824] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 104.948074][ T5824] metapage_write_end_io: I/O error umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file1") = 0 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5892 attached , child_tidptr=0x5555562da690) = 5892 [pid 5892] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5892] chdir("./20") = 0 [pid 5892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5892] setpgid(0, 0) = 0 [pid 5892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5892] write(3, "1000", 4) = 4 [pid 5892] close(3) = 0 [pid 5892] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5892] write(1, "executing program\n", 18) = 18 [pid 5892] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5892] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5892] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5892] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5892] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5893 attached [pid 5893] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 5892] <... clone3 resumed> => {parent_tid=[5893]}, 88) = 5893 [pid 5893] <... rseq resumed>) = 0 [pid 5893] set_robust_list(0x7f30bb7649a0, 24) = 0 [pid 5892] rt_sigprocmask(SIG_SETMASK, [], [pid 5893] rt_sigprocmask(SIG_SETMASK, [], [pid 5892] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5893] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5892] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] memfd_create("syzkaller", 0 [pid 5892] <... futex resumed>) = 0 [pid 5893] <... memfd_create resumed>) = 3 [pid 5893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5892] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5893] <... mmap resumed>) = 0x7f30b3200000 [pid 5893] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5893] munmap(0x7f30b3200000, 138412032) = 0 [pid 5893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5893] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5893] close(3) = 0 [pid 5893] close(4) = 0 [pid 5893] mkdir("./file1", 0777) = 0 [pid 5893] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5893] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 105.577513][ T5893] loop0: detected capacity change from 0 to 32768 [pid 5893] chdir("./file1") = 0 [pid 5893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5893] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5893] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5892] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5892] <... futex resumed>) = 0 [pid 5893] mkdirat(AT_FDCWD, "./bus", 000 [pid 5892] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 105.648104][ T5893] syz-executor188: attempt to access beyond end of device [ 105.648104][ T5893] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 105.663751][ T5893] metapage_write_end_io: I/O error [ 105.668992][ T5893] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 105.668992][ T5893] [ 105.689901][ T5893] ERROR: (device loop0): remounting filesystem as read-only [pid 5892] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5892] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5892] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5892] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5894 attached => {parent_tid=[5894]}, 88) = 5894 [pid 5894] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5892] rt_sigprocmask(SIG_SETMASK, [], [pid 5894] <... rseq resumed>) = 0 [pid 5892] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5894] set_robust_list(0x7f30bb7439a0, 24) = 0 [pid 5892] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5893] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5892] <... futex resumed>) = 0 [pid 5894] mkdir(".", 0777 [pid 5892] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5894] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5893] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "" [pid 5893] <... futex resumed>) = 0 [pid 5893] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5894] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5894] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5892] exit_group(0 [pid 5894] <... futex resumed>) = ? [pid 5893] <... futex resumed>) = ? [pid 5892] <... exit_group resumed>) = ? [pid 5894] +++ exited with 0 +++ [pid 5893] +++ exited with 0 +++ [pid 5892] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5892, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 105.697297][ T5893] ERROR: (device loop0): diWrite: ixpxd invalid [ 105.697297][ T5893] [ 105.706063][ T5893] ERROR: (device loop0): txCommit: [ 105.706063][ T5893] [ 105.714796][ T5893] blkno = 8f7c0, nblocks = 1 [ 105.719459][ T5893] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 105.719459][ T5893] [ 105.730609][ T5893] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 105.730609][ T5893] [ 105.739804][ T5893] ialloc: diAlloc returned -5! umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 105.846808][ T1112] kworker/u8:5: attempt to access beyond end of device [ 105.846808][ T1112] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 105.860762][ T1112] metapage_write_end_io: I/O error umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = 0 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5895 attached , child_tidptr=0x5555562da690) = 5895 [pid 5895] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5895] chdir("./21") = 0 [pid 5895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5895] setpgid(0, 0) = 0 [pid 5895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5895] write(3, "1000", 4) = 4 [pid 5895] close(3) = 0 [pid 5895] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5895] write(1, "executing program\n", 18) = 18 [pid 5895] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5895] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5895] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5895] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5895] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5895] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5895] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5896 attached [pid 5896] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 5895] <... clone3 resumed> => {parent_tid=[5896]}, 88) = 5896 [pid 5896] <... rseq resumed>) = 0 [pid 5896] set_robust_list(0x7f30bb7649a0, 24) = 0 [pid 5895] rt_sigprocmask(SIG_SETMASK, [], [pid 5896] rt_sigprocmask(SIG_SETMASK, [], [pid 5895] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5896] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5895] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5896] memfd_create("syzkaller", 0 [pid 5895] <... futex resumed>) = 0 [pid 5895] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5896] <... memfd_create resumed>) = 3 [pid 5896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5896] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5896] munmap(0x7f30b3200000, 138412032) = 0 [pid 5896] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5896] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5896] close(3) = 0 [pid 5896] close(4) = 0 [pid 5896] mkdir("./file1", 0777) = 0 [pid 5896] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5896] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5896] chdir("./file1") = 0 [pid 5896] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5896] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5896] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5895] <... futex resumed>) = 0 [pid 5895] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5896] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5895] <... futex resumed>) = 0 [pid 5895] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 106.493996][ T5896] loop0: detected capacity change from 0 to 32768 [ 106.550986][ T5896] syz-executor188: attempt to access beyond end of device [ 106.550986][ T5896] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 106.565968][ T5896] metapage_write_end_io: I/O error [ 106.571496][ T5896] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 106.571496][ T5896] [ 106.582512][ T5896] ERROR: (device loop0): remounting filesystem as read-only [ 106.589908][ T5896] ERROR: (device loop0): diWrite: ixpxd invalid [ 106.589908][ T5896] [pid 5896] mkdirat(AT_FDCWD, "./bus", 000 [pid 5895] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5895] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5895] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5895] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5896] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5895] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5896] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5896] <... futex resumed>) = 0 [pid 5896] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5895] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5897 attached [pid 5897] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5895] <... clone3 resumed> => {parent_tid=[5897]}, 88) = 5897 [pid 5897] <... rseq resumed>) = 0 [pid 5895] rt_sigprocmask(SIG_SETMASK, [], [pid 5897] set_robust_list(0x7f30bb7439a0, 24 [pid 5895] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5897] <... set_robust_list resumed>) = 0 [pid 5895] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] rt_sigprocmask(SIG_SETMASK, [], [pid 5895] <... futex resumed>) = 0 [pid 5897] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5895] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5897] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5897] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [ 106.598461][ T5896] ERROR: (device loop0): txCommit: [ 106.598461][ T5896] [ 106.608106][ T5896] blkno = 8f7c0, nblocks = 1 [ 106.612796][ T5896] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 106.612796][ T5896] [ 106.623991][ T5896] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 106.623991][ T5896] [ 106.633233][ T5896] ialloc: diAlloc returned -5! [pid 5897] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5895] <... futex resumed>) = 0 [pid 5897] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5895] exit_group(0 [pid 5897] <... futex resumed>) = ? [pid 5896] <... futex resumed>) = ? [pid 5895] <... exit_group resumed>) = ? [pid 5897] +++ exited with 0 +++ [pid 5896] +++ exited with 0 +++ [pid 5895] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5895, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 106.752809][ T1112] kworker/u8:5: attempt to access beyond end of device [ 106.752809][ T1112] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 106.766691][ T1112] metapage_write_end_io: I/O error umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file1") = 0 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5898 attached , child_tidptr=0x5555562da690) = 5898 [pid 5898] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5898] chdir("./22") = 0 [pid 5898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5898] setpgid(0, 0) = 0 [pid 5898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5898] write(3, "1000", 4) = 4 [pid 5898] close(3) = 0 [pid 5898] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5898] write(1, "executing program\n", 18) = 18 [pid 5898] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5898] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5898] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5898] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5898] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5898] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5899 attached [pid 5899] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 5898] <... clone3 resumed> => {parent_tid=[5899]}, 88) = 5899 [pid 5899] <... rseq resumed>) = 0 [pid 5898] rt_sigprocmask(SIG_SETMASK, [], [pid 5899] set_robust_list(0x7f30bb7649a0, 24 [pid 5898] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5899] <... set_robust_list resumed>) = 0 [pid 5898] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] rt_sigprocmask(SIG_SETMASK, [], [pid 5898] <... futex resumed>) = 0 [pid 5899] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5898] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5899] memfd_create("syzkaller", 0) = 3 [pid 5899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5899] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5899] munmap(0x7f30b3200000, 138412032) = 0 [pid 5899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5899] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5899] close(3) = 0 [pid 5899] close(4) = 0 [pid 5899] mkdir("./file1", 0777) = 0 [pid 5899] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5899] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5899] chdir("./file1") = 0 [pid 5899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 107.381036][ T5899] loop0: detected capacity change from 0 to 32768 [pid 5899] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5898] <... futex resumed>) = 0 [pid 5899] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5898] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] mkdirat(AT_FDCWD, "./bus", 000 [pid 5898] <... futex resumed>) = 0 [ 107.446917][ T5899] syz-executor188: attempt to access beyond end of device [ 107.446917][ T5899] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 107.461567][ T5899] metapage_write_end_io: I/O error [ 107.466729][ T5899] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 107.466729][ T5899] [ 107.477658][ T5899] ERROR: (device loop0): remounting filesystem as read-only [ 107.485047][ T5899] ERROR: (device loop0): diWrite: ixpxd invalid [ 107.485047][ T5899] [pid 5898] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5898] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5898] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5898] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5899] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5899] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5898] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5899] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5900 attached [pid 5900] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 5898] <... clone3 resumed> => {parent_tid=[5900]}, 88) = 5900 [pid 5900] set_robust_list(0x7f30bb7439a0, 24 [pid 5898] rt_sigprocmask(SIG_SETMASK, [], [pid 5900] <... set_robust_list resumed>) = 0 [pid 5898] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5900] rt_sigprocmask(SIG_SETMASK, [], [pid 5898] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5900] mkdir(".", 0777 [pid 5898] <... futex resumed>) = 0 [pid 5900] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5898] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5900] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5900] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5898] <... futex resumed>) = 0 [pid 5900] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] exit_group(0 [pid 5900] <... futex resumed>) = ? [pid 5899] <... futex resumed>) = ? [pid 5898] <... exit_group resumed>) = ? [pid 5900] +++ exited with 0 +++ [pid 5899] +++ exited with 0 +++ [pid 5898] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5898, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 107.493593][ T5899] ERROR: (device loop0): txCommit: [ 107.493593][ T5899] [ 107.501850][ T5899] blkno = 8f7c0, nblocks = 1 [ 107.506467][ T5899] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 107.506467][ T5899] [ 107.517582][ T5899] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 107.517582][ T5899] [ 107.527360][ T5899] ialloc: diAlloc returned -5! openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 107.637388][ T1112] kworker/u8:5: attempt to access beyond end of device [ 107.637388][ T1112] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 107.651320][ T1112] metapage_write_end_io: I/O error umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file1") = 0 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5901 attached , child_tidptr=0x5555562da690) = 5901 [pid 5901] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5901] chdir("./23") = 0 [pid 5901] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5901] setpgid(0, 0) = 0 [pid 5901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5901] write(3, "1000", 4) = 4 [pid 5901] close(3) = 0 [pid 5901] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5901] write(1, "executing program\n", 18executing program ) = 18 [pid 5901] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5901] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5901] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5901] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5901] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5902 attached [pid 5902] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5901] <... clone3 resumed> => {parent_tid=[5902]}, 88) = 5902 [pid 5902] set_robust_list(0x7f30bb7649a0, 24 [pid 5901] rt_sigprocmask(SIG_SETMASK, [], [pid 5902] <... set_robust_list resumed>) = 0 [pid 5901] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5902] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5901] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] memfd_create("syzkaller", 0 [pid 5901] <... futex resumed>) = 0 [pid 5901] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5902] <... memfd_create resumed>) = 3 [pid 5902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5902] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5902] munmap(0x7f30b3200000, 138412032) = 0 [pid 5902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5902] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5902] close(3) = 0 [pid 5902] close(4) = 0 [pid 5902] mkdir("./file1", 0777) = 0 [pid 5902] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5902] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5902] chdir("./file1") = 0 [pid 5902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5902] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5902] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5901] <... futex resumed>) = 0 [pid 5902] mkdirat(AT_FDCWD, "./bus", 000 [ 108.323835][ T5902] loop0: detected capacity change from 0 to 32768 [ 108.371621][ T5902] metapage_write_end_io: I/O error [ 108.376917][ T5902] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 108.376917][ T5902] [ 108.388449][ T5902] ERROR: (device loop0): remounting filesystem as read-only [ 108.399328][ T5902] ERROR: (device loop0): diWrite: ixpxd invalid [ 108.399328][ T5902] [ 108.408762][ T5902] ERROR: (device loop0): txCommit: [ 108.408762][ T5902] [pid 5901] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5901] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5902] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5901] <... mmap resumed>) = 0x7f30bb723000 [pid 5902] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE [pid 5902] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] <... mprotect resumed>) = 0 [pid 5901] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5901] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5903 attached [pid 5903] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 5903] set_robust_list(0x7f30bb7439a0, 24 [pid 5901] <... clone3 resumed> => {parent_tid=[5903]}, 88) = 5903 [pid 5903] <... set_robust_list resumed>) = 0 [pid 5903] rt_sigprocmask(SIG_SETMASK, [], [pid 5901] rt_sigprocmask(SIG_SETMASK, [], [pid 5903] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5901] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5903] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5901] <... futex resumed>) = 0 [pid 5903] mkdir(".", 0777 [pid 5901] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5903] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5903] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5903] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5903] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] exit_group(0 [pid 5903] <... futex resumed>) = ? [pid 5902] <... futex resumed>) = ? [pid 5903] +++ exited with 0 +++ [pid 5901] <... exit_group resumed>) = ? [pid 5902] +++ exited with 0 +++ [pid 5901] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5901, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- [ 108.418028][ T5902] blkno = 8f7c0, nblocks = 1 [ 108.422758][ T5902] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 108.422758][ T5902] [ 108.433483][ T5902] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 108.433483][ T5902] [ 108.443007][ T5902] ialloc: diAlloc returned -5! restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 108.576742][ T59] metapage_write_end_io: I/O error umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file1") = 0 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5904 attached , child_tidptr=0x5555562da690) = 5904 [pid 5904] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5904] chdir("./24") = 0 [pid 5904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5904] setpgid(0, 0) = 0 [pid 5904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5904] write(3, "1000", 4) = 4 [pid 5904] close(3) = 0 [pid 5904] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5904] write(1, "executing program\n", 18executing program ) = 18 [pid 5904] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5904] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5904] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5904] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5904] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5905 attached [pid 5905] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 5904] <... clone3 resumed> => {parent_tid=[5905]}, 88) = 5905 [pid 5905] <... rseq resumed>) = 0 [pid 5904] rt_sigprocmask(SIG_SETMASK, [], [pid 5905] set_robust_list(0x7f30bb7649a0, 24) = 0 [pid 5905] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5905] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5904] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] <... futex resumed>) = 0 [pid 5904] <... futex resumed>) = 1 [pid 5904] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5905] memfd_create("syzkaller", 0) = 3 [pid 5905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5905] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5905] munmap(0x7f30b3200000, 138412032) = 0 [pid 5905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5905] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5905] close(3) = 0 [pid 5905] close(4) = 0 [pid 5905] mkdir("./file1", 0777) = 0 [pid 5905] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5905] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5905] chdir("./file1") = 0 [pid 5905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5905] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5905] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5905] mkdirat(AT_FDCWD, "./bus", 000 [pid 5904] <... futex resumed>) = 0 [ 109.213139][ T5905] loop0: detected capacity change from 0 to 32768 [ 109.248632][ T5905] bio_check_eod: 2 callbacks suppressed [ 109.248655][ T5905] syz-executor188: attempt to access beyond end of device [pid 5904] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5904] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [ 109.248655][ T5905] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 109.268812][ T5905] metapage_write_end_io: I/O error [ 109.276594][ T5905] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 109.276594][ T5905] [ 109.287713][ T5905] ERROR: (device loop0): remounting filesystem as read-only [ 109.295172][ T5905] ERROR: (device loop0): diWrite: ixpxd invalid [ 109.295172][ T5905] [ 109.303666][ T5905] ERROR: (device loop0): txCommit: [ 109.303666][ T5905] [pid 5904] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5904] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5904] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5906 attached [pid 5906] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5905] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5906] <... rseq resumed>) = 0 [pid 5904] <... clone3 resumed> => {parent_tid=[5906]}, 88) = 5906 [pid 5905] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5906] set_robust_list(0x7f30bb7439a0, 24 [pid 5905] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] rt_sigprocmask(SIG_SETMASK, [], [pid 5906] <... set_robust_list resumed>) = 0 [pid 5904] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5906] rt_sigprocmask(SIG_SETMASK, [], [pid 5904] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5904] <... futex resumed>) = 0 [pid 5906] mkdir(".", 0777 [pid 5904] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5906] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5906] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5906] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5906] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] exit_group(0 [pid 5906] <... futex resumed>) = ? [pid 5905] <... futex resumed>) = ? [pid 5906] +++ exited with 0 +++ [pid 5905] +++ exited with 0 +++ [pid 5904] <... exit_group resumed>) = ? [pid 5904] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5904, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 109.313397][ T5905] blkno = 8f7c0, nblocks = 1 [ 109.318024][ T5905] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 109.318024][ T5905] [ 109.329313][ T5905] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 109.329313][ T5905] [ 109.338579][ T5905] ialloc: diAlloc returned -5! umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 109.464604][ T12] kworker/u8:0: attempt to access beyond end of device [ 109.464604][ T12] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 109.478494][ T12] metapage_write_end_io: I/O error umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file1") = 0 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5907 attached , child_tidptr=0x5555562da690) = 5907 [pid 5907] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5907] chdir("./25") = 0 [pid 5907] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5907] setpgid(0, 0) = 0 [pid 5907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5907] write(3, "1000", 4) = 4 [pid 5907] close(3) = 0 [pid 5907] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5907] write(1, "executing program\n", 18executing program ) = 18 [pid 5907] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5907] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5907] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5907] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5907] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5907] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5908 attached => {parent_tid=[5908]}, 88) = 5908 [pid 5908] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 5907] rt_sigprocmask(SIG_SETMASK, [], [pid 5908] <... rseq resumed>) = 0 [pid 5907] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5908] set_robust_list(0x7f30bb7649a0, 24 [pid 5907] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] <... set_robust_list resumed>) = 0 [pid 5908] rt_sigprocmask(SIG_SETMASK, [], [pid 5907] <... futex resumed>) = 0 [pid 5908] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5907] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5908] memfd_create("syzkaller", 0) = 3 [pid 5908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5908] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5908] munmap(0x7f30b3200000, 138412032) = 0 [pid 5908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5908] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5908] close(3) = 0 [pid 5908] close(4) = 0 [pid 5908] mkdir("./file1", 0777) = 0 [pid 5908] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5908] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5908] chdir("./file1") = 0 [pid 5908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 110.148179][ T5908] loop0: detected capacity change from 0 to 32768 [pid 5908] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5907] <... futex resumed>) = 0 [pid 5907] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] mkdirat(AT_FDCWD, "./bus", 000 [pid 5907] <... futex resumed>) = 0 [ 110.225580][ T5908] syz-executor188: attempt to access beyond end of device [ 110.225580][ T5908] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 110.239768][ T5908] metapage_write_end_io: I/O error [ 110.245160][ T5908] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 110.245160][ T5908] [ 110.256364][ T5908] ERROR: (device loop0): remounting filesystem as read-only [ 110.263889][ T5908] ERROR: (device loop0): diWrite: ixpxd invalid [ 110.263889][ T5908] [pid 5907] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5907] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5907] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE [pid 5908] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5907] <... mprotect resumed>) = 0 [pid 5908] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5908] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5907] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5907] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5909 attached => {parent_tid=[5909]}, 88) = 5909 [pid 5909] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5907] rt_sigprocmask(SIG_SETMASK, [], [pid 5909] <... rseq resumed>) = 0 [pid 5907] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5909] set_robust_list(0x7f30bb7439a0, 24 [pid 5907] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... set_robust_list resumed>) = 0 [pid 5907] <... futex resumed>) = 0 [pid 5909] rt_sigprocmask(SIG_SETMASK, [], [pid 5907] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5909] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5909] mkdir(".", 0777) = -1 EEXIST (File exists) [ 110.272429][ T5908] ERROR: (device loop0): txCommit: [ 110.272429][ T5908] [ 110.280915][ T5908] blkno = 8f7c0, nblocks = 1 [ 110.285531][ T5908] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 110.285531][ T5908] [ 110.296835][ T5908] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 110.296835][ T5908] [ 110.306276][ T5908] ialloc: diAlloc returned -5! [pid 5909] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5909] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5907] <... futex resumed>) = 0 [pid 5909] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5907] exit_group(0 [pid 5909] <... futex resumed>) = ? [pid 