./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1057598979 <...> Warning: Permanently added '10.128.0.206' (ED25519) to the list of known hosts. execve("./syz-executor1057598979", ["./syz-executor1057598979"], 0x7ffc9e7c9490 /* 10 vars */) = 0 brk(NULL) = 0x5555568c8000 brk(0x5555568c8d40) = 0x5555568c8d40 arch_prctl(ARCH_SET_FS, 0x5555568c83c0) = 0 set_tid_address(0x5555568c8690) = 5021 set_robust_list(0x5555568c86a0, 24) = 0 rseq(0x5555568c8ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1057598979", 4096) = 28 getrandom("\xb4\xee\xbf\xfd\xca\xd2\x3b\xbb", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555568c8d40 brk(0x5555568e9d40) = 0x5555568e9d40 brk(0x5555568ea000) = 0x5555568ea000 mprotect(0x7f0e78128000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568c8690) = 5022 ./strace-static-x86_64: Process 5022 attached [pid 5022] set_robust_list(0x5555568c86a0, 24) = 0 [pid 5021] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5022] mkdir("./syzkaller.nOu3Y0", 0700./strace-static-x86_64: Process 5023 attached [pid 5021] <... clone resumed>, child_tidptr=0x5555568c8690) = 5023 [pid 5021] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5023] set_robust_list(0x5555568c86a0, 24./strace-static-x86_64: Process 5024 attached ) = 0 [pid 5021] <... clone resumed>, child_tidptr=0x5555568c8690) = 5024 [pid 5022] <... mkdir resumed>) = 0 [pid 5021] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5022] chmod("./syzkaller.nOu3Y0", 0777) = 0 [pid 5022] chdir("./syzkaller.nOu3Y0") = 0 [pid 5022] mkdir("./0", 0777 [pid 5021] <... clone resumed>, child_tidptr=0x5555568c8690) = 5025 [pid 5023] mkdir("./syzkaller.CfTDAt", 0700 [pid 5021] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5022] <... mkdir resumed>) = 0 [pid 5022] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5023] <... mkdir resumed>) = 0 [pid 5022] <... openat resumed>) = 3 [pid 5022] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5022] close(3) = 0 [pid 5022] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5025 attached [pid 5025] set_robust_list(0x5555568c86a0, 24 [pid 5022] <... clone resumed>, child_tidptr=0x5555568c8690) = 5027 [pid 5025] <... set_robust_list resumed>) = 0 [pid 5025] mkdir("./syzkaller.OO4Ccm", 0700) = 0 [pid 5025] chmod("./syzkaller.OO4Ccm", 0777) = 0 ./strace-static-x86_64: Process 5026 attached [pid 5026] set_robust_list(0x5555568c86a0, 24) = 0 [pid 5026] mkdir("./syzkaller.XTKvrq", 0700) = 0 [pid 5025] chdir("./syzkaller.OO4Ccm") = 0 [pid 5025] mkdir("./0", 0777 [pid 5021] <... clone resumed>, child_tidptr=0x5555568c8690) = 5026 [pid 5024] set_robust_list(0x5555568c86a0, 24 [pid 5023] chmod("./syzkaller.CfTDAt", 0777 [pid 5021] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5024] <... set_robust_list resumed>) = 0 [pid 5023] <... chmod resumed>) = 0 [pid 5023] chdir("./syzkaller.CfTDAt" [pid 5021] <... clone resumed>, child_tidptr=0x5555568c8690) = 5028 [pid 5023] <... chdir resumed>) = 0 [pid 5023] mkdir("./0", 0777) = 0 [pid 5024] mkdir("./syzkaller.wIlmwg", 0700 [pid 5023] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5026] chmod("./syzkaller.XTKvrq", 0777 [pid 5023] <... openat resumed>) = 3 [pid 5024] <... mkdir resumed>) = 0 [pid 5023] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5024] chmod("./syzkaller.wIlmwg", 0777./strace-static-x86_64: Process 5027 attached [pid 5023] close(3) = 0 [pid 5027] set_robust_list(0x5555568c86a0, 24 [pid 5024] <... chmod resumed>) = 0 [pid 5023] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5026] <... chmod resumed>) = 0 [pid 5024] chdir("./syzkaller.wIlmwg" [pid 5027] <... set_robust_list resumed>) = 0 [pid 5023] <... clone resumed>, child_tidptr=0x5555568c8690) = 5029 [pid 5024] <... chdir resumed>) = 0 [pid 5027] chdir("./0" [pid 5024] mkdir("./0", 0777 [pid 5027] <... chdir resumed>) = 0 [pid 5027] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5024] <... mkdir resumed>) = 0 [pid 5026] chdir("./syzkaller.XTKvrq" [pid 5024] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5027] <... prctl resumed>) = 0 [pid 5026] <... chdir resumed>) = 0 [pid 5024] <... openat resumed>) = 3 [pid 5027] setpgid(0, 0 [pid 5025] <... mkdir resumed>) = 0 [pid 5024] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5028 attached [pid 5027] <... setpgid resumed>) = 0 [pid 5024] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5024] close(3 [pid 5027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5024] <... close resumed>) = 