5908] <... futex resumed>) = ? [pid 5907] <... exit_group resumed>) = ? [pid 5908] +++ exited with 0 +++ [pid 5909] +++ exited with 0 +++ [pid 5907] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5907, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 110.468499][ T3476] kworker/u8:9: attempt to access beyond end of device [ 110.468499][ T3476] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 110.482457][ T3476] metapage_write_end_io: I/O error umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file1") = 0 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5910 attached , child_tidptr=0x5555562da690) = 5910 [pid 5910] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5910] chdir("./26") = 0 [pid 5910] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5910] setpgid(0, 0) = 0 [pid 5910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5910] write(3, "1000", 4) = 4 [pid 5910] close(3) = 0 [pid 5910] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5910] write(1, "executing program\n", 18) = 18 [pid 5910] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5910] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5910] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5910] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5910] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5910] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5910] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5911 attached => {parent_tid=[5911]}, 88) = 5911 [pid 5911] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 5910] rt_sigprocmask(SIG_SETMASK, [], [pid 5911] <... rseq resumed>) = 0 [pid 5910] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5911] set_robust_list(0x7f30bb7649a0, 24 [pid 5910] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] <... set_robust_list resumed>) = 0 [pid 5911] rt_sigprocmask(SIG_SETMASK, [], [pid 5910] <... futex resumed>) = 0 [pid 5911] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5910] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5911] memfd_create("syzkaller", 0) = 3 [pid 5911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5911] munmap(0x7f30b3200000, 138412032) = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5911] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5911] close(3) = 0 [pid 5911] close(4) = 0 [pid 5911] mkdir("./file1", 0777) = 0 [ 111.172852][ T5911] loop0: detected capacity change from 0 to 32768 [pid 5911] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5911] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5911] chdir("./file1") = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5911] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5911] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] <... futex resumed>) = 0 [pid 5911] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5910] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] mkdirat(AT_FDCWD, "./bus", 000 [pid 5910] <... futex resumed>) = 0 [pid 5910] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5910] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 111.277912][ T5911] syz-executor188: attempt to access beyond end of device [ 111.277912][ T5911] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 111.292272][ T5911] metapage_write_end_io: I/O error [ 111.298120][ T5911] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 111.298120][ T5911] [ 111.310014][ T5911] ERROR: (device loop0): remounting filesystem as read-only [ 111.317646][ T5911] ERROR: (device loop0): diWrite: ixpxd invalid [ 111.317646][ T5911] [pid 5910] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5910] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5910] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5910] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5912 attached [pid 5912] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5910] <... clone3 resumed> => {parent_tid=[5912]}, 88) = 5912 [pid 5912] <... rseq resumed>) = 0 [pid 5912] set_robust_list(0x7f30bb7439a0, 24) = 0 [pid 5910] rt_sigprocmask(SIG_SETMASK, [], [pid 5912] rt_sigprocmask(SIG_SETMASK, [], [pid 5910] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5912] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5910] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5910] <... futex resumed>) = 0 [pid 5912] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "" [pid 5910] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5912] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5912] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5911] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5910] <... futex resumed>) = 0 [pid 5912] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5911] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] exit_group(0 [pid 5912] <... futex resumed>) = ? [pid 5911] <... futex resumed>) = ? [pid 5910] <... exit_group resumed>) = ? [pid 5911] +++ exited with 0 +++ [pid 5912] +++ exited with 0 +++ [pid 5910] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5910, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 111.326329][ T5911] ERROR: (device loop0): txCommit: [ 111.326329][ T5911] [ 111.334640][ T5911] blkno = 8f7c0, nblocks = 1 [ 111.339363][ T5911] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 111.339363][ T5911] [ 111.350039][ T5911] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 111.350039][ T5911] [ 111.359193][ T5911] ERROR: (device loop0): remounting filesystem as read-only [ 111.366687][ T5911] ialloc: diAlloc returned -5! umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 111.479454][ T5824] syz-executor188: attempt to access beyond end of device [ 111.479454][ T5824] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 111.493683][ T5824] metapage_write_end_io: I/O error newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file1") = 0 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5913 attached , child_tidptr=0x5555562da690) = 5913 [pid 5913] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5913] chdir("./27") = 0 [pid 5913] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5913] setpgid(0, 0) = 0 [pid 5913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5913] write(3, "1000", 4) = 4 [pid 5913] close(3) = 0 [pid 5913] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5913] write(1, "executing program\n", 18) = 18 [pid 5913] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5913] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5913] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5913] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5913] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5914 attached => {parent_tid=[5914]}, 88) = 5914 [pid 5913] rt_sigprocmask(SIG_SETMASK, [], [pid 5914] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 5913] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5914] <... rseq resumed>) = 0 [pid 5913] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] set_robust_list(0x7f30bb7649a0, 24 [pid 5913] <... futex resumed>) = 0 [pid 5914] <... set_robust_list resumed>) = 0 [pid 5913] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5914] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5914] memfd_create("syzkaller", 0) = 3 [pid 5914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5914] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5914] munmap(0x7f30b3200000, 138412032) = 0 [pid 5914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5914] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5914] close(3) = 0 [pid 5914] close(4) = 0 [pid 5914] mkdir("./file1", 0777) = 0 [ 112.119564][ T5914] loop0: detected capacity change from 0 to 32768 [pid 5914] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5914] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5914] chdir("./file1") = 0 [pid 5914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5914] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5913] <... futex resumed>) = 0 [pid 5914] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5913] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5913] <... futex resumed>) = 0 [pid 5914] mkdirat(AT_FDCWD, "./bus", 000 [ 112.222839][ T5914] syz-executor188: attempt to access beyond end of device [ 112.222839][ T5914] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 112.237398][ T5914] metapage_write_end_io: I/O error [ 112.242712][ T5914] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 112.242712][ T5914] [ 112.253459][ T5914] ERROR: (device loop0): remounting filesystem as read-only [ 112.260854][ T5914] ERROR: (device loop0): diWrite: ixpxd invalid [ 112.260854][ T5914] [pid 5913] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5913] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5913] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5913] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5914] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5913] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5914] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0} [pid 5914] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5915 attached [pid 5913] <... clone3 resumed> => {parent_tid=[5915]}, 88) = 5915 [pid 5915] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 5915] set_robust_list(0x7f30bb7439a0, 24 [pid 5913] rt_sigprocmask(SIG_SETMASK, [], [pid 5915] <... set_robust_list resumed>) = 0 [pid 5913] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5915] rt_sigprocmask(SIG_SETMASK, [], [pid 5913] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5913] <... futex resumed>) = 0 [pid 5915] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5913] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5915] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5915] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5913] <... futex resumed>) = 0 [pid 5915] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5913] exit_group(0 [pid 5914] <... futex resumed>) = ? [pid 5914] +++ exited with 0 +++ [pid 5915] <... futex resumed>) = ? [pid 5915] +++ exited with 0 +++ [pid 5913] <... exit_group resumed>) = ? [pid 5913] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5913, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 112.269309][ T5914] ERROR: (device loop0): txCommit: [ 112.269309][ T5914] [ 112.277709][ T5914] blkno = 8f7c0, nblocks = 1 [ 112.282409][ T5914] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 112.282409][ T5914] [ 112.293223][ T5914] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 112.293223][ T5914] [ 112.302498][ T5914] ialloc: diAlloc returned -5! umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 112.393616][ T59] kworker/u8:4: attempt to access beyond end of device [ 112.393616][ T59] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 112.407516][ T59] metapage_write_end_io: I/O error umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file1") = 0 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5916 attached , child_tidptr=0x5555562da690) = 5916 [pid 5916] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5916] chdir("./28") = 0 [pid 5916] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5916] setpgid(0, 0) = 0 [pid 5916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5916] write(3, "1000", 4) = 4 [pid 5916] close(3) = 0 [pid 5916] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5916] write(1, "executing program\n", 18) = 18 [pid 5916] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5916] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5916] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5916] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5916] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5916] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5916] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5917 attached [pid 5917] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5917] set_robust_list(0x7f30bb7649a0, 24) = 0 [pid 5916] <... clone3 resumed> => {parent_tid=[5917]}, 88) = 5917 [pid 5917] rt_sigprocmask(SIG_SETMASK, [], [pid 5916] rt_sigprocmask(SIG_SETMASK, [], [pid 5917] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5916] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5917] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5916] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5916] <... futex resumed>) = 0 [pid 5917] memfd_create("syzkaller", 0 [pid 5916] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5917] <... memfd_create resumed>) = 3 [pid 5917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5917] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5917] munmap(0x7f30b3200000, 138412032) = 0 [pid 5917] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5917] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5917] close(3) = 0 [pid 5917] close(4) = 0 [pid 5917] mkdir("./file1", 0777) = 0 [ 113.107179][ T5917] loop0: detected capacity change from 0 to 32768 [pid 5917] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5917] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5917] chdir("./file1") = 0 [pid 5917] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5917] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5916] <... futex resumed>) = 0 [pid 5917] mkdirat(AT_FDCWD, "./bus", 000 [pid 5916] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 113.202512][ T5917] syz-executor188: attempt to access beyond end of device [ 113.202512][ T5917] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 113.216832][ T5917] metapage_write_end_io: I/O error [ 113.222106][ T5917] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 113.222106][ T5917] [ 113.232875][ T5917] ERROR: (device loop0): remounting filesystem as read-only [ 113.240283][ T5917] ERROR: (device loop0): diWrite: ixpxd invalid [ 113.240283][ T5917] [pid 5916] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5916] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5916] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5916] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5916] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5916] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5918 attached [pid 5918] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 5918] set_robust_list(0x7f30bb7439a0, 24) = 0 [pid 5916] <... clone3 resumed> => {parent_tid=[5918]}, 88) = 5918 [pid 5918] rt_sigprocmask(SIG_SETMASK, [], [pid 5916] rt_sigprocmask(SIG_SETMASK, [], [pid 5918] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5918] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5916] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5916] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] mkdir(".", 0777 [pid 5916] <... futex resumed>) = 0 [pid 5918] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5916] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5918] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5918] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... futex resumed>) = 0 [pid 5918] <... futex resumed>) = 1 [pid 5918] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5917] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5917] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5917] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5916] exit_group(0 [pid 5918] <... futex resumed>) = ? [pid 5917] <... futex resumed>) = ? [pid 5916] <... exit_group resumed>) = ? [pid 5918] +++ exited with 0 +++ [pid 5917] +++ exited with 0 +++ [pid 5916] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5916, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 113.248739][ T5917] ERROR: (device loop0): txCommit: [ 113.248739][ T5917] [ 113.257134][ T5917] blkno = 8f7c0, nblocks = 1 [ 113.261801][ T5917] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 113.261801][ T5917] [ 113.272885][ T5917] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 113.272885][ T5917] [ 113.282101][ T5917] ERROR: (device loop0): remounting filesystem as read-only [ 113.289523][ T5917] ialloc: diAlloc returned -5! umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 113.398813][ T5824] syz-executor188: attempt to access beyond end of device [ 113.398813][ T5824] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 113.413021][ T5824] metapage_write_end_io: I/O error umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file1") = 0 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5919 attached , child_tidptr=0x5555562da690) = 5919 [pid 5919] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5919] chdir("./29") = 0 [pid 5919] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5919] setpgid(0, 0) = 0 [pid 5919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5919] write(3, "1000", 4) = 4 [pid 5919] close(3) = 0 [pid 5919] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5919] write(1, "executing program\n", 18) = 18 [pid 5919] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5919] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5919] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5919] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5919] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5919] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5919] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5920 attached [pid 5920] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5920] set_robust_list(0x7f30bb7649a0, 24) = 0 [pid 5919] <... clone3 resumed> => {parent_tid=[5920]}, 88) = 5920 [pid 5920] rt_sigprocmask(SIG_SETMASK, [], [pid 5919] rt_sigprocmask(SIG_SETMASK, [], [pid 5920] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5920] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5919] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5919] <... futex resumed>) = 0 [pid 5919] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5920] memfd_create("syzkaller", 0) = 3 [pid 5920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5920] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5920] munmap(0x7f30b3200000, 138412032) = 0 [pid 5920] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5920] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5920] close(3) = 0 [pid 5920] close(4) = 0 [pid 5920] mkdir("./file1", 0777) = 0 [pid 5920] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5920] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5920] chdir("./file1") = 0 [ 114.085510][ T5920] loop0: detected capacity change from 0 to 32768 [pid 5920] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5920] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5919] <... futex resumed>) = 0 [pid 5920] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5919] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] mkdirat(AT_FDCWD, "./bus", 000 [pid 5919] <... futex resumed>) = 0 [ 114.165080][ T5920] metapage_write_end_io: I/O error [ 114.170523][ T5920] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 114.170523][ T5920] [ 114.181759][ T5920] ERROR: (device loop0): remounting filesystem as read-only [ 114.189113][ T5920] ERROR: (device loop0): diWrite: ixpxd invalid [ 114.189113][ T5920] [ 114.197615][ T5920] ERROR: (device loop0): txCommit: [ 114.197615][ T5920] [ 114.206377][ T5920] blkno = 8f7c0, nblocks = 1 [pid 5919] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5919] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5919] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5919] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5919] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5919] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5921 attached [pid 5921] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5919] <... clone3 resumed> => {parent_tid=[5921]}, 88) = 5921 [pid 5921] <... rseq resumed>) = 0 [pid 5919] rt_sigprocmask(SIG_SETMASK, [], [pid 5921] set_robust_list(0x7f30bb7439a0, 24 [pid 5919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5921] <... set_robust_list resumed>) = 0 [pid 5919] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] rt_sigprocmask(SIG_SETMASK, [], [pid 5919] <... futex resumed>) = 0 [pid 5921] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5919] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5921] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5921] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5920] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5921] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5919] <... futex resumed>) = 0 [pid 5919] exit_group(0) = ? [pid 5921] +++ exited with 0 +++ [pid 5920] +++ exited with 0 +++ [pid 5919] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5919, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 114.211111][ T5920] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 114.211111][ T5920] [ 114.222996][ T5920] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 114.222996][ T5920] [ 114.232757][ T5920] ialloc: diAlloc returned -5! openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 114.336568][ T59] bio_check_eod: 1 callbacks suppressed [ 114.336581][ T59] kworker/u8:4: attempt to access beyond end of device [ 114.336581][ T59] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 114.356063][ T59] metapage_write_end_io: I/O error umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file1") = 0 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5922 attached , child_tidptr=0x5555562da690) = 5922 [pid 5922] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5922] chdir("./30") = 0 [pid 5922] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5922] setpgid(0, 0) = 0 [pid 5922] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5922] write(3, "1000", 4) = 4 [pid 5922] close(3) = 0 [pid 5922] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5922] write(1, "executing program\n", 18) = 18 [pid 5922] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5922] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5922] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5922] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5922] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5922] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5922] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5923 attached [pid 5923] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 5922] <... clone3 resumed> => {parent_tid=[5923]}, 88) = 5923 [pid 5923] <... rseq resumed>) = 0 [pid 5922] rt_sigprocmask(SIG_SETMASK, [], [pid 5923] set_robust_list(0x7f30bb7649a0, 24 [pid 5922] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5923] <... set_robust_list resumed>) = 0 [pid 5923] rt_sigprocmask(SIG_SETMASK, [], [pid 5922] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5922] <... futex resumed>) = 0 [pid 5923] memfd_create("syzkaller", 0 [pid 5922] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5923] <... memfd_create resumed>) = 3 [pid 5923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5923] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5923] munmap(0x7f30b3200000, 138412032) = 0 [pid 5923] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5923] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5923] close(3) = 0 [pid 5923] close(4) = 0 [pid 5923] mkdir("./file1", 0777) = 0 [pid 5923] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5923] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5923] chdir("./file1") = 0 [pid 5923] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5923] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5922] <... futex resumed>) = 0 [pid 5922] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5923] mkdirat(AT_FDCWD, "./bus", 000 [ 114.985526][ T5923] loop0: detected capacity change from 0 to 32768 [ 115.023953][ T5923] syz-executor188: attempt to access beyond end of device [pid 5922] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5922] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5922] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [ 115.023953][ T5923] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 115.041560][ T5923] metapage_write_end_io: I/O error [ 115.046810][ T5923] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 115.046810][ T5923] [ 115.058061][ T5923] ERROR: (device loop0): remounting filesystem as read-only [ 115.065490][ T5923] ERROR: (device loop0): diWrite: ixpxd invalid [ 115.065490][ T5923] [ 115.074209][ T5923] ERROR: (device loop0): txCommit: [ 115.074209][ T5923] [pid 5922] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5922] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5922] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5924 attached [pid 5924] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 5922] <... clone3 resumed> => {parent_tid=[5924]}, 88) = 5924 [pid 5924] set_robust_list(0x7f30bb7439a0, 24 [pid 5922] rt_sigprocmask(SIG_SETMASK, [], [pid 5924] <... set_robust_list resumed>) = 0 [pid 5924] rt_sigprocmask(SIG_SETMASK, [], [pid 5922] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5924] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5922] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5922] <... futex resumed>) = 0 [pid 5922] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5924] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5924] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5924] <... futex resumed>) = 1 [pid 5923] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... futex resumed>) = 0 [pid 5924] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5923] <... futex resumed>) = 0 [pid 5922] exit_group(0 [pid 5923] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5924] <... futex resumed>) = ? [pid 5923] <... futex resumed>) = ? [pid 5922] <... exit_group resumed>) = ? [pid 5924] +++ exited with 0 +++ [pid 5923] +++ exited with 0 +++ [pid 5922] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5922, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 115.083362][ T5923] blkno = 8f7c0, nblocks = 1 [ 115.088486][ T5923] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 115.088486][ T5923] [ 115.101061][ T5923] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 115.101061][ T5923] [ 115.110522][ T5923] ialloc: diAlloc returned -5! newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 115.201553][ T59] kworker/u8:4: attempt to access beyond end of device [ 115.201553][ T59] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 115.215457][ T59] metapage_write_end_io: I/O error newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file1") = 0 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5925 attached , child_tidptr=0x5555562da690) = 5925 [pid 5925] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5925] chdir("./31") = 0 [pid 5925] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5925] setpgid(0, 0) = 0 [pid 5925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5925] write(3, "1000", 4) = 4 [pid 5925] close(3) = 0 [pid 5925] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5925] write(1, "executing program\n", 18) = 18 [pid 5925] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5925] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5925] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5925] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5925] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5925] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5925] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5926 attached [pid 5926] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5926] set_robust_list(0x7f30bb7649a0, 24 [pid 5925] <... clone3 resumed> => {parent_tid=[5926]}, 88) = 5926 [pid 5926] <... set_robust_list resumed>) = 0 [pid 5926] rt_sigprocmask(SIG_SETMASK, [], [pid 5925] rt_sigprocmask(SIG_SETMASK, [], [pid 5926] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5925] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5926] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5925] <... futex resumed>) = 0 [pid 5926] memfd_create("syzkaller", 0 [pid 5925] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5926] <... memfd_create resumed>) = 3 [pid 5926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5926] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5926] munmap(0x7f30b3200000, 138412032) = 0 [pid 5926] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5926] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5926] close(3) = 0 [pid 5926] close(4) = 0 [pid 5926] mkdir("./file1", 0777) = 0 [pid 5926] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5926] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 115.802758][ T5926] loop0: detected capacity change from 0 to 32768 [pid 5926] chdir("./file1") = 0 [pid 5926] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5926] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5925] <... futex resumed>) = 0 [pid 5926] mkdirat(AT_FDCWD, "./bus", 000 [pid 5925] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 115.885628][ T5926] syz-executor188: attempt to access beyond end of device [ 115.885628][ T5926] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 115.900046][ T5926] metapage_write_end_io: I/O error [ 115.905240][ T5926] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 115.905240][ T5926] [ 115.916456][ T5926] ERROR: (device loop0): remounting filesystem as read-only [ 115.923817][ T5926] ERROR: (device loop0): diWrite: ixpxd invalid [ 115.923817][ T5926] [pid 5925] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5925] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5925] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5925] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5925] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5925] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5927 attached [pid 5927] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 5927] set_robust_list(0x7f30bb7439a0, 24 [pid 5925] <... clone3 resumed> => {parent_tid=[5927]}, 88) = 5927 [pid 5927] <... set_robust_list resumed>) = 0 [pid 5925] rt_sigprocmask(SIG_SETMASK, [], [pid 5927] rt_sigprocmask(SIG_SETMASK, [], [pid 5925] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5927] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5925] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] mkdir(".", 0777 [pid 5925] <... futex resumed>) = 0 [pid 5927] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5925] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5927] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5927] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5927] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] <... futex resumed>) = 0 [pid 5926] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5926] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] exit_group(0 [pid 5927] <... futex resumed>) = ? [pid 5926] <... futex resumed>) = ? [pid 5925] <... exit_group resumed>) = ? [pid 5927] +++ exited with 0 +++ [pid 5926] +++ exited with 0 +++ [pid 5925] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5925, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- [ 115.932717][ T5926] ERROR: (device loop0): txCommit: [ 115.932717][ T5926] [ 115.941179][ T5926] blkno = 8f7c0, nblocks = 1 [ 115.945813][ T5926] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 115.945813][ T5926] [ 115.956474][ T5926] ERROR: (device loop0): remounting filesystem as read-only [ 115.964902][ T5926] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 115.964902][ T5926] [ 115.974149][ T5926] ialloc: diAlloc returned -5! restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 116.093496][ T5824] syz-executor188: attempt to access beyond end of device [ 116.093496][ T5824] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 116.107717][ T5824] metapage_write_end_io: I/O error umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file1") = 0 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5928 attached , child_tidptr=0x5555562da690) = 5928 [pid 5928] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5928] chdir("./32") = 0 [pid 5928] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5928] setpgid(0, 0) = 0 [pid 5928] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5928] write(3, "1000", 4) = 4 [pid 5928] close(3) = 0 [pid 5928] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5928] write(1, "executing program\n", 18) = 18 [pid 5928] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5928] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5928] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5928] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5928] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5928] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5928] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5929 attached => {parent_tid=[5929]}, 88) = 5929 [pid 5928] rt_sigprocmask(SIG_SETMASK, [], [pid 5929] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 5928] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5929] <... rseq resumed>) = 0 [pid 5928] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] set_robust_list(0x7f30bb7649a0, 24 [pid 5928] <... futex resumed>) = 0 [pid 5928] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5929] <... set_robust_list resumed>) = 0 [pid 5929] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5929] memfd_create("syzkaller", 0) = 3 [pid 5929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5929] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5929] munmap(0x7f30b3200000, 138412032) = 0 [pid 5929] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5929] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5929] close(3) = 0 [pid 5929] close(4) = 0 [pid 5929] mkdir("./file1", 0777) = 0 [pid 5929] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5929] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5929] chdir("./file1") = 0 [pid 5929] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5929] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5928] <... futex resumed>) = 0 [pid 5929] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5928] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 116.756201][ T5929] loop0: detected capacity change from 0 to 32768 [pid 5929] mkdirat(AT_FDCWD, "./bus", 000 [pid 5928] <... futex resumed>) = 0 [ 116.803754][ T5929] syz-executor188: attempt to access beyond end of device [ 116.803754][ T5929] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 116.818865][ T5929] metapage_write_end_io: I/O error [ 116.826752][ T5929] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 116.826752][ T5929] [ 116.838038][ T5929] ERROR: (device loop0): remounting filesystem as read-only [ 116.847986][ T5929] ERROR: (device loop0): diWrite: ixpxd invalid [pid 5928] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5928] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5928] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5928] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5928] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5929] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5928] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5928] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0} [pid 5929] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5930 attached ) = 0 [pid 5930] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 5930] set_robust_list(0x7f30bb7439a0, 24 [pid 5929] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5928] <... clone3 resumed> => {parent_tid=[5930]}, 88) = 5930 [pid 5930] <... set_robust_list resumed>) = 0 [pid 5928] rt_sigprocmask(SIG_SETMASK, [], [pid 5930] rt_sigprocmask(SIG_SETMASK, [], [pid 5928] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5930] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5928] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5930] mkdir(".", 0777 [pid 5928] <... futex resumed>) = 0 [pid 5930] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5928] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 116.847986][ T5929] [ 116.857317][ T5929] ERROR: (device loop0): txCommit: [ 116.857317][ T5929] [ 116.865852][ T5929] blkno = 8f7c0, nblocks = 1 [ 116.871417][ T5929] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 116.871417][ T5929] [ 116.882422][ T5929] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 116.882422][ T5929] [ 116.891788][ T5929] ialloc: diAlloc returned -5! [pid 5930] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5930] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5930] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5928] <... futex resumed>) = 0 [pid 5928] exit_group(0 [pid 5929] <... futex resumed>) = ? [pid 5928] <... exit_group resumed>) = ? [pid 5930] <... futex resumed>) = ? [pid 5929] +++ exited with 0 +++ [pid 5930] +++ exited with 0 +++ [pid 5928] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5928, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 117.049138][ T59] kworker/u8:4: attempt to access beyond end of device [ 117.049138][ T59] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 117.063055][ T59] metapage_write_end_io: I/O error umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file1") = 0 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5931 attached , child_tidptr=0x5555562da690) = 5931 [pid 5931] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5931] chdir("./33") = 0 [pid 5931] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5931] setpgid(0, 0) = 0 [pid 5931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5931] write(3, "1000", 4) = 4 [pid 5931] close(3) = 0 [pid 5931] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5931] write(1, "executing program\n", 18executing program ) = 18 [pid 5931] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5931] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5931] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5931] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5931] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5932 attached [pid 5932] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5931] <... clone3 resumed> => {parent_tid=[5932]}, 88) = 5932 [pid 5932] set_robust_list(0x7f30bb7649a0, 24 [pid 5931] rt_sigprocmask(SIG_SETMASK, [], [pid 5932] <... set_robust_list resumed>) = 0 [pid 5931] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5932] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5931] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] memfd_create("syzkaller", 0 [pid 5931] <... futex resumed>) = 0 [pid 5931] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5932] <... memfd_create resumed>) = 3 [pid 5932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5932] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5932] munmap(0x7f30b3200000, 138412032) = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5932] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5932] close(3) = 0 [pid 5932] close(4) = 0 [pid 5932] mkdir("./file1", 0777) = 0 [pid 5932] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5932] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5932] chdir("./file1") = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5932] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5932] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] <... futex resumed>) = 0 [ 117.709482][ T5932] loop0: detected capacity change from 0 to 32768 [pid 5931] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... futex resumed>) = 0 [pid 5931] <... futex resumed>) = 1 [pid 5932] mkdirat(AT_FDCWD, "./bus", 000 [ 117.770223][ T5932] syz-executor188: attempt to access beyond end of device [ 117.770223][ T5932] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 117.784865][ T5932] metapage_write_end_io: I/O error [ 117.790621][ T5932] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 117.790621][ T5932] [ 117.801469][ T5932] ERROR: (device loop0): remounting filesystem as read-only [ 117.808806][ T5932] ERROR: (device loop0): diWrite: ixpxd invalid [ 117.808806][ T5932] [pid 5931] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5931] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5931] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5931] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5931] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5933 attached [pid 5933] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5932] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5931] <... clone3 resumed> => {parent_tid=[5933]}, 88) = 5933 [pid 5933] <... rseq resumed>) = 0 [pid 5932] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] rt_sigprocmask(SIG_SETMASK, [], [pid 5933] set_robust_list(0x7f30bb7439a0, 24 [pid 5931] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5933] <... set_robust_list resumed>) = 0 [pid 5931] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5931] <... futex resumed>) = 0 [pid 5933] mkdir(".", 0777 [pid 5931] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5933] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5933] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5932] <... futex resumed>) = 0 [pid 5933] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5933] <... futex resumed>) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5933] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] exit_group(0 [pid 5932] <... futex resumed>) = ? [pid 5933] <... futex resumed>) = ? [pid 5931] <... exit_group resumed>) = ? [pid 5932] +++ exited with 0 +++ [pid 5933] +++ exited with 0 +++ [pid 5931] +++ exited with 0 +++ [ 117.817733][ T5932] ERROR: (device loop0): txCommit: [ 117.817733][ T5932] [ 117.826668][ T5932] blkno = 8f7c0, nblocks = 1 [ 117.831399][ T5932] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 117.831399][ T5932] [ 117.842446][ T5932] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 117.842446][ T5932] [ 117.852975][ T5932] ialloc: diAlloc returned -5! --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5931, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 117.967918][ T59] kworker/u8:4: attempt to access beyond end of device [ 117.967918][ T59] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 117.981936][ T59] metapage_write_end_io: I/O error newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file1") = 0 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5935 attached , child_tidptr=0x5555562da690) = 5935 [pid 5935] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5935] chdir("./34") = 0 [pid 5935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5935] setpgid(0, 0) = 0 [pid 5935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5935] write(3, "1000", 4) = 4 [pid 5935] close(3) = 0 [pid 5935] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5935] write(1, "executing program\n", 18) = 18 [pid 5935] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5935] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5935] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5936 attached [pid 5936] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5935] <... clone3 resumed> => {parent_tid=[5936]}, 88) = 5936 [pid 5936] set_robust_list(0x7f30bb7649a0, 24 [pid 5935] rt_sigprocmask(SIG_SETMASK, [], [pid 5936] <... set_robust_list resumed>) = 0 [pid 5935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5936] rt_sigprocmask(SIG_SETMASK, [], [pid 5935] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5935] <... futex resumed>) = 0 [pid 5936] memfd_create("syzkaller", 0 [pid 5935] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5936] <... memfd_create resumed>) = 3 [pid 5936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5936] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5936] munmap(0x7f30b3200000, 138412032) = 0 [pid 5936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5936] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5936] close(3) = 0 [pid 5936] close(4) = 0 [pid 5936] mkdir("./file1", 0777) = 0 [pid 5936] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5936] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5936] chdir("./file1") = 0 [pid 5936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5936] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5935] <... futex resumed>) = 0 [pid 5936] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5935] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] mkdirat(AT_FDCWD, "./bus", 000 [pid 5935] <... futex resumed>) = 0 [ 118.608339][ T5936] loop0: detected capacity change from 0 to 32768 [ 118.644753][ T5936] syz-executor188: attempt to access beyond end of device [pid 5935] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 118.644753][ T5936] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 118.659045][ T5936] metapage_write_end_io: I/O error [ 118.667386][ T5936] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 118.667386][ T5936] [ 118.678592][ T5936] ERROR: (device loop0): remounting filesystem as read-only [ 118.686229][ T5936] ERROR: (device loop0): diWrite: ixpxd invalid [ 118.686229][ T5936] [ 118.694745][ T5936] ERROR: (device loop0): txCommit: [ 118.694745][ T5936] [ 118.703414][ T5936] blkno = 8f7c0, nblocks = 1 [pid 5935] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5935] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5937 attached [pid 5937] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 5937] set_robust_list(0x7f30bb7439a0, 24) = 0 [pid 5935] <... clone3 resumed> => {parent_tid=[5937]}, 88) = 5937 [pid 5937] rt_sigprocmask(SIG_SETMASK, [], [pid 5935] rt_sigprocmask(SIG_SETMASK, [], [pid 5937] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5937] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5935] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5937] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5935] <... futex resumed>) = 0 [pid 5937] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5935] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5937] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5937] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] <... futex resumed>) = 0 [pid 5937] <... futex resumed>) = 1 [pid 5937] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5936] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5936] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5935] exit_group(0 [pid 5937] <... futex resumed>) = ? [pid 5936] <... futex resumed>) = ? [pid 5935] <... exit_group resumed>) = ? [pid 5937] +++ exited with 0 +++ [pid 5936] +++ exited with 0 +++ [pid 5935] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5935, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 118.708043][ T5936] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 118.708043][ T5936] [ 118.719202][ T5936] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 118.719202][ T5936] [ 118.728635][ T5936] ialloc: diAlloc returned -5! openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 118.822885][ T59] metapage_write_end_io: I/O error openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file1") = 0 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5938 attached , child_tidptr=0x5555562da690) = 5938 [pid 5938] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5938] chdir("./35") = 0 [pid 5938] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5938] setpgid(0, 0) = 0 [pid 5938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5938] write(3, "1000", 4) = 4 [pid 5938] close(3) = 0 [pid 5938] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5938] write(1, "executing program\n", 18executing program ) = 18 [pid 5938] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5938] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5938] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5938] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5938] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5938] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5939 attached [pid 5939] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5939] set_robust_list(0x7f30bb7649a0, 24 [pid 5938] <... clone3 resumed> => {parent_tid=[5939]}, 88) = 5939 [pid 5939] <... set_robust_list resumed>) = 0 [pid 5938] rt_sigprocmask(SIG_SETMASK, [], [pid 5939] rt_sigprocmask(SIG_SETMASK, [], [pid 5938] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5939] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5938] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] memfd_create("syzkaller", 0 [pid 5938] <... futex resumed>) = 0 [pid 5938] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5939] <... memfd_create resumed>) = 3 [pid 5939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5939] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5939] munmap(0x7f30b3200000, 138412032) = 0 [pid 5939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5939] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5939] close(3) = 0 [pid 5939] close(4) = 0 [pid 5939] mkdir("./file1", 0777) = 0 [pid 5939] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5939] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5939] chdir("./file1") = 0 [pid 5939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5939] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5938] <... futex resumed>) = 0 [pid 5938] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] mkdirat(AT_FDCWD, "./bus", 000 [pid 5938] <... futex resumed>) = 0 [ 119.471500][ T5939] loop0: detected capacity change from 0 to 32768 [ 119.528053][ T5939] bio_check_eod: 1 callbacks suppressed [ 119.528070][ T5939] syz-executor188: attempt to access beyond end of device [ 119.528070][ T5939] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 119.549007][ T5939] metapage_write_end_io: I/O error [ 119.554316][ T5939] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 119.554316][ T5939] [ 119.565791][ T5939] ERROR: (device loop0): remounting filesystem as read-only [pid 5938] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5938] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5938] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5938] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5938] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5940 attached [pid 5940] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 5938] <... clone3 resumed> => {parent_tid=[5940]}, 88) = 5940 [pid 5940] set_robust_list(0x7f30bb7439a0, 24) = 0 [pid 5938] rt_sigprocmask(SIG_SETMASK, [], [pid 5940] rt_sigprocmask(SIG_SETMASK, [], [pid 5938] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5940] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5938] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5938] <... futex resumed>) = 0 [pid 5938] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5940] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5940] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5938] <... futex resumed>) = 0 [ 119.573363][ T5939] ERROR: (device loop0): diWrite: ixpxd invalid [ 119.573363][ T5939] [ 119.581967][ T5939] ERROR: (device loop0): txCommit: [ 119.581967][ T5939] [ 119.590506][ T5939] blkno = 8f7c0, nblocks = 1 [ 119.595177][ T5939] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 119.595177][ T5939] [ 119.605703][ T5939] ERROR: (device loop0): remounting filesystem as read-only [ 119.615020][ T5939] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 119.615020][ T5939] [pid 5940] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5939] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5939] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5939] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5938] exit_group(0 [pid 5940] <... futex resumed>) = ? [pid 5939] <... futex resumed>) = ? [pid 5938] <... exit_group resumed>) = ? [pid 5940] +++ exited with 0 +++ [pid 5939] +++ exited with 0 +++ [pid 5938] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5938, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- [ 119.624770][ T5939] ialloc: diAlloc returned -5! restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 119.747964][ T5824] syz-executor188: attempt to access beyond end of device [ 119.747964][ T5824] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 119.762325][ T5824] metapage_write_end_io: I/O error umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file1") = 0 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5941 attached , child_tidptr=0x5555562da690) = 5941 [pid 5941] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5941] chdir("./36") = 0 [pid 5941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5941] setpgid(0, 0) = 0 [pid 5941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5941] write(3, "1000", 4) = 4 [pid 5941] close(3) = 0 [pid 5941] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5941] write(1, "executing program\n", 18) = 18 [pid 5941] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5941] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5941] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5941] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5942 attached [pid 5942] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5941] <... clone3 resumed> => {parent_tid=[5942]}, 88) = 5942 [pid 5942] set_robust_list(0x7f30bb7649a0, 24 [pid 5941] rt_sigprocmask(SIG_SETMASK, [], [pid 5942] <... set_robust_list resumed>) = 0 [pid 5941] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5942] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5941] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] memfd_create("syzkaller", 0 [pid 5941] <... futex resumed>) = 0 [pid 5941] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5942] <... memfd_create resumed>) = 3 [pid 5942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5942] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5942] munmap(0x7f30b3200000, 138412032) = 0 [pid 5942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5942] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5942] close(3) = 0 [pid 5942] close(4) = 0 [pid 5942] mkdir("./file1", 0777) = 0 [pid 5942] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5942] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5942] chdir("./file1") = 0 [pid 5942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 120.428893][ T5942] loop0: detected capacity change from 0 to 32768 [pid 5942] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = 0 [pid 5942] <... futex resumed>) = 1 [pid 5941] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] mkdirat(AT_FDCWD, "./bus", 000 [pid 5941] <... futex resumed>) = 0 [ 120.502919][ T5942] syz-executor188: attempt to access beyond end of device [ 120.502919][ T5942] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 120.517412][ T5942] metapage_write_end_io: I/O error [ 120.522831][ T5942] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 120.522831][ T5942] [ 120.533573][ T5942] ERROR: (device loop0): remounting filesystem as read-only [ 120.540948][ T5942] ERROR: (device loop0): diWrite: ixpxd invalid [ 120.540948][ T5942] [pid 5941] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5941] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5941] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE [pid 5942] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5942] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] <... mprotect resumed>) = 0 [pid 5942] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5943 attached => {parent_tid=[5943]}, 88) = 5943 [pid 5943] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5941] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5943] <... rseq resumed>) = 0 [pid 5943] set_robust_list(0x7f30bb7439a0, 24 [pid 5941] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... set_robust_list resumed>) = 0 [pid 5941] <... futex resumed>) = 0 [pid 5943] rt_sigprocmask(SIG_SETMASK, [], [pid 5941] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5943] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5943] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5943] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 120.549385][ T5942] ERROR: (device loop0): txCommit: [ 120.549385][ T5942] [ 120.557783][ T5942] blkno = 8f7c0, nblocks = 1 [ 120.562476][ T5942] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 120.562476][ T5942] [ 120.573517][ T5942] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 120.573517][ T5942] [ 120.582974][ T5942] ialloc: diAlloc returned -5! [pid 5943] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] <... futex resumed>) = 0 [pid 5941] exit_group(0 [pid 5943] <... futex resumed>) = ? [pid 5943] +++ exited with 0 +++ [pid 5942] <... futex resumed>) = ? [pid 5941] <... exit_group resumed>) = ? [pid 5942] +++ exited with 0 +++ [pid 5941] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5941, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file1") = 0 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 120.732850][ T3476] kworker/u8:9: attempt to access beyond end of device [ 120.732850][ T3476] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 120.746799][ T3476] metapage_write_end_io: I/O error close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5945 attached [pid 5945] set_robust_list(0x5555562da6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x5555562da690) = 5945 [pid 5945] <... set_robust_list resumed>) = 0 [pid 5945] chdir("./37") = 0 [pid 5945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5945] setpgid(0, 0) = 0 [pid 5945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5945] write(3, "1000", 4) = 4 [pid 5945] close(3) = 0 [pid 5945] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5945] write(1, "executing program\n", 18) = 18 [pid 5945] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5945] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5945] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5945] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5945] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5945] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5946 attached [pid 5946] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5946] set_robust_list(0x7f30bb7649a0, 24) = 0 [pid 5946] rt_sigprocmask(SIG_SETMASK, [], [pid 5945] <... clone3 resumed> => {parent_tid=[5946]}, 88) = 5946 [pid 5946] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5945] rt_sigprocmask(SIG_SETMASK, [], [pid 5946] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5945] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5945] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] <... futex resumed>) = 0 [pid 5945] <... futex resumed>) = 1 [pid 5946] memfd_create("syzkaller", 0 [pid 5945] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5946] <... memfd_create resumed>) = 3 [pid 5946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5946] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5946] munmap(0x7f30b3200000, 138412032) = 0 [pid 5946] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5946] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5946] close(3) = 0 [pid 5946] close(4) = 0 [pid 5946] mkdir("./file1", 0777) = 0 [pid 5946] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5946] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5946] chdir("./file1") = 0 [pid 5946] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5946] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... futex resumed>) = 0 [pid 5946] <... futex resumed>) = 1 [pid 5945] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] mkdirat(AT_FDCWD, "./bus", 000 [pid 5945] <... futex resumed>) = 0 [ 121.191118][ T5946] loop0: detected capacity change from 0 to 32768 [ 121.231502][ T5946] syz-executor188: attempt to access beyond end of device [ 121.231502][ T5946] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 121.245864][ T5946] metapage_write_end_io: I/O error [ 121.252330][ T5946] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 121.252330][ T5946] [ 121.263419][ T5946] ERROR: (device loop0): remounting filesystem as read-only [ 121.272339][ T5946] ERROR: (device loop0): diWrite: ixpxd invalid [ 121.272339][ T5946] [pid 5945] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5945] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5945] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5945] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5945] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5948 attached => {parent_tid=[5948]}, 88) = 5948 [pid 5945] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5948] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5945] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... rseq resumed>) = 0 [pid 5948] set_robust_list(0x7f30bb7439a0, 24 [pid 5945] <... futex resumed>) = 0 [pid 5948] <... set_robust_list resumed>) = 0 [pid 5948] rt_sigprocmask(SIG_SETMASK, [], [pid 5945] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5948] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5948] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5948] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5946] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5948] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = 1 [pid 5946] <... futex resumed>) = 0 [pid 5945] <... futex resumed>) = 0 [pid 5948] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5946] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5945] exit_group(0 [pid 5948] <... futex resumed>) = ? [pid 5946] <... futex resumed>) = ? [pid 5945] <... exit_group resumed>) = ? [pid 5948] +++ exited with 0 +++ [pid 5946] +++ exited with 0 +++ [pid 5945] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5945, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 121.281371][ T5946] ERROR: (device loop0): txCommit: [ 121.281371][ T5946] [ 121.293728][ T5946] blkno = 8f7c0, nblocks = 1 [ 121.298352][ T5946] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 121.298352][ T5946] [ 121.310389][ T5946] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 121.310389][ T5946] [ 121.319596][ T5946] ialloc: diAlloc returned -5! newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 121.413784][ T12] kworker/u8:0: attempt to access beyond end of device [ 121.413784][ T12] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 121.427668][ T12] metapage_write_end_io: I/O error umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file1") = 0 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5950 attached , child_tidptr=0x5555562da690) = 5950 [pid 5950] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5950] chdir("./38") = 0 [pid 5950] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5950] setpgid(0, 0) = 0 [pid 5950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5950] write(3, "1000", 4) = 4 [pid 5950] close(3) = 0 [pid 5950] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5950] write(1, "executing program\n", 18) = 18 [pid 5950] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5950] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5950] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5950] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5950] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5950] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5951 attached [pid 5951] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 5950] <... clone3 resumed> => {parent_tid=[5951]}, 88) = 5951 [pid 5951] <... rseq resumed>) = 0 [pid 5951] set_robust_list(0x7f30bb7649a0, 24 [pid 5950] rt_sigprocmask(SIG_SETMASK, [], [pid 5951] <... set_robust_list resumed>) = 0 [pid 5950] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5951] rt_sigprocmask(SIG_SETMASK, [], [pid 5950] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5950] <... futex resumed>) = 0 [pid 5951] memfd_create("syzkaller", 0 [pid 5950] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5951] <... memfd_create resumed>) = 3 [pid 5951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5951] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5951] munmap(0x7f30b3200000, 138412032) = 0 [pid 5951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5951] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5951] close(3) = 0 [pid 5951] close(4) = 0 [pid 5951] mkdir("./file1", 0777) = 0 [pid 5951] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5951] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 122.093789][ T5951] loop0: detected capacity change from 0 to 32768 [pid 5951] chdir("./file1") = 0 [pid 5951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5951] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = 0 [pid 5951] <... futex resumed>) = 1 [pid 5950] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] mkdirat(AT_FDCWD, "./bus", 000 [pid 5950] <... futex resumed>) = 0 [ 122.159702][ T5951] syz-executor188: attempt to access beyond end of device [ 122.159702][ T5951] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 122.174965][ T5951] metapage_write_end_io: I/O error [ 122.180222][ T5951] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 122.180222][ T5951] [ 122.191264][ T5951] ERROR: (device loop0): remounting filesystem as read-only [ 122.198633][ T5951] ERROR: (device loop0): diWrite: ixpxd invalid [ 122.198633][ T5951] [pid 5950] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5950] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5950] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5950] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5950] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5952 attached [pid 5952] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 5952] set_robust_list(0x7f30bb7439a0, 24 [pid 5950] <... clone3 resumed> => {parent_tid=[5952]}, 88) = 5952 [pid 5952] <... set_robust_list resumed>) = 0 [pid 5950] rt_sigprocmask(SIG_SETMASK, [], [pid 5952] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5950] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5950] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] mkdir(".", 0777 [pid 5950] <... futex resumed>) = 0 [pid 5952] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5952] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "" [pid 5950] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5952] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5952] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5952] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5950] <... futex resumed>) = 0 [pid 5951] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5951] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5950] exit_group(0 [pid 5952] <... futex resumed>) = ? [pid 5951] <... futex resumed>) = ? [pid 5952] +++ exited with 0 +++ [pid 5951] +++ exited with 0 +++ [pid 5950] <... exit_group resumed>) = ? [pid 5950] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5950, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 122.207628][ T5951] ERROR: (device loop0): txCommit: [ 122.207628][ T5951] [ 122.216245][ T5951] blkno = 8f7c0, nblocks = 1 [ 122.220962][ T5951] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 122.220962][ T5951] [ 122.233668][ T5951] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 122.233668][ T5951] [ 122.242952][ T5951] ERROR: (device loop0): remounting filesystem as read-only [ 122.250421][ T5951] ialloc: diAlloc returned -5! openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 122.352734][ T5824] syz-executor188: attempt to access beyond end of device [ 122.352734][ T5824] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 122.366915][ T5824] metapage_write_end_io: I/O error umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file1") = 0 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5953 attached , child_tidptr=0x5555562da690) = 5953 [pid 5953] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5953] chdir("./39") = 0 [pid 5953] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5953] setpgid(0, 0) = 0 [pid 5953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5953] write(3, "1000", 4) = 4 [pid 5953] close(3) = 0 [pid 5953] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5953] write(1, "executing program\n", 18) = 18 [pid 5953] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5953] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5953] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5953] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5953] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5955 attached [pid 5955] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5955] set_robust_list(0x7f30bb7649a0, 24 [pid 5953] <... clone3 resumed> => {parent_tid=[5955]}, 88) = 5955 [pid 5955] <... set_robust_list resumed>) = 0 [pid 5953] rt_sigprocmask(SIG_SETMASK, [], [pid 5955] rt_sigprocmask(SIG_SETMASK, [], [pid 5953] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5955] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5953] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5955] memfd_create("syzkaller", 0) = 3 [pid 5955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5955] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5955] munmap(0x7f30b3200000, 138412032) = 0 [pid 5955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5955] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5955] close(3) = 0 [pid 5955] close(4) = 0 [pid 5955] mkdir("./file1", 0777) = 0 [pid 5955] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5955] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5955] chdir("./file1") = 0 [pid 5955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5955] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5953] <... futex resumed>) = 0 [pid 5955] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 123.060941][ T5955] loop0: detected capacity change from 0 to 32768 [pid 5953] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5953] <... futex resumed>) = 0 [pid 5955] mkdirat(AT_FDCWD, "./bus", 000 [pid 5953] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5953] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5953] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [ 123.122411][ T5955] syz-executor188: attempt to access beyond end of device [ 123.122411][ T5955] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 123.136640][ T5955] metapage_write_end_io: I/O error [ 123.144719][ T5955] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 123.144719][ T5955] [ 123.155743][ T5955] ERROR: (device loop0): remounting filesystem as read-only [ 123.163138][ T5955] ERROR: (device loop0): diWrite: ixpxd invalid [ 123.163138][ T5955] [pid 5953] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5953] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5956 attached [pid 5956] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5953] <... clone3 resumed> => {parent_tid=[5956]}, 88) = 5956 [pid 5956] <... rseq resumed>) = 0 [pid 5953] rt_sigprocmask(SIG_SETMASK, [], [pid 5956] set_robust_list(0x7f30bb7439a0, 24 [pid 5953] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5956] <... set_robust_list resumed>) = 0 [pid 5953] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5956] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5953] <... futex resumed>) = 0 [pid 5956] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5953] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5956] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5956] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5953] <... futex resumed>) = 0 [pid 5956] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5955] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5955] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5955] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] exit_group(0) = ? [pid 5956] <... futex resumed>) = ? [pid 5955] <... futex resumed>) = ? [pid 5955] +++ exited with 0 +++ [pid 5956] +++ exited with 0 +++ [pid 5953] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5953, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- [ 123.174002][ T5955] ERROR: (device loop0): txCommit: [ 123.174002][ T5955] [ 123.182421][ T5955] blkno = 8f7c0, nblocks = 1 [ 123.187065][ T5955] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 123.187065][ T5955] [ 123.197243][ T5955] ERROR: (device loop0): remounting filesystem as read-only [ 123.205460][ T5955] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 123.205460][ T5955] [ 123.214740][ T5955] ialloc: diAlloc returned -5! restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 123.335357][ T5824] syz-executor188: attempt to access beyond end of device [ 123.335357][ T5824] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 123.349586][ T5824] metapage_write_end_io: I/O error umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file1") = 0 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5958 attached [pid 5958] set_robust_list(0x5555562da6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x5555562da690) = 5958 [pid 5958] <... set_robust_list resumed>) = 0 [pid 5958] chdir("./40") = 0 [pid 5958] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5958] setpgid(0, 0) = 0 [pid 5958] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5958] write(3, "1000", 4) = 4 [pid 5958] close(3) = 0 [pid 5958] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5958] write(1, "executing program\n", 18) = 18 [pid 5958] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5958] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5958] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5958] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5958] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5958] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5958] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5959 attached [pid 5959] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5958] <... clone3 resumed> => {parent_tid=[5959]}, 88) = 5959 [pid 5959] set_robust_list(0x7f30bb7649a0, 24 [pid 5958] rt_sigprocmask(SIG_SETMASK, [], [pid 5959] <... set_robust_list resumed>) = 0 [pid 5958] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5959] rt_sigprocmask(SIG_SETMASK, [], [pid 5958] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5959] memfd_create("syzkaller", 0 [pid 5958] <... futex resumed>) = 0 [pid 5958] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5959] <... memfd_create resumed>) = 3 [pid 5959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5959] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5959] munmap(0x7f30b3200000, 138412032) = 0 [pid 5959] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5959] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5959] close(3) = 0 [pid 5959] close(4) = 0 [pid 5959] mkdir("./file1", 0777) = 0 [pid 5959] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5959] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5959] chdir("./file1") = 0 [pid 5959] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5959] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5959] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5958] <... futex resumed>) = 0 [pid 5958] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... futex resumed>) = 0 [pid 5958] <... futex resumed>) = 1 [ 124.035998][ T5959] loop0: detected capacity change from 0 to 32768 [ 124.071379][ T5959] metapage_write_end_io: I/O error [ 124.076646][ T5959] ERROR: (device loop0): release_metapage: metapage_write_one() failed [pid 5959] mkdirat(AT_FDCWD, "./bus", 000 [ 124.076646][ T5959] [ 124.092138][ T5959] ERROR: (device loop0): remounting filesystem as read-only [ 124.099502][ T5959] ERROR: (device loop0): diWrite: ixpxd invalid [ 124.099502][ T5959] [ 124.110347][ T5959] ERROR: (device loop0): txCommit: [ 124.110347][ T5959] [ 124.121272][ T5959] blkno = 8f7c0, nblocks = 1 [ 124.125945][ T5959] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 124.125945][ T5959] [pid 5958] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5959] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5958] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] <... futex resumed>) = 0 [pid 5959] <... futex resumed>) = 0 [pid 5958] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5959] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5958] <... mmap resumed>) = 0x7f30bb723000 [pid 5958] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5958] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5958] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5960 attached => {parent_tid=[5960]}, 88) = 5960 [pid 5960] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5958] rt_sigprocmask(SIG_SETMASK, [], [pid 5960] <... rseq resumed>) = 0 [pid 5958] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5960] set_robust_list(0x7f30bb7439a0, 24 [pid 5958] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5960] <... set_robust_list resumed>) = 0 [pid 5958] <... futex resumed>) = 0 [pid 5960] rt_sigprocmask(SIG_SETMASK, [], [pid 5958] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5960] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5960] mkdir(".", 0777) = -1 EEXIST (File exists) [ 124.137399][ T5959] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 124.137399][ T5959] [ 124.147080][ T5959] ialloc: diAlloc returned -5! [pid 5960] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5960] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5958] <... futex resumed>) = 0 [pid 5960] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5958] exit_group(0 [pid 5960] <... futex resumed>) = ? [pid 5959] <... futex resumed>) = ? [pid 5958] <... exit_group resumed>) = ? [pid 5960] +++ exited with 0 +++ [pid 5959] +++ exited with 0 +++ [pid 5958] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5958, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 124.286699][ T3476] metapage_write_end_io: I/O error umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file1") = 0 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5961 attached , child_tidptr=0x5555562da690) = 5961 [pid 5961] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5961] chdir("./41") = 0 [pid 5961] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5961] setpgid(0, 0) = 0 [pid 5961] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5961] write(3, "1000", 4) = 4 [pid 5961] close(3) = 0 [pid 5961] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5961] write(1, "executing program\n", 18) = 18 [pid 5961] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5961] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5961] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5961] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5961] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5961] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5961] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5962 attached => {parent_tid=[5962]}, 88) = 5962 [pid 5961] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5962] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 5961] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] <... rseq resumed>) = 0 [pid 5961] <... futex resumed>) = 0 [pid 5962] set_robust_list(0x7f30bb7649a0, 24) = 0 [pid 5961] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5962] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5962] memfd_create("syzkaller", 0) = 3 [pid 5962] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5962] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5962] munmap(0x7f30b3200000, 138412032) = 0 [pid 5962] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5962] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5962] close(3) = 0 [pid 5962] close(4) = 0 [pid 5962] mkdir("./file1", 0777) = 0 [pid 5962] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5962] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5962] chdir("./file1") = 0 [pid 5962] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5962] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5961] <... futex resumed>) = 0 [pid 5962] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5961] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5961] <... futex resumed>) = 0 [pid 5962] mkdirat(AT_FDCWD, "./bus", 000 [ 124.970217][ T5962] loop0: detected capacity change from 0 to 32768 [ 125.026278][ T5962] bio_check_eod: 2 callbacks suppressed [ 125.026297][ T5962] syz-executor188: attempt to access beyond end of device [ 125.026297][ T5962] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 125.047539][ T5962] metapage_write_end_io: I/O error [ 125.053575][ T5962] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 125.053575][ T5962] [ 125.064505][ T5962] ERROR: (device loop0): remounting filesystem as read-only [pid 5961] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5961] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5961] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5961] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5961] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5961] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5963 attached [pid 5963] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5961] <... clone3 resumed> => {parent_tid=[5963]}, 88) = 5963 [pid 5963] <... rseq resumed>) = 0 [pid 5961] rt_sigprocmask(SIG_SETMASK, [], [pid 5963] set_robust_list(0x7f30bb7439a0, 24) = 0 [pid 5961] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5963] rt_sigprocmask(SIG_SETMASK, [], [pid 5961] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5961] <... futex resumed>) = 0 [pid 5963] mkdir(".", 0777 [pid 5961] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5963] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5963] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5963] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5963] <... futex resumed>) = 1 [pid 5962] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5961] <... futex resumed>) = 0 [pid 5963] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5961] exit_group(0 [pid 5963] <... futex resumed>) = ? [pid 5962] <... futex resumed>) = ? [pid 5961] <... exit_group resumed>) = ? [pid 5962] +++ exited with 0 +++ [pid 5963] +++ exited with 0 +++ [pid 5961] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5961, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 125.071918][ T5962] ERROR: (device loop0): diWrite: ixpxd invalid [ 125.071918][ T5962] [ 125.080527][ T5962] ERROR: (device loop0): txCommit: [ 125.080527][ T5962] [ 125.088767][ T5962] blkno = 8f7c0, nblocks = 1 [ 125.093476][ T5962] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 125.093476][ T5962] [ 125.104071][ T5962] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 125.104071][ T5962] [ 125.113581][ T5962] ialloc: diAlloc returned -5! openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 125.213799][ T12] kworker/u8:0: attempt to access beyond end of device [ 125.213799][ T12] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 125.227705][ T12] metapage_write_end_io: I/O error openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file1") = 0 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5964 attached , child_tidptr=0x5555562da690) = 5964 [pid 5964] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5964] chdir("./42") = 0 [pid 5964] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5964] setpgid(0, 0) = 0 [pid 5964] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5964] write(3, "1000", 4) = 4 [pid 5964] close(3) = 0 [pid 5964] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5964] write(1, "executing program\n", 18executing program ) = 18 [pid 5964] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5964] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5964] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5964] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5964] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5964] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5965 attached [pid 5965] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5964] <... clone3 resumed> => {parent_tid=[5965]}, 88) = 5965 [pid 5965] set_robust_list(0x7f30bb7649a0, 24 [pid 5964] rt_sigprocmask(SIG_SETMASK, [], [pid 5965] <... set_robust_list resumed>) = 0 [pid 5964] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5965] rt_sigprocmask(SIG_SETMASK, [], [pid 5964] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5965] memfd_create("syzkaller", 0 [pid 5964] <... futex resumed>) = 0 [pid 5964] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5965] <... memfd_create resumed>) = 3 [pid 5965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5965] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5965] munmap(0x7f30b3200000, 138412032) = 0 [pid 5965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5965] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5965] close(3) = 0 [pid 5965] close(4) = 0 [pid 5965] mkdir("./file1", 0777) = 0 [pid 5965] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5965] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5965] chdir("./file1") = 0 [pid 5965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5965] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5964] <... futex resumed>) = 0 [pid 5965] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5964] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5965] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5964] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 125.852063][ T5965] loop0: detected capacity change from 0 to 32768 [ 125.913118][ T5965] syz-executor188: attempt to access beyond end of device [ 125.913118][ T5965] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 125.927521][ T5965] metapage_write_end_io: I/O error [ 125.932960][ T5965] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 125.932960][ T5965] [ 125.943716][ T5965] ERROR: (device loop0): remounting filesystem as read-only [ 125.951240][ T5965] ERROR: (device loop0): diWrite: ixpxd invalid [ 125.951240][ T5965] [pid 5965] mkdirat(AT_FDCWD, "./bus", 000 [pid 5964] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5964] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5964] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5964] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5964] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5966 attached => {parent_tid=[5966]}, 88) = 5966 [pid 5966] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 5964] rt_sigprocmask(SIG_SETMASK, [], [pid 5966] set_robust_list(0x7f30bb7439a0, 24 [pid 5964] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5964] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5966] <... set_robust_list resumed>) = 0 [pid 5966] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5966] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5966] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5966] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5964] <... futex resumed>) = 0 [pid 5965] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5965] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5965] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5964] exit_group(0 [pid 5966] <... futex resumed>) = ? [pid 5964] <... exit_group resumed>) = ? [pid 5965] <... futex resumed>) = ? [pid 5966] +++ exited with 0 +++ [pid 5965] +++ exited with 0 +++ [pid 5964] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5964, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 125.959698][ T5965] ERROR: (device loop0): txCommit: [ 125.959698][ T5965] [ 125.968535][ T5965] blkno = 8f7c0, nblocks = 1 [ 125.973256][ T5965] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 125.973256][ T5965] [ 125.986728][ T5965] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 125.986728][ T5965] [ 125.996314][ T5965] ERROR: (device loop0): remounting filesystem as read-only [ 126.004246][ T5965] ialloc: diAlloc returned -5! openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 126.099167][ T5824] syz-executor188: attempt to access beyond end of device [ 126.099167][ T5824] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 126.113827][ T5824] metapage_write_end_io: I/O error umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file1") = 0 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5967 attached , child_tidptr=0x5555562da690) = 5967 [pid 5967] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5967] chdir("./43") = 0 [pid 5967] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5967] setpgid(0, 0) = 0 [pid 5967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5967] write(3, "1000", 4) = 4 [pid 5967] close(3) = 0 [pid 5967] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5967] write(1, "executing program\n", 18) = 18 [pid 5967] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5967] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5967] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5967] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5967] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5967] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5968 attached [pid 5968] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5967] <... clone3 resumed> => {parent_tid=[5968]}, 88) = 5968 [pid 5968] set_robust_list(0x7f30bb7649a0, 24 [pid 5967] rt_sigprocmask(SIG_SETMASK, [], [pid 5968] <... set_robust_list resumed>) = 0 [pid 5967] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5968] rt_sigprocmask(SIG_SETMASK, [], [pid 5967] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5967] <... futex resumed>) = 0 [pid 5968] memfd_create("syzkaller", 0 [pid 5967] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5968] <... memfd_create resumed>) = 3 [pid 5968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5968] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5968] munmap(0x7f30b3200000, 138412032) = 0 [pid 5968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5968] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5968] close(3) = 0 [pid 5968] close(4) = 0 [pid 5968] mkdir("./file1", 0777) = 0 [pid 5968] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5968] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5968] chdir("./file1") = 0 [pid 5968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5968] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] <... futex resumed>) = 0 [pid 5967] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] <... futex resumed>) = 0 [pid 5967] <... futex resumed>) = 1 [pid 5968] mkdirat(AT_FDCWD, "./bus", 000 [ 126.770807][ T5968] loop0: detected capacity change from 0 to 32768 [ 126.796578][ T5968] syz-executor188: attempt to access beyond end of device [ 126.796578][ T5968] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 126.810983][ T5968] metapage_write_end_io: I/O error [ 126.816243][ T5968] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 126.816243][ T5968] [ 126.828128][ T5968] ERROR: (device loop0): remounting filesystem as read-only [ 126.836545][ T5968] ERROR: (device loop0): diWrite: ixpxd invalid [ 126.836545][ T5968] [ 126.845488][ T5968] ERROR: (device loop0): txCommit: [ 126.845488][ T5968] [ 126.855455][ T5968] blkno = 8f7c0, nblocks = 1 [ 126.860427][ T5968] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 126.860427][ T5968] [pid 5967] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5967] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5967] <... futex resumed>) = 0 [pid 5968] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5968] <... futex resumed>) = 0 [pid 5968] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] <... mmap resumed>) = 0x7f30bb723000 [pid 5967] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5967] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5967] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5969 attached [pid 5969] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 5969] set_robust_list(0x7f30bb7439a0, 24) = 0 [pid 5969] rt_sigprocmask(SIG_SETMASK, [], [pid 5967] <... clone3 resumed> => {parent_tid=[5969]}, 88) = 5969 [pid 5969] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5967] rt_sigprocmask(SIG_SETMASK, [], [pid 5969] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5967] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5969] <... futex resumed>) = 0 [pid 5967] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5969] mkdir(".", 0777) = -1 EEXIST (File exists) [ 126.871941][ T5968] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 126.871941][ T5968] [ 126.881522][ T5968] ialloc: diAlloc returned -5! [pid 5969] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5969] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5967] <... futex resumed>) = 0 [pid 5967] exit_group(0 [pid 5969] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5968] <... futex resumed>) = ? [pid 5967] <... exit_group resumed>) = ? [pid 5969] +++ exited with 0 +++ [pid 5968] +++ exited with 0 +++ [pid 5967] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5967, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 127.022002][ T3476] kworker/u8:9: attempt to access beyond end of device [ 127.022002][ T3476] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 127.035923][ T3476] metapage_write_end_io: I/O error openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file1") = 0 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5970 attached , child_tidptr=0x5555562da690) = 5970 [pid 5970] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5970] chdir("./44") = 0 [pid 5970] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5970] setpgid(0, 0) = 0 [pid 5970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5970] write(3, "1000", 4) = 4 [pid 5970] close(3) = 0 [pid 5970] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5970] write(1, "executing program\n", 18) = 18 [pid 5970] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5970] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5970] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5970] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5970] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5970] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5971 attached [pid 5971] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5971] set_robust_list(0x7f30bb7649a0, 24 [pid 5970] <... clone3 resumed> => {parent_tid=[5971]}, 88) = 5971 [pid 5971] <... set_robust_list resumed>) = 0 [pid 5970] rt_sigprocmask(SIG_SETMASK, [], [pid 5971] rt_sigprocmask(SIG_SETMASK, [], [pid 5970] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5971] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5970] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5971] memfd_create("syzkaller", 0 [pid 5970] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5971] <... memfd_create resumed>) = 3 [pid 5971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5971] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5971] munmap(0x7f30b3200000, 138412032) = 0 [pid 5971] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5971] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5971] close(3) = 0 [pid 5971] close(4) = 0 [pid 5971] mkdir("./file1", 0777) = 0 [pid 5971] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5971] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5971] chdir("./file1") = 0 [pid 5971] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5971] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5970] <... futex resumed>) = 0 [pid 5971] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5970] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5971] mkdirat(AT_FDCWD, "./bus", 000 [pid 5970] <... futex resumed>) = 0 [ 127.678507][ T5971] loop0: detected capacity change from 0 to 32768 [ 127.714313][ T5971] syz-executor188: attempt to access beyond end of device [ 127.714313][ T5971] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [pid 5970] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5970] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 127.729132][ T5971] metapage_write_end_io: I/O error [ 127.734864][ T5971] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 127.734864][ T5971] [ 127.746777][ T5971] ERROR: (device loop0): remounting filesystem as read-only [ 127.755372][ T5971] ERROR: (device loop0): diWrite: ixpxd invalid [ 127.755372][ T5971] [ 127.764009][ T5971] ERROR: (device loop0): txCommit: [ 127.764009][ T5971] [ 127.774312][ T5971] blkno = 8f7c0, nblocks = 1 [pid 5970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5970] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5970] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5970] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5972 attached [pid 5972] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 5970] <... clone3 resumed> => {parent_tid=[5972]}, 88) = 5972 [pid 5972] set_robust_list(0x7f30bb7439a0, 24) = 0 [pid 5970] rt_sigprocmask(SIG_SETMASK, [], [pid 5972] rt_sigprocmask(SIG_SETMASK, [], [pid 5970] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5972] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5970] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5972] mkdir(".", 0777 [pid 5970] <... futex resumed>) = 0 [pid 5972] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5970] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5972] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5972] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5972] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5971] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5970] <... futex resumed>) = 0 [pid 5971] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5971] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5970] exit_group(0 [pid 5972] <... futex resumed>) = ? [pid 5971] <... futex resumed>) = ? [pid 5970] <... exit_group resumed>) = ? [pid 5972] +++ exited with 0 +++ [pid 5971] +++ exited with 0 +++ [pid 5970] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5970, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- [ 127.779357][ T5971] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 127.779357][ T5971] [ 127.792399][ T5971] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 127.792399][ T5971] [ 127.802076][ T5971] ERROR: (device loop0): remounting filesystem as read-only [ 127.809497][ T5971] ialloc: diAlloc returned -5! restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 127.931572][ T5824] syz-executor188: attempt to access beyond end of device [ 127.931572][ T5824] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 127.945895][ T5824] metapage_write_end_io: I/O error umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file1") = 0 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5973 attached , child_tidptr=0x5555562da690) = 5973 [pid 5973] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5973] chdir("./45") = 0 [pid 5973] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5973] setpgid(0, 0) = 0 [pid 5973] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5973] write(3, "1000", 4) = 4 [pid 5973] close(3) = 0 [pid 5973] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5973] write(1, "executing program\n", 18executing program ) = 18 [pid 5973] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5973] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5973] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5973] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5973] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5973] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5973] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5974 attached [pid 5974] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5973] <... clone3 resumed> => {parent_tid=[5974]}, 88) = 5974 [pid 5974] set_robust_list(0x7f30bb7649a0, 24 [pid 5973] rt_sigprocmask(SIG_SETMASK, [], [pid 5974] <... set_robust_list resumed>) = 0 [pid 5973] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5974] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5973] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5974] memfd_create("syzkaller", 0 [pid 5973] <... futex resumed>) = 0 [pid 5973] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5974] <... memfd_create resumed>) = 3 [pid 5974] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5974] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5974] munmap(0x7f30b3200000, 138412032) = 0 [pid 5974] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5974] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5974] close(3) = 0 [pid 5974] close(4) = 0 [pid 5974] mkdir("./file1", 0777) = 0 [pid 5974] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5974] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5974] chdir("./file1") = 0 [pid 5974] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5974] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5973] <... futex resumed>) = 0 [pid 5974] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5973] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5974] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] mkdirat(AT_FDCWD, "./bus", 000 [pid 5973] <... futex resumed>) = 0 [ 128.575246][ T5974] loop0: detected capacity change from 0 to 32768 [ 128.605366][ T5974] syz-executor188: attempt to access beyond end of device [ 128.605366][ T5974] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 128.620121][ T5974] metapage_write_end_io: I/O error [pid 5973] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5973] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5973] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5973] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [ 128.625517][ T5974] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 128.625517][ T5974] [ 128.637022][ T5974] ERROR: (device loop0): remounting filesystem as read-only [ 128.645952][ T5974] ERROR: (device loop0): diWrite: ixpxd invalid [ 128.645952][ T5974] [ 128.655667][ T5974] ERROR: (device loop0): txCommit: [ 128.655667][ T5974] [ 128.664436][ T5974] blkno = 8f7c0, nblocks = 1 [pid 5973] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5973] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5975 attached [pid 5975] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 5973] <... clone3 resumed> => {parent_tid=[5975]}, 88) = 5975 [pid 5973] rt_sigprocmask(SIG_SETMASK, [], [pid 5975] set_robust_list(0x7f30bb7439a0, 24 [pid 5973] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5975] <... set_robust_list resumed>) = 0 [pid 5973] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] rt_sigprocmask(SIG_SETMASK, [], [pid 5973] <... futex resumed>) = 0 [pid 5975] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5973] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5975] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5975] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5974] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5974] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5974] <... futex resumed>) = 0 [pid 5973] <... futex resumed>) = 0 [pid 5975] <... futex resumed>) = 1 [pid 5973] exit_group(0) = ? [pid 5975] +++ exited with 0 +++ [pid 5974] +++ exited with 0 +++ [pid 5973] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5973, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 128.669493][ T5974] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 128.669493][ T5974] [ 128.680708][ T5974] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 128.680708][ T5974] [ 128.690490][ T5974] ialloc: diAlloc returned -5! umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file1") = 0 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 128.805454][ T59] kworker/u8:4: attempt to access beyond end of device [ 128.805454][ T59] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 128.819402][ T59] metapage_write_end_io: I/O error close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5976 attached , child_tidptr=0x5555562da690) = 5976 [pid 5976] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5976] chdir("./46") = 0 [pid 5976] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5976] setpgid(0, 0) = 0 [pid 5976] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5976] write(3, "1000", 4) = 4 [pid 5976] close(3) = 0 [pid 5976] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5976] write(1, "executing program\n", 18executing program ) = 18 [pid 5976] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5976] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5976] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5976] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5976] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5976] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5976] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5977 attached => {parent_tid=[5977]}, 88) = 5977 [pid 5977] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 5976] rt_sigprocmask(SIG_SETMASK, [], [pid 5977] <... rseq resumed>) = 0 [pid 5976] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5977] set_robust_list(0x7f30bb7649a0, 24 [pid 5976] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] <... set_robust_list resumed>) = 0 [pid 5976] <... futex resumed>) = 0 [pid 5976] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5977] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5977] memfd_create("syzkaller", 0) = 3 [pid 5977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5977] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5977] munmap(0x7f30b3200000, 138412032) = 0 [pid 5977] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5977] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5977] close(3) = 0 [pid 5977] close(4) = 0 [pid 5977] mkdir("./file1", 0777) = 0 [pid 5977] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5977] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5977] chdir("./file1") = 0 [pid 5977] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5977] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5976] <... futex resumed>) = 0 [pid 5977] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5976] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5976] <... futex resumed>) = 0 [pid 5977] mkdirat(AT_FDCWD, "./bus", 000 [ 129.251219][ T5977] loop0: detected capacity change from 0 to 32768 [ 129.305028][ T5977] metapage_write_end_io: I/O error [ 129.312698][ T5977] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 129.312698][ T5977] [ 129.324074][ T5977] ERROR: (device loop0): remounting filesystem as read-only [ 129.331502][ T5977] ERROR: (device loop0): diWrite: ixpxd invalid [ 129.331502][ T5977] [ 129.340797][ T5977] ERROR: (device loop0): txCommit: [ 129.340797][ T5977] [ 129.349007][ T5977] blkno = 8f7c0, nblocks = 1 [pid 5976] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5976] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5976] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5976] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5976] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5976] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5978 attached [pid 5978] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 5978] set_robust_list(0x7f30bb7439a0, 24) = 0 [pid 5976] <... clone3 resumed> => {parent_tid=[5978]}, 88) = 5978 [pid 5978] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5976] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5976] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5976] <... futex resumed>) = 0 [pid 5978] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5978] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5978] <... futex resumed>) = 0 [pid 5976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5978] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5977] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5977] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5977] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5976] exit_group(0 [pid 5978] <... futex resumed>) = ? [pid 5977] <... futex resumed>) = ? [pid 5976] <... exit_group resumed>) = ? [pid 5978] +++ exited with 0 +++ [pid 5977] +++ exited with 0 +++ [pid 5976] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5976, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 129.355272][ T5977] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 129.355272][ T5977] [ 129.367839][ T5977] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 129.367839][ T5977] [ 129.377162][ T5977] ERROR: (device loop0): remounting filesystem as read-only [ 129.384883][ T5977] ialloc: diAlloc returned -5! openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 129.496508][ T5824] metapage_write_end_io: I/O error umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file1") = 0 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5979 attached [pid 5979] set_robust_list(0x5555562da6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x5555562da690) = 5979 [pid 5979] <... set_robust_list resumed>) = 0 [pid 5979] chdir("./47") = 0 [pid 5979] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5979] setpgid(0, 0) = 0 [pid 5979] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5979] write(3, "1000", 4) = 4 [pid 5979] close(3) = 0 [pid 5979] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5979] write(1, "executing program\n", 18executing program ) = 18 [pid 5979] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5979] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5979] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5979] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5979] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5979] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5979] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5980 attached [pid 5980] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5980] set_robust_list(0x7f30bb7649a0, 24 [pid 5979] <... clone3 resumed> => {parent_tid=[5980]}, 88) = 5980 [pid 5980] <... set_robust_list resumed>) = 0 [pid 5979] rt_sigprocmask(SIG_SETMASK, [], [pid 5980] rt_sigprocmask(SIG_SETMASK, [], [pid 5979] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5980] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5979] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5980] memfd_create("syzkaller", 0 [pid 5979] <... futex resumed>) = 0 [pid 5980] <... memfd_create resumed>) = 3 [pid 5979] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5980] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5980] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5980] munmap(0x7f30b3200000, 138412032) = 0 [pid 5980] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5980] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5980] close(3) = 0 [pid 5980] close(4) = 0 [pid 5980] mkdir("./file1", 0777) = 0 [pid 5980] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5980] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5980] chdir("./file1") = 0 [pid 5980] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 130.129409][ T5980] loop0: detected capacity change from 0 to 32768 [pid 5980] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5979] <... futex resumed>) = 0 [pid 5980] mkdirat(AT_FDCWD, "./bus", 000 [pid 5979] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 130.195678][ T5980] bio_check_eod: 2 callbacks suppressed [ 130.195697][ T5980] syz-executor188: attempt to access beyond end of device [ 130.195697][ T5980] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 130.217163][ T5980] metapage_write_end_io: I/O error [ 130.222670][ T5980] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 130.222670][ T5980] [ 130.233505][ T5980] ERROR: (device loop0): remounting filesystem as read-only [pid 5979] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5979] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5979] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5979] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5979] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5979] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5981 attached => {parent_tid=[5981]}, 88) = 5981 [pid 5981] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5979] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5981] <... rseq resumed>) = 0 [pid 5979] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] set_robust_list(0x7f30bb7439a0, 24 [pid 5979] <... futex resumed>) = 0 [pid 5981] <... set_robust_list resumed>) = 0 [pid 5979] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5981] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5981] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5981] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5981] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5979] <... futex resumed>) = 0 [ 130.240860][ T5980] ERROR: (device loop0): diWrite: ixpxd invalid [ 130.240860][ T5980] [ 130.249279][ T5980] ERROR: (device loop0): txCommit: [ 130.249279][ T5980] [ 130.258537][ T5980] blkno = 8f7c0, nblocks = 1 [ 130.263208][ T5980] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 130.263208][ T5980] [ 130.274230][ T5980] ERROR: (device loop0): remounting filesystem as read-only [ 130.283455][ T5980] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 130.283455][ T5980] [pid 5981] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5980] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5980] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5979] exit_group(0 [pid 5981] <... futex resumed>) = ? [pid 5979] <... exit_group resumed>) = ? [pid 5981] +++ exited with 0 +++ [pid 5980] <... futex resumed>) = ? [pid 5980] +++ exited with 0 +++ [pid 5979] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5979, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 130.292919][ T5980] ialloc: diAlloc returned -5! umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 130.402404][ T5824] syz-executor188: attempt to access beyond end of device [ 130.402404][ T5824] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 130.416567][ T5824] metapage_write_end_io: I/O error umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file1") = 0 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5982 attached , child_tidptr=0x5555562da690) = 5982 [pid 5982] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5982] chdir("./48") = 0 [pid 5982] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5982] setpgid(0, 0) = 0 [pid 5982] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5982] write(3, "1000", 4) = 4 [pid 5982] close(3) = 0 [pid 5982] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5982] write(1, "executing program\n", 18) = 18 [pid 5982] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5982] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5982] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5982] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5982] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5982] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5983 attached => {parent_tid=[5983]}, 88) = 5983 [pid 5983] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5982] rt_sigprocmask(SIG_SETMASK, [], [pid 5983] set_robust_list(0x7f30bb7649a0, 24 [pid 5982] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5983] <... set_robust_list resumed>) = 0 [pid 5983] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5982] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5983] memfd_create("syzkaller", 0 [pid 5982] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5983] <... memfd_create resumed>) = 3 [pid 5983] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5983] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5983] munmap(0x7f30b3200000, 138412032) = 0 [pid 5983] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5983] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5983] close(3) = 0 [pid 5983] close(4) = 0 [pid 5983] mkdir("./file1", 0777) = 0 [pid 5983] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5983] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5983] chdir("./file1") = 0 [pid 5983] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5983] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5982] <... futex resumed>) = 0 [pid 5983] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5982] <... futex resumed>) = 0 [pid 5983] mkdirat(AT_FDCWD, "./bus", 000 [ 131.056721][ T5983] loop0: detected capacity change from 0 to 32768 [ 131.091446][ T5983] syz-executor188: attempt to access beyond end of device [ 131.091446][ T5983] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [pid 5982] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5982] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5982] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5982] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5982] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0} => {parent_tid=[5984]}, 88) = 5984 [pid 5982] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5982] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5984 attached [pid 5982] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5984] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 5984] set_robust_list(0x7f30bb7439a0, 24) = 0 [pid 5984] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5984] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5984] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5984] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] <... futex resumed>) = 0 [pid 5984] <... futex resumed>) = 1 [ 131.106045][ T5983] metapage_write_end_io: I/O error [ 131.111442][ T5983] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 131.111442][ T5983] [ 131.124447][ T5983] ERROR: (device loop0): remounting filesystem as read-only [ 131.132495][ T5983] ERROR: (device loop0): diWrite: ixpxd invalid [ 131.132495][ T5983] [ 131.146480][ T5983] ERROR: (device loop0): remounting filesystem as read-only [pid 5984] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5983] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5983] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5982] exit_group(0 [pid 5984] <... futex resumed>) = ? [pid 5982] <... exit_group resumed>) = ? [pid 5984] +++ exited with 0 +++ [pid 5983] +++ exited with 0 +++ [pid 5982] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5982, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 131.154745][ T5983] ERROR: (device loop0): txCommit: [ 131.154745][ T5983] [ 131.163615][ T5983] blkno = 8f7c0, nblocks = 1 [ 131.168823][ T5983] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 131.168823][ T5983] [ 131.180452][ T5983] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 131.180452][ T5983] [ 131.190370][ T5983] ialloc: diAlloc returned -5! getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 131.262624][ T5824] syz-executor188: attempt to access beyond end of device [ 131.262624][ T5824] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 131.276841][ T5824] metapage_write_end_io: I/O error umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file1") = 0 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5985 attached [pid 5985] set_robust_list(0x5555562da6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x5555562da690) = 5985 [pid 5985] <... set_robust_list resumed>) = 0 [pid 5985] chdir("./49") = 0 [pid 5985] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5985] setpgid(0, 0) = 0 [pid 5985] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5985] write(3, "1000", 4) = 4 [pid 5985] close(3) = 0 [pid 5985] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5985] write(1, "executing program\n", 18) = 18 [pid 5985] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5985] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5985] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5985] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5985] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5985] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5985] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5986 attached => {parent_tid=[5986]}, 88) = 5986 [pid 5986] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 5985] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5986] <... rseq resumed>) = 0 [pid 5985] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] set_robust_list(0x7f30bb7649a0, 24 [pid 5985] <... futex resumed>) = 0 [pid 5986] <... set_robust_list resumed>) = 0 [pid 5985] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5986] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5986] memfd_create("syzkaller", 0) = 3 [pid 5986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5986] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5986] munmap(0x7f30b3200000, 138412032) = 0 [pid 5986] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5986] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5986] close(3) = 0 [pid 5986] close(4) = 0 [pid 5986] mkdir("./file1", 0777) = 0 [ 131.932730][ T5986] loop0: detected capacity change from 0 to 32768 [pid 5986] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5986] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5986] chdir("./file1") = 0 [pid 5986] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5986] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5985] <... futex resumed>) = 0 [pid 5986] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5985] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5986] mkdirat(AT_FDCWD, "./bus", 000 [pid 5985] <... futex resumed>) = 0 [ 132.038687][ T5986] syz-executor188: attempt to access beyond end of device [ 132.038687][ T5986] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 132.053433][ T5986] metapage_write_end_io: I/O error [ 132.058683][ T5986] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 132.058683][ T5986] [ 132.069873][ T5986] ERROR: (device loop0): remounting filesystem as read-only [ 132.077210][ T5986] ERROR: (device loop0): diWrite: ixpxd invalid [ 132.077210][ T5986] [pid 5985] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5985] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5985] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5985] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5985] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5985] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5987 attached => {parent_tid=[5987]}, 88) = 5987 [pid 5985] rt_sigprocmask(SIG_SETMASK, [], [pid 5987] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5985] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5987] <... rseq resumed>) = 0 [pid 5985] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] set_robust_list(0x7f30bb7439a0, 24 [pid 5985] <... futex resumed>) = 0 [pid 5987] <... set_robust_list resumed>) = 0 [pid 5987] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5985] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5987] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5987] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5987] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5985] <... futex resumed>) = 0 [pid 5987] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5986] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5986] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5986] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5985] exit_group(0) = ? [pid 5987] <... futex resumed>) = ? [pid 5986] <... futex resumed>) = ? [pid 5987] +++ exited with 0 +++ [pid 5986] +++ exited with 0 +++ [pid 5985] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5985, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- [ 132.085754][ T5986] ERROR: (device loop0): txCommit: [ 132.085754][ T5986] [ 132.095260][ T5986] blkno = 8f7c0, nblocks = 1 [ 132.100225][ T5986] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 132.100225][ T5986] [ 132.110591][ T5986] ERROR: (device loop0): remounting filesystem as read-only [ 132.118889][ T5986] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 132.118889][ T5986] [ 132.128292][ T5986] ialloc: diAlloc returned -5! restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 132.248688][ T5824] syz-executor188: attempt to access beyond end of device [ 132.248688][ T5824] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 132.262909][ T5824] metapage_write_end_io: I/O error umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file1") = 0 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5988 attached , child_tidptr=0x5555562da690) = 5988 [pid 5988] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5988] chdir("./50") = 0 [pid 5988] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5988] setpgid(0, 0) = 0 [pid 5988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5988] write(3, "1000", 4) = 4 [pid 5988] close(3) = 0 [pid 5988] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5988] write(1, "executing program\n", 18) = 18 [pid 5988] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5988] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5988] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5988] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5988] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5989 attached => {parent_tid=[5989]}, 88) = 5989 [pid 5988] rt_sigprocmask(SIG_SETMASK, [], [pid 5989] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 5988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5989] <... rseq resumed>) = 0 [pid 5988] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5989] set_robust_list(0x7f30bb7649a0, 24 [pid 5988] <... futex resumed>) = 0 [pid 5989] <... set_robust_list resumed>) = 0 [pid 5988] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5989] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5989] memfd_create("syzkaller", 0) = 3 [pid 5989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5989] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5989] munmap(0x7f30b3200000, 138412032) = 0 [pid 5989] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5989] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5989] close(3) = 0 [pid 5989] close(4) = 0 [pid 5989] mkdir("./file1", 0777) = 0 [ 132.956630][ T5989] loop0: detected capacity change from 0 to 32768 [pid 5989] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5989] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5989] chdir("./file1") = 0 [pid 5989] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5989] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5988] <... futex resumed>) = 0 [pid 5988] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5989] mkdirat(AT_FDCWD, "./bus", 000 [pid 5988] <... futex resumed>) = 0 [ 133.035120][ T5989] syz-executor188: attempt to access beyond end of device [ 133.035120][ T5989] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 133.050010][ T5989] metapage_write_end_io: I/O error [ 133.055221][ T5989] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 133.055221][ T5989] [ 133.066430][ T5989] ERROR: (device loop0): remounting filesystem as read-only [ 133.073819][ T5989] ERROR: (device loop0): diWrite: ixpxd invalid [ 133.073819][ T5989] [pid 5988] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5988] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5988] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5988] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5989] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5988] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0} [pid 5989] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5990 attached ) = 0 [pid 5990] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5989] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5988] <... clone3 resumed> => {parent_tid=[5990]}, 88) = 5990 [pid 5990] <... rseq resumed>) = 0 [pid 5990] set_robust_list(0x7f30bb7439a0, 24 [pid 5988] rt_sigprocmask(SIG_SETMASK, [], [pid 5990] <... set_robust_list resumed>) = 0 [pid 5988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5990] rt_sigprocmask(SIG_SETMASK, [], [pid 5988] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5990] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5988] <... futex resumed>) = 0 [pid 5990] mkdir(".", 0777 [pid 5988] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5990] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5990] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5990] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 133.082338][ T5989] ERROR: (device loop0): txCommit: [ 133.082338][ T5989] [ 133.091134][ T5989] blkno = 8f7c0, nblocks = 1 [ 133.095782][ T5989] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 133.095782][ T5989] [ 133.107393][ T5989] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 133.107393][ T5989] [ 133.116722][ T5989] ialloc: diAlloc returned -5! [pid 5990] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5988] <... futex resumed>) = 0 [pid 5988] exit_group(0 [pid 5990] <... futex resumed>) = ? [pid 5988] <... exit_group resumed>) = ? [pid 5990] +++ exited with 0 +++ [pid 5989] <... futex resumed>) = ? [pid 5989] +++ exited with 0 +++ [pid 5988] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5988, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file1") = 0 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 133.276385][ T59] kworker/u8:4: attempt to access beyond end of device [ 133.276385][ T59] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 133.290280][ T59] metapage_write_end_io: I/O error close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5991 attached [pid 5991] set_robust_list(0x5555562da6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x5555562da690) = 5991 [pid 5991] <... set_robust_list resumed>) = 0 [pid 5991] chdir("./51") = 0 [pid 5991] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5991] setpgid(0, 0) = 0 [pid 5991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5991] write(3, "1000", 4) = 4 [pid 5991] close(3) = 0 [pid 5991] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5991] write(1, "executing program\n", 18) = 18 [pid 5991] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5991] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5991] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5991] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5991] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5991] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5992 attached => {parent_tid=[5992]}, 88) = 5992 [pid 5992] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 5991] rt_sigprocmask(SIG_SETMASK, [], [pid 5992] set_robust_list(0x7f30bb7649a0, 24 [pid 5991] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5992] <... set_robust_list resumed>) = 0 [pid 5991] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5992] rt_sigprocmask(SIG_SETMASK, [], [pid 5991] <... futex resumed>) = 0 [pid 5992] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5991] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5992] memfd_create("syzkaller", 0) = 3 [pid 5992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5992] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5992] munmap(0x7f30b3200000, 138412032) = 0 [pid 5992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5992] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5992] close(3) = 0 [pid 5992] close(4) = 0 [pid 5992] mkdir("./file1", 0777) = 0 [pid 5992] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5992] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5992] chdir("./file1") = 0 [pid 5992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5992] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5991] <... futex resumed>) = 0 [pid 5992] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5991] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5992] <... futex resumed>) = 0 [pid 5991] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 133.696230][ T5992] loop0: detected capacity change from 0 to 32768 [ 133.731483][ T5992] syz-executor188: attempt to access beyond end of device [ 133.731483][ T5992] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [pid 5992] mkdirat(AT_FDCWD, "./bus", 000 [pid 5991] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5991] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5991] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5991] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 133.746223][ T5992] metapage_write_end_io: I/O error [ 133.753172][ T5992] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 133.753172][ T5992] [ 133.764337][ T5992] ERROR: (device loop0): remounting filesystem as read-only [ 133.772012][ T5992] ERROR: (device loop0): diWrite: ixpxd invalid [ 133.772012][ T5992] [ 133.780602][ T5992] ERROR: (device loop0): txCommit: [ 133.780602][ T5992] [ 133.788806][ T5992] blkno = 8f7c0, nblocks = 1 [pid 5991] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0} => {parent_tid=[5993]}, 88) = 5993 ./strace-static-x86_64: Process 5993 attached [pid 5991] rt_sigprocmask(SIG_SETMASK, [], [pid 5993] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5991] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5993] <... rseq resumed>) = 0 [pid 5993] set_robust_list(0x7f30bb7439a0, 24 [pid 5991] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5993] <... set_robust_list resumed>) = 0 [pid 5991] <... futex resumed>) = 0 [pid 5993] rt_sigprocmask(SIG_SETMASK, [], [pid 5991] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5993] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5993] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5993] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5993] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5991] <... futex resumed>) = 0 [pid 5993] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5992] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5992] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5992] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5991] exit_group(0 [pid 5993] <... futex resumed>) = ? [pid 5993] +++ exited with 0 +++ [pid 5991] <... exit_group resumed>) = ? [pid 5992] <... futex resumed>) = ? [pid 5992] +++ exited with 0 +++ [pid 5991] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5991, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 133.793785][ T5992] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 133.793785][ T5992] [ 133.804496][ T5992] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 133.804496][ T5992] [ 133.813700][ T5992] ERROR: (device loop0): remounting filesystem as read-only [ 133.821096][ T5992] ialloc: diAlloc returned -5! newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 133.924212][ T5824] syz-executor188: attempt to access beyond end of device [ 133.924212][ T5824] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 133.938770][ T5824] metapage_write_end_io: I/O error umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file1") = 0 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5994 attached , child_tidptr=0x5555562da690) = 5994 [pid 5994] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5994] chdir("./52") = 0 [pid 5994] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5994] setpgid(0, 0) = 0 [pid 5994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5994] write(3, "1000", 4) = 4 [pid 5994] close(3) = 0 [pid 5994] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5994] write(1, "executing program\n", 18executing program ) = 18 [pid 5994] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5994] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5994] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5994] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5994] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5994] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5995 attached => {parent_tid=[5995]}, 88) = 5995 [pid 5994] rt_sigprocmask(SIG_SETMASK, [], [pid 5995] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 5994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5995] <... rseq resumed>) = 0 [pid 5994] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] set_robust_list(0x7f30bb7649a0, 24 [pid 5994] <... futex resumed>) = 0 [pid 5995] <... set_robust_list resumed>) = 0 [pid 5995] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5994] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5995] memfd_create("syzkaller", 0) = 3 [pid 5995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5995] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5995] munmap(0x7f30b3200000, 138412032) = 0 [pid 5995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5995] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5995] close(3) = 0 [pid 5995] close(4) = 0 [pid 5995] mkdir("./file1", 0777) = 0 [pid 5995] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5995] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 134.615719][ T5995] loop0: detected capacity change from 0 to 32768 [pid 5995] chdir("./file1") = 0 [pid 5995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5995] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5994] <... futex resumed>) = 0 [pid 5995] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5994] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] <... futex resumed>) = 0 [pid 5994] <... futex resumed>) = 1 [pid 5995] mkdirat(AT_FDCWD, "./bus", 000 [ 134.703327][ T5995] metapage_write_end_io: I/O error [ 134.708546][ T5995] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 134.708546][ T5995] [ 134.719766][ T5995] ERROR: (device loop0): remounting filesystem as read-only [ 134.727183][ T5995] ERROR: (device loop0): diWrite: ixpxd invalid [ 134.727183][ T5995] [ 134.735754][ T5995] ERROR: (device loop0): txCommit: [ 134.735754][ T5995] [ 134.744039][ T5995] blkno = 8f7c0, nblocks = 1 [pid 5994] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5994] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 5994] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5994] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5995] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5994] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5994] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5996 attached [pid 5996] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 5994] <... clone3 resumed> => {parent_tid=[5996]}, 88) = 5996 [pid 5996] set_robust_list(0x7f30bb7439a0, 24 [pid 5994] rt_sigprocmask(SIG_SETMASK, [], [pid 5996] <... set_robust_list resumed>) = 0 [pid 5994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5996] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5994] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] mkdir(".", 0777 [pid 5994] <... futex resumed>) = 0 [pid 5996] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5994] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5996] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 5995] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] <... futex resumed>) = 0 [pid 5996] <... futex resumed>) = 1 [pid 5995] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5994] <... futex resumed>) = 0 [pid 5996] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5994] exit_group(0 [pid 5996] <... futex resumed>) = ? [pid 5995] <... futex resumed>) = ? [pid 5994] <... exit_group resumed>) = ? [pid 5996] +++ exited with 0 +++ [pid 5995] +++ exited with 0 +++ [pid 5994] +++ exited with 0 +++ [ 134.748654][ T5995] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 134.748654][ T5995] [ 134.760648][ T5995] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 134.760648][ T5995] [ 134.770079][ T5995] ialloc: diAlloc returned -5! --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5994, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 134.903425][ T3476] metapage_write_end_io: I/O error umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file1") = 0 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5997 attached , child_tidptr=0x5555562da690) = 5997 [pid 5997] set_robust_list(0x5555562da6a0, 24) = 0 [pid 5997] chdir("./53") = 0 [pid 5997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5997] setpgid(0, 0) = 0 [pid 5997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5997] write(3, "1000", 4) = 4 [pid 5997] close(3) = 0 [pid 5997] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5997] write(1, "executing program\n", 18executing program ) = 18 [pid 5997] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5997] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 5997] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 5997] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5997] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5997] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 5998 attached [pid 5998] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 5997] <... clone3 resumed> => {parent_tid=[5998]}, 88) = 5998 [pid 5998] <... rseq resumed>) = 0 [pid 5997] rt_sigprocmask(SIG_SETMASK, [], [pid 5998] set_robust_list(0x7f30bb7649a0, 24 [pid 5997] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5998] <... set_robust_list resumed>) = 0 [pid 5997] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] rt_sigprocmask(SIG_SETMASK, [], [pid 5997] <... futex resumed>) = 0 [pid 5997] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5998] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5998] memfd_create("syzkaller", 0) = 3 [pid 5998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 5998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5998] munmap(0x7f30b3200000, 138412032) = 0 [pid 5998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5998] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5998] close(3) = 0 [pid 5998] close(4) = 0 [pid 5998] mkdir("./file1", 0777) = 0 [pid 5998] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 5998] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5998] chdir("./file1") = 0 [pid 5998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5998] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5998] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5997] <... futex resumed>) = 0 [pid 5997] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] <... futex resumed>) = 0 [pid 5997] <... futex resumed>) = 1 [pid 5998] mkdirat(AT_FDCWD, "./bus", 000 [ 135.562232][ T5998] loop0: detected capacity change from 0 to 32768 [pid 5997] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5997] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [ 135.603294][ T5998] bio_check_eod: 2 callbacks suppressed [ 135.603307][ T5998] syz-executor188: attempt to access beyond end of device [ 135.603307][ T5998] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 135.624546][ T5998] metapage_write_end_io: I/O error [ 135.629781][ T5998] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 135.629781][ T5998] [ 135.642553][ T5998] ERROR: (device loop0): remounting filesystem as read-only [pid 5997] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5997] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5997] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 5999 attached [pid 5999] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 5997] <... clone3 resumed> => {parent_tid=[5999]}, 88) = 5999 [pid 5999] <... rseq resumed>) = 0 [pid 5997] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5999] set_robust_list(0x7f30bb7439a0, 24 [pid 5997] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... set_robust_list resumed>) = 0 [pid 5997] <... futex resumed>) = 0 [pid 5999] rt_sigprocmask(SIG_SETMASK, [], [pid 5997] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5999] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5999] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5999] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [ 135.650251][ T5998] ERROR: (device loop0): diWrite: ixpxd invalid [ 135.650251][ T5998] [ 135.659174][ T5998] ERROR: (device loop0): txCommit: [ 135.659174][ T5998] [ 135.668839][ T5998] blkno = 8f7c0, nblocks = 1 [ 135.673567][ T5998] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 135.673567][ T5998] [ 135.684377][ T5998] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 135.684377][ T5998] [ 135.694378][ T5998] ERROR: (device loop0): remounting filesystem as read-only [pid 5999] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5998] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 5997] <... futex resumed>) = 0 [pid 5998] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5998] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5999] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5997] exit_group(0 [pid 5999] <... futex resumed>) = ? [pid 5998] <... futex resumed>) = ? [pid 5999] +++ exited with 0 +++ [pid 5998] +++ exited with 0 +++ [pid 5997] <... exit_group resumed>) = ? [pid 5997] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5997, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 135.702334][ T5998] ialloc: diAlloc returned -5! openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 135.801046][ T5824] syz-executor188: attempt to access beyond end of device [ 135.801046][ T5824] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 135.815229][ T5824] metapage_write_end_io: I/O error umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file1") = 0 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6000 attached , child_tidptr=0x5555562da690) = 6000 [pid 6000] set_robust_list(0x5555562da6a0, 24) = 0 [pid 6000] chdir("./54") = 0 [pid 6000] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6000] setpgid(0, 0) = 0 [pid 6000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6000] write(3, "1000", 4) = 4 [pid 6000] close(3) = 0 [pid 6000] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6000] write(1, "executing program\n", 18executing program ) = 18 [pid 6000] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6000] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 6000] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6000] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 6000] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6000] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6000] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 6001 attached [pid 6001] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 6000] <... clone3 resumed> => {parent_tid=[6001]}, 88) = 6001 [pid 6001] set_robust_list(0x7f30bb7649a0, 24 [pid 6000] rt_sigprocmask(SIG_SETMASK, [], [pid 6001] <... set_robust_list resumed>) = 0 [pid 6000] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6001] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6000] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6001] memfd_create("syzkaller", 0 [pid 6000] <... futex resumed>) = 0 [pid 6001] <... memfd_create resumed>) = 3 [pid 6000] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 6001] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6001] munmap(0x7f30b3200000, 138412032) = 0 [pid 6001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6001] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6001] close(3) = 0 [pid 6001] close(4) = 0 [pid 6001] mkdir("./file1", 0777) = 0 [pid 6001] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 6001] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 136.481108][ T6001] loop0: detected capacity change from 0 to 32768 [pid 6001] chdir("./file1") = 0 [pid 6001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6001] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6000] <... futex resumed>) = 0 [pid 6001] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6000] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6001] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6000] <... futex resumed>) = 0 [pid 6001] mkdirat(AT_FDCWD, "./bus", 000 [ 136.566018][ T6001] syz-executor188: attempt to access beyond end of device [ 136.566018][ T6001] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 136.581587][ T6001] metapage_write_end_io: I/O error [ 136.586747][ T6001] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 136.586747][ T6001] [ 136.597524][ T6001] ERROR: (device loop0): remounting filesystem as read-only [ 136.604928][ T6001] ERROR: (device loop0): diWrite: ixpxd invalid [ 136.604928][ T6001] [pid 6000] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6000] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6000] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 6000] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6000] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6000] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 6002 attached [pid 6002] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 6000] <... clone3 resumed> => {parent_tid=[6002]}, 88) = 6002 [pid 6002] <... rseq resumed>) = 0 [pid 6000] rt_sigprocmask(SIG_SETMASK, [], [pid 6002] set_robust_list(0x7f30bb7439a0, 24 [pid 6000] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6002] <... set_robust_list resumed>) = 0 [pid 6000] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] rt_sigprocmask(SIG_SETMASK, [], [pid 6000] <... futex resumed>) = 0 [pid 6002] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6000] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6002] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6002] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 6002] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6000] <... futex resumed>) = 0 [pid 6002] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6001] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 6001] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6001] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6000] exit_group(0 [pid 6002] <... futex resumed>) = ? [pid 6001] <... futex resumed>) = ? [pid 6000] <... exit_group resumed>) = ? [pid 6002] +++ exited with 0 +++ [pid 6001] +++ exited with 0 +++ [pid 6000] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6000, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 136.613672][ T6001] ERROR: (device loop0): txCommit: [ 136.613672][ T6001] [ 136.622365][ T6001] blkno = 8f7c0, nblocks = 1 [ 136.629171][ T6001] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 136.629171][ T6001] [ 136.639320][ T6001] ERROR: (device loop0): remounting filesystem as read-only [ 136.647527][ T6001] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 136.647527][ T6001] [ 136.656846][ T6001] ialloc: diAlloc returned -5! umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 136.735929][ T5824] syz-executor188: attempt to access beyond end of device [ 136.735929][ T5824] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 136.750151][ T5824] metapage_write_end_io: I/O error openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file1") = 0 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6003 attached , child_tidptr=0x5555562da690) = 6003 [pid 6003] set_robust_list(0x5555562da6a0, 24) = 0 [pid 6003] chdir("./55") = 0 [pid 6003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6003] setpgid(0, 0) = 0 [pid 6003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6003] write(3, "1000", 4) = 4 [pid 6003] close(3) = 0 [pid 6003] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6003] write(1, "executing program\n", 18executing program ) = 18 [pid 6003] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6003] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 6003] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 6003] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6003] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6003] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 6004 attached => {parent_tid=[6004]}, 88) = 6004 [pid 6004] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 6003] rt_sigprocmask(SIG_SETMASK, [], [pid 6004] set_robust_list(0x7f30bb7649a0, 24 [pid 6003] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6004] <... set_robust_list resumed>) = 0 [pid 6003] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6004] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6003] <... futex resumed>) = 0 [pid 6003] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6004] memfd_create("syzkaller", 0) = 3 [pid 6004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 6004] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6004] munmap(0x7f30b3200000, 138412032) = 0 [pid 6004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6004] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6004] close(3) = 0 [pid 6004] close(4) = 0 [pid 6004] mkdir("./file1", 0777) = 0 [pid 6004] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 6004] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6004] chdir("./file1") = 0 [pid 6004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6004] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6003] <... futex resumed>) = 0 [pid 6004] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6003] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6004] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6003] <... futex resumed>) = 0 [pid 6004] mkdirat(AT_FDCWD, "./bus", 000 [ 137.348166][ T6004] loop0: detected capacity change from 0 to 32768 [ 137.391722][ T6004] syz-executor188: attempt to access beyond end of device [ 137.391722][ T6004] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 137.407751][ T6004] metapage_write_end_io: I/O error [ 137.413054][ T6004] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 137.413054][ T6004] [ 137.425019][ T6004] ERROR: (device loop0): remounting filesystem as read-only [ 137.432546][ T6004] ERROR: (device loop0): diWrite: ixpxd invalid [ 137.432546][ T6004] [pid 6003] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6003] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6003] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 6003] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6003] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6003] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 6005 attached [pid 6005] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 6003] <... clone3 resumed> => {parent_tid=[6005]}, 88) = 6005 [pid 6005] <... rseq resumed>) = 0 [pid 6003] rt_sigprocmask(SIG_SETMASK, [], [pid 6005] set_robust_list(0x7f30bb7439a0, 24 [pid 6003] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6005] <... set_robust_list resumed>) = 0 [pid 6003] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] rt_sigprocmask(SIG_SETMASK, [], [pid 6003] <... futex resumed>) = 0 [pid 6005] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6003] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6005] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6005] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 6005] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6003] <... futex resumed>) = 0 [pid 6005] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6004] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 6004] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6004] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6003] exit_group(0 [pid 6005] <... futex resumed>) = ? [pid 6004] <... futex resumed>) = ? [pid 6003] <... exit_group resumed>) = ? [pid 6004] +++ exited with 0 +++ [pid 6005] +++ exited with 0 +++ [pid 6003] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6003, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 137.441069][ T6004] ERROR: (device loop0): txCommit: [ 137.441069][ T6004] [ 137.448473][ T6004] ERROR: (device loop0): remounting filesystem as read-only [ 137.457448][ T6004] blkno = 8f7c0, nblocks = 1 [ 137.462253][ T6004] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 137.462253][ T6004] [ 137.473039][ T6004] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 137.473039][ T6004] [ 137.482266][ T6004] ialloc: diAlloc returned -5! umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file1") = 0 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 137.531371][ T5824] syz-executor188: attempt to access beyond end of device [ 137.531371][ T5824] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 137.546563][ T5824] metapage_write_end_io: I/O error close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6006 attached , child_tidptr=0x5555562da690) = 6006 [pid 6006] set_robust_list(0x5555562da6a0, 24) = 0 [pid 6006] chdir("./56") = 0 [pid 6006] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6006] setpgid(0, 0) = 0 [pid 6006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6006] write(3, "1000", 4) = 4 [pid 6006] close(3) = 0 [pid 6006] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6006] write(1, "executing program\n", 18) = 18 [pid 6006] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6006] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 6006] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 6006] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6006] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6006] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 6007 attached [pid 6007] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 6007] set_robust_list(0x7f30bb7649a0, 24) = 0 [pid 6006] <... clone3 resumed> => {parent_tid=[6007]}, 88) = 6007 [pid 6007] rt_sigprocmask(SIG_SETMASK, [], [pid 6006] rt_sigprocmask(SIG_SETMASK, [], [pid 6007] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6007] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6006] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6006] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6007] <... futex resumed>) = 0 [pid 6006] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6007] memfd_create("syzkaller", 0) = 3 [pid 6007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 6007] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6007] munmap(0x7f30b3200000, 138412032) = 0 [pid 6007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6007] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6007] close(3) = 0 [pid 6007] close(4) = 0 [pid 6007] mkdir("./file1", 0777) = 0 [pid 6007] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 6007] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 137.981391][ T6007] loop0: detected capacity change from 0 to 32768 [pid 6007] chdir("./file1") = 0 [pid 6007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6007] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6006] <... futex resumed>) = 0 [pid 6007] mkdirat(AT_FDCWD, "./bus", 000 [pid 6006] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 138.046435][ T6007] syz-executor188: attempt to access beyond end of device [ 138.046435][ T6007] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 138.060628][ T6007] metapage_write_end_io: I/O error [ 138.065822][ T6007] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 138.065822][ T6007] [ 138.077080][ T6007] ERROR: (device loop0): remounting filesystem as read-only [ 138.084457][ T6007] ERROR: (device loop0): diWrite: ixpxd invalid [ 138.084457][ T6007] [pid 6006] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6006] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 6006] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6006] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6006] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 6008 attached [pid 6008] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 6008] set_robust_list(0x7f30bb7439a0, 24) = 0 [pid 6006] <... clone3 resumed> => {parent_tid=[6008]}, 88) = 6008 [pid 6008] rt_sigprocmask(SIG_SETMASK, [], [pid 6006] rt_sigprocmask(SIG_SETMASK, [], [pid 6008] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6006] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6007] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 6008] mkdir(".", 0777 [pid 6006] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6007] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6008] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "" [pid 6007] <... futex resumed>) = 0 [pid 6006] <... futex resumed>) = 0 [pid 6007] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6006] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6008] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6008] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... futex resumed>) = 0 [pid 6008] <... futex resumed>) = 1 [pid 6006] exit_group(0) = ? [pid 6007] <... futex resumed>) = ? [pid 6007] +++ exited with 0 +++ [pid 6008] +++ exited with 0 +++ [pid 6006] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6006, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 138.094514][ T6007] ERROR: (device loop0): txCommit: [ 138.094514][ T6007] [ 138.102836][ T6007] blkno = 8f7c0, nblocks = 1 [ 138.107454][ T6007] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 138.107454][ T6007] [ 138.118712][ T6007] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 138.118712][ T6007] [ 138.128738][ T6007] ialloc: diAlloc returned -5! openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 138.235244][ T3476] kworker/u8:9: attempt to access beyond end of device [ 138.235244][ T3476] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 138.249221][ T3476] metapage_write_end_io: I/O error openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file1") = 0 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6009 attached , child_tidptr=0x5555562da690) = 6009 [pid 6009] set_robust_list(0x5555562da6a0, 24) = 0 [pid 6009] chdir("./57") = 0 [pid 6009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6009] setpgid(0, 0) = 0 [pid 6009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6009] write(3, "1000", 4) = 4 [pid 6009] close(3) = 0 [pid 6009] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6009] write(1, "executing program\n", 18) = 18 [pid 6009] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6009] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 6009] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 6009] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6009] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 6010 attached [pid 6010] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 6009] <... clone3 resumed> => {parent_tid=[6010]}, 88) = 6010 [pid 6010] set_robust_list(0x7f30bb7649a0, 24 [pid 6009] rt_sigprocmask(SIG_SETMASK, [], [pid 6010] <... set_robust_list resumed>) = 0 [pid 6009] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6010] rt_sigprocmask(SIG_SETMASK, [], [pid 6009] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6010] memfd_create("syzkaller", 0 [pid 6009] <... futex resumed>) = 0 [pid 6010] <... memfd_create resumed>) = 3 [pid 6009] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 6010] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6010] munmap(0x7f30b3200000, 138412032) = 0 [pid 6010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6010] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6010] close(3) = 0 [pid 6010] close(4) = 0 [pid 6010] mkdir("./file1", 0777) = 0 [pid 6010] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 6010] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6010] chdir("./file1") = 0 [pid 6010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6010] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6010] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] <... futex resumed>) = 0 [pid 6009] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... futex resumed>) = 0 [pid 6009] <... futex resumed>) = 1 [pid 6010] mkdirat(AT_FDCWD, "./bus", 000 [ 138.903172][ T6010] loop0: detected capacity change from 0 to 32768 [ 138.956522][ T6010] syz-executor188: attempt to access beyond end of device [ 138.956522][ T6010] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 138.971598][ T6010] metapage_write_end_io: I/O error [ 138.976765][ T6010] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 138.976765][ T6010] [ 138.987536][ T6010] ERROR: (device loop0): remounting filesystem as read-only [ 138.994909][ T6010] ERROR: (device loop0): diWrite: ixpxd invalid [ 138.994909][ T6010] [pid 6009] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6009] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 6010] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 6009] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6010] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6010] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 6011 attached [pid 6011] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 6011] set_robust_list(0x7f30bb7439a0, 24 [pid 6009] <... clone3 resumed> => {parent_tid=[6011]}, 88) = 6011 [pid 6011] <... set_robust_list resumed>) = 0 [pid 6009] rt_sigprocmask(SIG_SETMASK, [], [pid 6011] rt_sigprocmask(SIG_SETMASK, [], [pid 6009] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6011] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6011] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6009] <... futex resumed>) = 0 [pid 6011] mkdir(".", 0777 [pid 6009] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6011] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6011] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 6011] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6009] <... futex resumed>) = 0 [pid 6011] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] exit_group(0 [pid 6011] <... futex resumed>) = ? [pid 6010] <... futex resumed>) = ? [pid 6009] <... exit_group resumed>) = ? [pid 6011] +++ exited with 0 +++ [pid 6010] +++ exited with 0 +++ [pid 6009] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6009, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=19 /* 0.19 s */} --- [ 139.003482][ T6010] ERROR: (device loop0): txCommit: [ 139.003482][ T6010] [ 139.011847][ T6010] blkno = 8f7c0, nblocks = 1 [ 139.016460][ T6010] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 139.016460][ T6010] [ 139.027295][ T6010] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 139.027295][ T6010] [ 139.036833][ T6010] ialloc: diAlloc returned -5! restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 139.169041][ T12] kworker/u8:0: attempt to access beyond end of device [ 139.169041][ T12] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 139.182991][ T12] metapage_write_end_io: I/O error umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file1") = 0 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6012 attached , child_tidptr=0x5555562da690) = 6012 [pid 6012] set_robust_list(0x5555562da6a0, 24) = 0 [pid 6012] chdir("./58") = 0 [pid 6012] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6012] setpgid(0, 0) = 0 [pid 6012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6012] write(3, "1000", 4) = 4 [pid 6012] close(3) = 0 [pid 6012] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6012] write(1, "executing program\n", 18) = 18 [pid 6012] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6012] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 6012] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6012] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 6012] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6012] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6012] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 6013 attached [pid 6013] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 6012] <... clone3 resumed> => {parent_tid=[6013]}, 88) = 6013 [pid 6013] set_robust_list(0x7f30bb7649a0, 24 [pid 6012] rt_sigprocmask(SIG_SETMASK, [], [pid 6013] <... set_robust_list resumed>) = 0 [pid 6012] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6013] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6012] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6013] memfd_create("syzkaller", 0 [pid 6012] <... futex resumed>) = 0 [pid 6012] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6013] <... memfd_create resumed>) = 3 [pid 6013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 6013] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6013] munmap(0x7f30b3200000, 138412032) = 0 [pid 6013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6013] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6013] close(3) = 0 [pid 6013] close(4) = 0 [pid 6013] mkdir("./file1", 0777) = 0 [pid 6013] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 6013] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6013] chdir("./file1") = 0 [ 139.835239][ T6013] loop0: detected capacity change from 0 to 32768 [pid 6013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6013] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6012] <... futex resumed>) = 0 [pid 6013] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6012] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6012] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6013] <... futex resumed>) = 0 [pid 6013] mkdirat(AT_FDCWD, "./bus", 000 [pid 6012] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6012] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6012] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 6012] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6012] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6012] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 6014 attached => {parent_tid=[6014]}, 88) = 6014 [pid 6012] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6012] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6012] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6014] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 6014] set_robust_list(0x7f30bb7439a0, 24) = 0 [pid 6014] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6014] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6014] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [ 139.929047][ T6013] metapage_write_end_io: I/O error [ 139.934747][ T6013] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 139.934747][ T6013] [ 139.946392][ T6013] ERROR: (device loop0): remounting filesystem as read-only [ 139.953877][ T6013] ERROR: (device loop0): diWrite: ixpxd invalid [ 139.953877][ T6013] [ 139.962429][ T6013] ERROR: (device loop0): txCommit: [ 139.962429][ T6013] [ 139.973267][ T6013] blkno = 8f7c0, nblocks = 1 [pid 6014] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6012] <... futex resumed>) = 0 [pid 6014] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6013] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 6013] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6013] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6012] exit_group(0 [pid 6014] <... futex resumed>) = ? [pid 6013] <... futex resumed>) = ? [pid 6012] <... exit_group resumed>) = ? [pid 6014] +++ exited with 0 +++ [pid 6013] +++ exited with 0 +++ [pid 6012] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6012, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 139.977960][ T6013] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 139.977960][ T6013] [ 139.988265][ T6013] ERROR: (device loop0): remounting filesystem as read-only [ 139.996545][ T6013] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 139.996545][ T6013] [ 140.005959][ T6013] ialloc: diAlloc returned -5! openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 140.119387][ T5824] metapage_write_end_io: I/O error umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file1") = 0 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6015 attached , child_tidptr=0x5555562da690) = 6015 [pid 6015] set_robust_list(0x5555562da6a0, 24) = 0 [pid 6015] chdir("./59") = 0 [pid 6015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6015] setpgid(0, 0) = 0 [pid 6015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6015] write(3, "1000", 4) = 4 [pid 6015] close(3) = 0 [pid 6015] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6015] write(1, "executing program\n", 18) = 18 [pid 6015] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6015] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 6015] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 6015] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6015] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6015] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 6016 attached [pid 6016] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 6015] <... clone3 resumed> => {parent_tid=[6016]}, 88) = 6016 [pid 6016] <... rseq resumed>) = 0 [pid 6016] set_robust_list(0x7f30bb7649a0, 24) = 0 [pid 6015] rt_sigprocmask(SIG_SETMASK, [], [pid 6016] rt_sigprocmask(SIG_SETMASK, [], [pid 6015] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6016] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6015] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6016] memfd_create("syzkaller", 0 [pid 6015] <... futex resumed>) = 0 [pid 6015] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6016] <... memfd_create resumed>) = 3 [pid 6016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 6016] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6016] munmap(0x7f30b3200000, 138412032) = 0 [pid 6016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6016] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6016] close(3) = 0 [pid 6016] close(4) = 0 [pid 6016] mkdir("./file1", 0777) = 0 [pid 6016] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 6016] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 140.734734][ T6016] loop0: detected capacity change from 0 to 32768 [pid 6016] chdir("./file1") = 0 [pid 6016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6016] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6016] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6015] <... futex resumed>) = 0 [pid 6015] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6016] <... futex resumed>) = 0 [pid 6015] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 140.814355][ T6016] bio_check_eod: 2 callbacks suppressed [ 140.814374][ T6016] syz-executor188: attempt to access beyond end of device [ 140.814374][ T6016] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 140.835021][ T6016] metapage_write_end_io: I/O error [ 140.840276][ T6016] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 140.840276][ T6016] [ 140.851148][ T6016] ERROR: (device loop0): remounting filesystem as read-only [ 140.858580][ T6016] ERROR: (device loop0): diWrite: ixpxd invalid [pid 6016] mkdirat(AT_FDCWD, "./bus", 000 [pid 6015] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6015] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 6015] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE [pid 6016] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 6015] <... mprotect resumed>) = 0 [pid 6016] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6015] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6016] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6015] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6015] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 6017 attached [pid 6017] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 6015] <... clone3 resumed> => {parent_tid=[6017]}, 88) = 6017 [pid 6017] set_robust_list(0x7f30bb7439a0, 24 [pid 6015] rt_sigprocmask(SIG_SETMASK, [], [pid 6017] <... set_robust_list resumed>) = 0 [pid 6015] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6017] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6015] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6017] mkdir(".", 0777 [pid 6015] <... futex resumed>) = 0 [pid 6017] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6015] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6017] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [ 140.858580][ T6016] [ 140.867157][ T6016] ERROR: (device loop0): txCommit: [ 140.867157][ T6016] [ 140.875578][ T6016] blkno = 8f7c0, nblocks = 1 [ 140.880258][ T6016] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 140.880258][ T6016] [ 140.890944][ T6016] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 140.890944][ T6016] [ 140.900450][ T6016] ialloc: diAlloc returned -5! [pid 6017] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6017] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6015] <... futex resumed>) = 0 [pid 6015] exit_group(0 [pid 6017] <... futex resumed>) = ? [pid 6016] <... futex resumed>) = ? [pid 6015] <... exit_group resumed>) = ? [pid 6017] +++ exited with 0 +++ [pid 6016] +++ exited with 0 +++ [pid 6015] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6015, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 141.043932][ T3476] kworker/u8:9: attempt to access beyond end of device [ 141.043932][ T3476] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 141.057819][ T3476] metapage_write_end_io: I/O error openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file1") = 0 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6018 attached , child_tidptr=0x5555562da690) = 6018 [pid 6018] set_robust_list(0x5555562da6a0, 24) = 0 [pid 6018] chdir("./60") = 0 [pid 6018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6018] setpgid(0, 0) = 0 [pid 6018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6018] write(3, "1000", 4) = 4 [pid 6018] close(3) = 0 [pid 6018] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6018] write(1, "executing program\n", 18executing program ) = 18 [pid 6018] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 6018] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 6018] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6018] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6018] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 6019 attached [pid 6019] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 6018] <... clone3 resumed> => {parent_tid=[6019]}, 88) = 6019 [pid 6019] <... rseq resumed>) = 0 [pid 6019] set_robust_list(0x7f30bb7649a0, 24) = 0 [pid 6018] rt_sigprocmask(SIG_SETMASK, [], [pid 6019] rt_sigprocmask(SIG_SETMASK, [], [pid 6018] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6019] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6018] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] memfd_create("syzkaller", 0 [pid 6018] <... futex resumed>) = 0 [pid 6019] <... memfd_create resumed>) = 3 [pid 6018] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 6019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6019] munmap(0x7f30b3200000, 138412032) = 0 [pid 6019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6019] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6019] close(3) = 0 [pid 6019] close(4) = 0 [pid 6019] mkdir("./file1", 0777) = 0 [pid 6019] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 6019] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6019] chdir("./file1") = 0 [pid 6019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 141.707913][ T6019] loop0: detected capacity change from 0 to 32768 [pid 6019] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... futex resumed>) = 0 [pid 6018] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6019] <... futex resumed>) = 1 [pid 6018] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] mkdirat(AT_FDCWD, "./bus", 000 [pid 6018] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 141.772797][ T6019] syz-executor188: attempt to access beyond end of device [ 141.772797][ T6019] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 141.787838][ T6019] metapage_write_end_io: I/O error [ 141.793191][ T6019] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 141.793191][ T6019] [ 141.803995][ T6019] ERROR: (device loop0): remounting filesystem as read-only [ 141.811408][ T6019] ERROR: (device loop0): diWrite: ixpxd invalid [ 141.811408][ T6019] [pid 6018] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 6018] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6018] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6018] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 6020 attached => {parent_tid=[6020]}, 88) = 6020 [pid 6020] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 6018] rt_sigprocmask(SIG_SETMASK, [], [pid 6020] <... rseq resumed>) = 0 [pid 6018] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6020] set_robust_list(0x7f30bb7439a0, 24 [pid 6018] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] <... set_robust_list resumed>) = 0 [pid 6018] <... futex resumed>) = 0 [pid 6020] rt_sigprocmask(SIG_SETMASK, [], [pid 6018] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6020] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6020] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6020] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "" [pid 6019] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 6020] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6019] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] <... futex resumed>) = 0 [pid 6019] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] <... futex resumed>) = 0 [pid 6020] <... futex resumed>) = 1 [pid 6018] exit_group(0 [pid 6019] <... futex resumed>) = ? [pid 6020] +++ exited with 0 +++ [pid 6019] +++ exited with 0 +++ [pid 6018] <... exit_group resumed>) = ? [pid 6018] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6018, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 141.819919][ T6019] ERROR: (device loop0): txCommit: [ 141.819919][ T6019] [ 141.828336][ T6019] blkno = 8f7c0, nblocks = 1 [ 141.833810][ T6019] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 141.833810][ T6019] [ 141.846707][ T6019] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 141.846707][ T6019] [ 141.856162][ T6019] ialloc: diAlloc returned -5! newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 141.951069][ T3476] kworker/u8:9: attempt to access beyond end of device [ 141.951069][ T3476] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 141.964979][ T3476] metapage_write_end_io: I/O error umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file1") = 0 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6021 attached , child_tidptr=0x5555562da690) = 6021 [pid 6021] set_robust_list(0x5555562da6a0, 24) = 0 [pid 6021] chdir("./61") = 0 [pid 6021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6021] setpgid(0, 0) = 0 [pid 6021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6021] write(3, "1000", 4) = 4 [pid 6021] close(3) = 0 [pid 6021] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6021] write(1, "executing program\n", 18executing program ) = 18 [pid 6021] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6021] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 6021] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 6021] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6021] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6021] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 6022 attached [pid 6022] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 6021] <... clone3 resumed> => {parent_tid=[6022]}, 88) = 6022 [pid 6022] set_robust_list(0x7f30bb7649a0, 24 [pid 6021] rt_sigprocmask(SIG_SETMASK, [], [pid 6022] <... set_robust_list resumed>) = 0 [pid 6021] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6022] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6021] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6022] memfd_create("syzkaller", 0 [pid 6021] <... futex resumed>) = 0 [pid 6022] <... memfd_create resumed>) = 3 [pid 6021] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 6022] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6022] munmap(0x7f30b3200000, 138412032) = 0 [pid 6022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6022] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6022] close(3) = 0 [pid 6022] close(4) = 0 [pid 6022] mkdir("./file1", 0777) = 0 [pid 6022] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 6022] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6022] chdir("./file1") = 0 [pid 6022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6022] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6021] <... futex resumed>) = 0 [pid 6022] mkdirat(AT_FDCWD, "./bus", 000 [ 142.600936][ T6022] loop0: detected capacity change from 0 to 32768 [pid 6021] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 142.656971][ T6022] syz-executor188: attempt to access beyond end of device [ 142.656971][ T6022] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 142.672040][ T6022] metapage_write_end_io: I/O error [ 142.677223][ T6022] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 142.677223][ T6022] [ 142.688488][ T6022] ERROR: (device loop0): remounting filesystem as read-only [ 142.696191][ T6022] ERROR: (device loop0): diWrite: ixpxd invalid [ 142.696191][ T6022] [pid 6021] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6021] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 6021] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6021] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6022] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 6021] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6022] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6022] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6021] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 6023 attached [pid 6023] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 6021] <... clone3 resumed> => {parent_tid=[6023]}, 88) = 6023 [pid 6023] set_robust_list(0x7f30bb7439a0, 24 [pid 6021] rt_sigprocmask(SIG_SETMASK, [], [pid 6023] <... set_robust_list resumed>) = 0 [pid 6021] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6023] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6021] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] mkdir(".", 0777 [pid 6021] <... futex resumed>) = 0 [pid 6023] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6021] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6023] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [ 142.705146][ T6022] ERROR: (device loop0): txCommit: [ 142.705146][ T6022] [ 142.714386][ T6022] blkno = 8f7c0, nblocks = 1 [ 142.719352][ T6022] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 142.719352][ T6022] [ 142.730284][ T6022] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 142.730284][ T6022] [ 142.739475][ T6022] ialloc: diAlloc returned -5! [pid 6023] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6021] <... futex resumed>) = 0 [pid 6023] <... futex resumed>) = 1 [pid 6021] exit_group(0 [pid 6022] <... futex resumed>) = ? [pid 6021] <... exit_group resumed>) = ? [pid 6023] +++ exited with 0 +++ [pid 6022] +++ exited with 0 +++ [pid 6021] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6021, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 142.881728][ T12] kworker/u8:0: attempt to access beyond end of device [ 142.881728][ T12] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 142.895721][ T12] metapage_write_end_io: I/O error umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file1") = 0 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6024 attached , child_tidptr=0x5555562da690) = 6024 [pid 6024] set_robust_list(0x5555562da6a0, 24) = 0 [pid 6024] chdir("./62") = 0 [pid 6024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6024] setpgid(0, 0) = 0 [pid 6024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6024] write(3, "1000", 4) = 4 [pid 6024] close(3) = 0 [pid 6024] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6024] write(1, "executing program\n", 18) = 18 [pid 6024] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6024] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 6024] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 6024] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6024] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6024] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 6025 attached => {parent_tid=[6025]}, 88) = 6025 [pid 6024] rt_sigprocmask(SIG_SETMASK, [], [pid 6025] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 6024] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6025] <... rseq resumed>) = 0 [pid 6025] set_robust_list(0x7f30bb7649a0, 24 [pid 6024] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] <... set_robust_list resumed>) = 0 [pid 6024] <... futex resumed>) = 0 [pid 6024] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6025] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6025] memfd_create("syzkaller", 0) = 3 [pid 6025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 6025] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6025] munmap(0x7f30b3200000, 138412032) = 0 [pid 6025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6025] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6025] close(3) = 0 [pid 6025] close(4) = 0 [pid 6025] mkdir("./file1", 0777) = 0 [ 143.580105][ T6025] loop0: detected capacity change from 0 to 32768 [pid 6025] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 6025] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6025] chdir("./file1") = 0 [pid 6025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6025] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6025] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] <... futex resumed>) = 0 [pid 6024] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6025] <... futex resumed>) = 0 [pid 6024] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 143.690439][ T6025] syz-executor188: attempt to access beyond end of device [ 143.690439][ T6025] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 143.704652][ T6025] metapage_write_end_io: I/O error [ 143.710011][ T6025] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 143.710011][ T6025] [ 143.721041][ T6025] ERROR: (device loop0): remounting filesystem as read-only [ 143.728357][ T6025] ERROR: (device loop0): diWrite: ixpxd invalid [ 143.728357][ T6025] [pid 6025] mkdirat(AT_FDCWD, "./bus", 000 [pid 6024] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6024] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 6024] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6024] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6025] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 6024] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6024] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 6026 attached [pid 6026] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 6025] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... rseq resumed>) = 0 [pid 6025] <... futex resumed>) = 0 [pid 6024] <... clone3 resumed> => {parent_tid=[6026]}, 88) = 6026 [pid 6026] set_robust_list(0x7f30bb7439a0, 24 [pid 6025] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] rt_sigprocmask(SIG_SETMASK, [], [pid 6026] <... set_robust_list resumed>) = 0 [pid 6026] rt_sigprocmask(SIG_SETMASK, [], [pid 6024] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6026] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6024] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] mkdir(".", 0777 [pid 6024] <... futex resumed>) = 0 [pid 6026] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6024] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6026] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 6026] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6024] <... futex resumed>) = 0 [pid 6026] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6024] exit_group(0 [pid 6026] <... futex resumed>) = ? [pid 6026] +++ exited with 0 +++ [pid 6025] <... futex resumed>) = ? [pid 6024] <... exit_group resumed>) = ? [pid 6025] +++ exited with 0 +++ [pid 6024] +++ exited with 0 +++ [ 143.736883][ T6025] ERROR: (device loop0): txCommit: [ 143.736883][ T6025] [ 143.745150][ T6025] blkno = 8f7c0, nblocks = 1 [ 143.749767][ T6025] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 143.749767][ T6025] [ 143.760904][ T6025] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 143.760904][ T6025] [ 143.770164][ T6025] ialloc: diAlloc returned -5! --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6024, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 143.884412][ T3476] kworker/u8:9: attempt to access beyond end of device [ 143.884412][ T3476] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 143.898333][ T3476] metapage_write_end_io: I/O error openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file1") = 0 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6027 attached , child_tidptr=0x5555562da690) = 6027 [pid 6027] set_robust_list(0x5555562da6a0, 24) = 0 [pid 6027] chdir("./63") = 0 [pid 6027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6027] setpgid(0, 0) = 0 [pid 6027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6027] write(3, "1000", 4) = 4 [pid 6027] close(3) = 0 [pid 6027] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6027] write(1, "executing program\n", 18) = 18 [pid 6027] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6027] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 6027] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 6027] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6027] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6027] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 6028 attached [pid 6028] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 6028] set_robust_list(0x7f30bb7649a0, 24) = 0 [pid 6027] <... clone3 resumed> => {parent_tid=[6028]}, 88) = 6028 [pid 6028] rt_sigprocmask(SIG_SETMASK, [], [pid 6027] rt_sigprocmask(SIG_SETMASK, [], [pid 6028] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6027] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6028] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6027] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6028] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6027] <... futex resumed>) = 0 [pid 6027] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6028] memfd_create("syzkaller", 0) = 3 [pid 6028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 6028] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6028] munmap(0x7f30b3200000, 138412032) = 0 [pid 6028] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6028] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6028] close(3) = 0 [pid 6028] close(4) = 0 [pid 6028] mkdir("./file1", 0777) = 0 [pid 6028] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 6028] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6028] chdir("./file1") = 0 [ 144.547729][ T6028] loop0: detected capacity change from 0 to 32768 [pid 6028] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6028] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6028] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6027] <... futex resumed>) = 0 [pid 6027] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6028] <... futex resumed>) = 0 [pid 6027] <... futex resumed>) = 1 [pid 6028] mkdirat(AT_FDCWD, "./bus", 000 [pid 6027] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 144.614603][ T6028] syz-executor188: attempt to access beyond end of device [ 144.614603][ T6028] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 144.629789][ T6028] metapage_write_end_io: I/O error [ 144.635042][ T6028] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 144.635042][ T6028] [ 144.646033][ T6028] ERROR: (device loop0): remounting filesystem as read-only [ 144.653434][ T6028] ERROR: (device loop0): diWrite: ixpxd invalid [ 144.653434][ T6028] [pid 6027] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 6027] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6027] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6027] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 6029 attached => {parent_tid=[6029]}, 88) = 6029 [pid 6029] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 6027] rt_sigprocmask(SIG_SETMASK, [], [pid 6029] <... rseq resumed>) = 0 [pid 6029] set_robust_list(0x7f30bb7439a0, 24 [pid 6027] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6029] <... set_robust_list resumed>) = 0 [pid 6029] rt_sigprocmask(SIG_SETMASK, [], [pid 6027] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6029] mkdir(".", 0777 [pid 6027] <... futex resumed>) = 0 [pid 6029] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 6027] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6029] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 6029] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6029] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6027] <... futex resumed>) = 0 [pid 6028] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 6028] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6028] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6027] exit_group(0 [pid 6028] <... futex resumed>) = ? [pid 6027] <... exit_group resumed>) = ? [pid 6029] <... futex resumed>) = ? [pid 6029] +++ exited with 0 +++ [pid 6028] +++ exited with 0 +++ [pid 6027] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6027, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 144.661938][ T6028] ERROR: (device loop0): txCommit: [ 144.661938][ T6028] [ 144.671168][ T6028] blkno = 8f7c0, nblocks = 1 [ 144.675787][ T6028] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 144.675787][ T6028] [ 144.686173][ T6028] ERROR: (device loop0): remounting filesystem as read-only [ 144.694300][ T6028] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 144.694300][ T6028] [ 144.703560][ T6028] ialloc: diAlloc returned -5! umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 144.816874][ T5824] syz-executor188: attempt to access beyond end of device [ 144.816874][ T5824] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 144.831099][ T5824] metapage_write_end_io: I/O error umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file1") = 0 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6030 attached , child_tidptr=0x5555562da690) = 6030 [pid 6030] set_robust_list(0x5555562da6a0, 24) = 0 [pid 6030] chdir("./64") = 0 [pid 6030] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6030] setpgid(0, 0) = 0 [pid 6030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6030] write(3, "1000", 4) = 4 [pid 6030] close(3) = 0 [pid 6030] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6030] write(1, "executing program\n", 18) = 18 [pid 6030] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6030] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 6030] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 6030] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6030] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6030] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 6031 attached [pid 6031] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053) = 0 [pid 6030] <... clone3 resumed> => {parent_tid=[6031]}, 88) = 6031 [pid 6031] set_robust_list(0x7f30bb7649a0, 24 [pid 6030] rt_sigprocmask(SIG_SETMASK, [], [pid 6031] <... set_robust_list resumed>) = 0 [pid 6030] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6031] rt_sigprocmask(SIG_SETMASK, [], [pid 6030] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6031] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6030] <... futex resumed>) = 0 [pid 6030] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6031] memfd_create("syzkaller", 0) = 3 [pid 6031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 6031] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6031] munmap(0x7f30b3200000, 138412032) = 0 [pid 6031] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6031] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6031] close(3) = 0 [pid 6031] close(4) = 0 [pid 6031] mkdir("./file1", 0777) = 0 [pid 6031] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 6031] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6031] chdir("./file1") = 0 [pid 6031] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6031] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6030] <... futex resumed>) = 0 [pid 6031] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6030] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6031] <... futex resumed>) = 0 [pid 6030] <... futex resumed>) = 1 [ 145.348634][ T6031] loop0: detected capacity change from 0 to 32768 [pid 6031] mkdirat(AT_FDCWD, "./bus", 000 [ 145.408890][ T6031] metapage_write_end_io: I/O error [ 145.414793][ T6031] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 145.414793][ T6031] [ 145.427842][ T6031] ERROR: (device loop0): remounting filesystem as read-only [ 145.435383][ T6031] ERROR: (device loop0): diWrite: ixpxd invalid [ 145.435383][ T6031] [ 145.443861][ T6031] ERROR: (device loop0): txCommit: [ 145.443861][ T6031] [ 145.452400][ T6031] blkno = 8f7c0, nblocks = 1 [pid 6030] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6030] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 6030] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE [pid 6031] <... mkdirat resumed>) = -1 EIO (Input/output error) [pid 6030] <... mprotect resumed>) = 0 [pid 6031] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6031] futex(0x7f30bb83d6a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6030] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6030] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 6032 attached [pid 6032] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053) = 0 [pid 6030] <... clone3 resumed> => {parent_tid=[6032]}, 88) = 6032 [pid 6032] set_robust_list(0x7f30bb7439a0, 24) = 0 [pid 6032] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6032] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6030] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6030] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... futex resumed>) = 0 [pid 6030] <... futex resumed>) = 1 [pid 6032] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6030] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6032] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 6032] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6030] <... futex resumed>) = 0 [pid 6032] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6030] exit_group(0 [pid 6032] <... futex resumed>) = ? [pid 6032] +++ exited with 0 +++ [pid 6031] <... futex resumed>) = ? [pid 6030] <... exit_group resumed>) = ? [pid 6031] +++ exited with 0 +++ [ 145.457014][ T6031] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map [ 145.457014][ T6031] [ 145.467670][ T6031] ERROR: (device loop0): dbAllocNext: Corrupt dmap page [ 145.467670][ T6031] [ 145.476906][ T6031] ialloc: diAlloc returned -5! [pid 6030] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6030, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555562db730 /* 4 entries */, 32768) = 112 umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 145.597061][ T12] metapage_write_end_io: I/O error umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555562e3770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555562e3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file1") = 0 umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 getdents64(3, 0x5555562db730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6033 attached , child_tidptr=0x5555562da690) = 6033 [pid 6033] set_robust_list(0x5555562da6a0, 24) = 0 [pid 6033] chdir("./65") = 0 [pid 6033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6033] setpgid(0, 0) = 0 [pid 6033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6033] write(3, "1000", 4) = 4 [pid 6033] close(3) = 0 [pid 6033] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6033] write(1, "executing program\n", 18executing program ) = 18 [pid 6033] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6033] rt_sigaction(SIGRT_1, {sa_handler=0x7f30bb7d5ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f30bb7c71a0}, NULL, 8) = 0 [pid 6033] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb744000 [pid 6033] mprotect(0x7f30bb745000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6033] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb764990, parent_tid=0x7f30bb764990, exit_signal=0, stack=0x7f30bb744000, stack_size=0x20300, tls=0x7f30bb7646c0}./strace-static-x86_64: Process 6034 attached [pid 6034] rseq(0x7f30bb764fe0, 0x20, 0, 0x53053053 [pid 6033] <... clone3 resumed> => {parent_tid=[6034]}, 88) = 6034 [pid 6034] <... rseq resumed>) = 0 [pid 6033] rt_sigprocmask(SIG_SETMASK, [], [pid 6034] set_robust_list(0x7f30bb7649a0, 24 [pid 6033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6034] <... set_robust_list resumed>) = 0 [pid 6033] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6034] rt_sigprocmask(SIG_SETMASK, [], [pid 6033] <... futex resumed>) = 0 [pid 6034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6033] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6034] memfd_create("syzkaller", 0) = 3 [pid 6034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f30b3200000 [pid 6034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6034] munmap(0x7f30b3200000, 138412032) = 0 [pid 6034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6034] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6034] close(3) = 0 [pid 6034] close(4) = 0 [pid 6034] mkdir("./file1", 0777) = 0 [pid 6034] mount("/dev/loop0", "./file1", "jfs", MS_NODEV|MS_DIRSYNC, "") = 0 [pid 6034] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6034] chdir("./file1") = 0 [pid 6034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6034] futex(0x7f30bb83d6ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6033] <... futex resumed>) = 0 [pid 6034] mkdirat(AT_FDCWD, "./bus", 000 [pid 6033] futex(0x7f30bb83d6a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 146.229174][ T6034] loop0: detected capacity change from 0 to 32768 [ 146.284818][ T6034] bio_check_eod: 2 callbacks suppressed [ 146.284837][ T6034] syz-executor188: attempt to access beyond end of device [ 146.284837][ T6034] loop0: rw=1, sector=4701696, nr_sectors = 8 limit=32768 [ 146.306595][ T6034] metapage_write_end_io: I/O error [ 146.313118][ T6034] ERROR: (device loop0): release_metapage: metapage_write_one() failed [ 146.313118][ T6034] [ 146.324435][ T6034] ERROR: (device loop0): remounting filesystem as read-only [pid 6033] futex(0x7f30bb83d6ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6033] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f30bb723000 [pid 6033] mprotect(0x7f30bb724000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6033] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f30bb743990, parent_tid=0x7f30bb743990, exit_signal=0, stack=0x7f30bb723000, stack_size=0x20300, tls=0x7f30bb7436c0}./strace-static-x86_64: Process 6035 attached => {parent_tid=[6035]}, 88) = 6035 [pid 6033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6033] futex(0x7f30bb83d6b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6035] rseq(0x7f30bb743fe0, 0x20, 0, 0x53053053 [pid 6033] futex(0x7f30bb83d6bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6035] <... rseq resumed>) = 0 [pid 6035] set_robust_list(0x7f30bb7439a0, 24) = 0 [pid 6035] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6035] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 6035] mount(NULL, ".", 0x200000000f40, MS_NOEXEC|MS_SYNCHRONOUS|MS_REMOUNT|MS_NOATIME|MS_SILENT|MS_POSIXACL|MS_PRIVATE|MS_RELATIME|MS_STRICTATIME, "") = -1 EINVAL (Invalid argument) [pid 6035] futex(0x7f30bb83d6bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6035] futex(0x7f30bb83d6b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6033] <... futex resumed>) = 0 [ 146.333739][ T6034] ERROR: (device loop0): diWrite: ixpxd invalid [ 146.333739][ T6034] [ 146.349410][ T6034] ERROR: (device loop0): txCommit: [ 146.349410][ T6034] [ 146.359727][ T6034] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 146.371654][ T6034] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 146.380073][ T6034] CPU: 0 UID: 0 PID: 6034 Comm: syz-executor188 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 146.392491][ T6034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 146.402542][ T6034] RIP: 0010:metapage_write_folio+0xa8/0xca0 [ 146.408438][ T6034] Code: e8 8d 7f 82 fe 4d 8d 74 24 18 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 82 d7 e3 fe 4d 8b 36 4c 89 f0 48 c1 e8 03 <42> 80 3c 38 00 74 08 4c 89 f7 e8 69 d7 e3 fe 49 8b 1e 4d 8d 74 24 [ 146.428040][ T6034] RSP: 0018:ffffc900046cf240 EFLAGS: 00010246 [ 146.434109][ T6034] RAX: 0000000000000000 RBX: 1ffffd400014df56 RCX: ffff88801e7b5a00 [ 146.442078][ T6034] RDX: 0000000000000000 RSI: ffffc900046cf3a0 RDI: ffffea0000a6fa80 [ 146.450043][ T6034] RBP: ffffc900046cf350 R08: ffffea0000a6fab7 R09: 1ffffd400014df56 [ 146.458012][ T6034] R10: dffffc0000000000 R11: fffff9400014df57 R12: ffffea0000a6fa80 [ 146.465994][ T6034] R13: 0000000000000083 R14: 0000000000000000 R15: dffffc0000000000 [ 146.473982][ T6034] FS: 00007f30bb7646c0(0000) GS:ffff888125c83000(0000) knlGS:0000000000000000 [ 146.482916][ T6034] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 146.489496][ T6034] CR2: 00007f30bb743d58 CR3: 0000000022bd6000 CR4: 00000000003526f0 [ 146.497473][ T6034] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 146.505459][ T6034] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 146.513429][ T6034] Call Trace: [ 146.516704][ T6034] [ 146.519631][ T6034] ? folio_clear_dirty_for_io+0x1cc/0x8c0 [ 146.525355][ T6034] ? __pfx_metapage_write_folio+0x10/0x10 [ 146.531070][ T6034] ? __lock_acquire+0xab9/0xd20 [ 146.535931][ T6034] ? folio_wait_writeback+0xd1/0x100 [ 146.541227][ T6034] metapage_write_one+0x244/0x440 [ 146.546257][ T6034] ? __pfx_metapage_write_one+0x10/0x10 [ 146.551834][ T6034] ? folio_mapping+0x16f/0x240 [ 146.556598][ T6034] force_metapage+0x1a7/0x360 [ 146.561269][ T6034] txCommit+0x4c05/0x5430 [ 146.565605][ T6034] ? __pfx_txCommit+0x10/0x10 [ 146.570281][ T6034] ? do_raw_spin_unlock+0x122/0x240 [ 146.575477][ T6034] duplicateIXtree+0x292/0x490 [ 146.580242][ T6034] ? __pfx_duplicateIXtree+0x10/0x10 [ 146.585535][ T6034] ? __wake_up_common_lock+0x190/0x1f0 [ 146.591001][ T6034] diAllocAG+0x17a7/0x1df0 [ 146.595416][ T6034] ? __pfx_diAllocAG+0x10/0x10 [ 146.600174][ T6034] ? dbNextAG+0x52e/0x640 [ 146.604501][ T6034] ? do_raw_spin_lock+0x121/0x290 [ 146.609536][ T6034] diAlloc+0x1d5/0x1680 [ 146.613706][ T6034] ? do_raw_spin_unlock+0x122/0x240 [ 146.618913][ T6034] ? new_inode+0x150/0x170 [ 146.623368][ T6034] ialloc+0x8c/0x8f0 [ 146.627275][ T6034] jfs_mkdir+0x193/0xa70 [ 146.631531][ T6034] ? __pfx_smack_log+0x10/0x10 [ 146.636315][ T6034] ? smk_access+0x14c/0x4e0 [ 146.640817][ T6034] ? __pfx_jfs_mkdir+0x10/0x10 [ 146.645582][ T6034] ? generic_permission+0x2e5/0x690 [ 146.650793][ T6034] ? bpf_lsm_inode_mkdir+0x9/0x20 [ 146.655835][ T6034] vfs_mkdir+0x306/0x510 [ 146.660084][ T6034] do_mkdirat+0x247/0x590 [ 146.664414][ T6034] ? __pfx_do_mkdirat+0x10/0x10 [ 146.669262][ T6034] ? getname_flags+0x1e5/0x540 [ 146.674028][ T6034] __x64_sys_mkdirat+0x87/0xa0 [ 146.678799][ T6034] do_syscall_64+0xfa/0x3b0 [ 146.683316][ T6034] ? lockdep_hardirqs_on+0x9c/0x150 [ 146.688512][ T6034] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.694571][ T6034] ? clear_bhb_loop+0x60/0xb0 [ 146.699252][ T6034] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.705138][ T6034] RIP: 0033:0x7f30bb7afbd9 [ 146.709545][ T6034] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 146.729146][ T6034] RSP: 002b:00007f30bb764218 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 146.737555][ T6034] RAX: ffffffffffffffda RBX: 00007f30bb83d6a8 RCX: 00007f30bb7afbd9 [ 146.745525][ T6034] RDX: 0000000000000000 RSI: 0000200000000840 RDI: 00000000ffffff9c [ 146.753488][ T6034] RBP: 00007f30bb83d6a0 R08: 0000000000000000 R09: 0000000000000000 [ 146.761452][ T6034] R10: 0000000000000073 R11: 0000000000000246 R12: 0000200000000000 [ 146.769420][ T6034] R13: 00002000000000c0 R14: 0000200000000f40 R15: 0000200000000840 [ 146.777390][ T6034] [ 146.780405][ T6034] Modules linked in: [ 146.784449][ T6034] ---[ end trace 0000000000000000 ]--- [ 146.790011][ T6034] RIP: 0010:metapage_write_folio+0xa8/0xca0 [ 146.796013][ T6034] Code: e8 8d 7f 82 fe 4d 8d 74 24 18 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 82 d7 e3 fe 4d 8b 36 4c 89 f0 48 c1 e8 03 <42> 80 3c 38 00 74 08 4c 89 f7 e8 69 d7 e3 fe 49 8b 1e 4d 8d 74 24 [ 146.815762][ T6034] RSP: 0018:ffffc900046cf240 EFLAGS: 00010246 [ 146.822098][ T6034] RAX: 0000000000000000 RBX: 1ffffd400014df56 RCX: ffff88801e7b5a00 [ 146.830230][ T6034] RDX: 0000000000000000 RSI: ffffc900046cf3a0 RDI: ffffea0000a6fa80 [ 146.838277][ T6034] RBP: ffffc900046cf350 R08: ffffea0000a6fab7 R09: 1ffffd400014df56 [ 146.846343][ T6034] R10: dffffc0000000000 R11: fffff9400014df57 R12: ffffea0000a6fa80 [ 146.854384][ T6034] R13: 0000000000000083 R14: 0000000000000000 R15: dffffc0000000000 [ 146.862486][ T6034] FS: 00007f30bb7646c0(0000) GS:ffff888125c83000(0000) knlGS:0000000000000000 [ 146.871473][ T6034] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 146.878058][ T6034] CR2: 00007f30bb743d58 CR3: 0000000022bd6000 CR4: 00000000003526f0 [ 146.886086][ T6034] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 146.894107][ T6034] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 146.902134][ T6034] Kernel panic - not syncing: Fatal exception [ 146.908480][ T6034] Kernel Offset: disabled [ 146.912800][ T6034] Rebooting in 86400 seconds..