0 [pid 5028] set_robust_list(0x5555568c86a0, 24 [pid 5027] <... openat resumed>) = 3 [pid 5024] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5025] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5028] <... set_robust_list resumed>) = 0 [pid 5027] write(3, "1000", 4 [pid 5025] <... openat resumed>) = 3 [pid 5027] <... write resumed>) = 4 [pid 5026] mkdir("./0", 0777 [pid 5024] <... clone resumed>, child_tidptr=0x5555568c8690) = 5031 [pid 5028] mkdir("./syzkaller.mRB8VS", 0700 [pid 5027] close(3 [pid 5026] <... mkdir resumed>) = 0 [pid 5025] ioctl(3, LOOP_CLR_FD [pid 5027] <... close resumed>) = 0 [pid 5026] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5025] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5028] <... mkdir resumed>) = 0 [pid 5027] symlink("/dev/binderfs", "./binderfs" [pid 5026] <... openat resumed>) = 3 [pid 5025] close(3 [pid 5026] ioctl(3, LOOP_CLR_FD [pid 5025] <... close resumed>) = 0 [pid 5028] chmod("./syzkaller.mRB8VS", 0777 [pid 5027] <... symlink resumed>) = 0 ./strace-static-x86_64: Process 5029 attached [pid 5028] <... chmod resumed>) = 0 [pid 5027] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5025] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5031 attached [pid 5029] set_robust_list(0x5555568c86a0, 24 [pid 5028] chdir("./syzkaller.mRB8VS" [pid 5027] <... futex resumed>) = 0 [pid 5026] close(3 [pid 5028] <... chdir resumed>) = 0 [pid 5027] rt_sigaction(SIGRT_1, {sa_handler=0x7f0e780cc160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0e780bd310}, [pid 5028] mkdir("./0", 0777 [pid 5027] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5027] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5026] <... close resumed>) = 0 [pid 5031] set_robust_list(0x5555568c86a0, 24 [pid 5029] <... set_robust_list resumed>) = 0 [pid 5028] <... mkdir resumed>) = 0 [pid 5027] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5026] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5025] <... clone resumed>, child_tidptr=0x5555568c8690) = 5032 ./strace-static-x86_64: Process 5032 attached [pid 5031] <... set_robust_list resumed>) = 0 [pid 5029] chdir("./0" [pid 5028] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5032] set_robust_list(0x5555568c86a0, 24 [pid 5031] chdir("./0" [pid 5029] <... chdir resumed>) = 0 [pid 5026] <... clone resumed>, child_tidptr=0x5555568c8690) = 5033 [pid 5032] <... set_robust_list resumed>) = 0 [pid 5031] <... chdir resumed>) = 0 [pid 5029] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5028] <... openat resumed>) = 3 [pid 5027] <... mmap resumed>) = 0x7f0e78042000 ./strace-static-x86_64: Process 5033 attached [pid 5032] chdir("./0" [pid 5031] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5029] <... prctl resumed>) = 0 [pid 5028] ioctl(3, LOOP_CLR_FD [pid 5027] mprotect(0x7f0e78043000, 131072, PROT_READ|PROT_WRITE [pid 5033] set_robust_list(0x5555568c86a0, 24 [pid 5032] <... chdir resumed>) = 0 [pid 5031] <... prctl resumed>) = 0 [pid 5029] setpgid(0, 0 [pid 5028] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5027] <... mprotect resumed>) = 0 [pid 5033] <... set_robust_list resumed>) = 0 [pid 5032] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5031] setpgid(0, 0 [pid 5029] <... setpgid resumed>) = 0 [pid 5028] close(3 [pid 5027] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5033] chdir("./0" [pid 5032] <... prctl resumed>) = 0 [pid 5031] <... setpgid resumed>) = 0 [pid 5029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5028] <... close resumed>) = 0 [pid 5027] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5033] <... chdir resumed>) = 0 [pid 5032] setpgid(0, 0 [pid 5031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5029] <... openat resumed>) = 3 [pid 5028] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5027] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e78062990, parent_tid=0x7f0e78062990, exit_signal=0, stack=0x7f0e78042000, stack_size=0x20300, tls=0x7f0e780626c0} [pid 5033] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5032] <... setpgid resumed>) = 0 [pid 5031] <... openat resumed>) = 3 [pid 5029] write(3, "1000", 4 [pid 5033] <... prctl resumed>) = 0 [pid 5032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5031] write(3, "1000", 4 [pid 5029] <... write resumed>) = 4 ./strace-static-x86_64: Process 5035 attached ./strace-static-x86_64: Process 5034 attached [pid 5033] setpgid(0, 0 [pid 5032] <... openat resumed>) = 3 [pid 5031] <... write resumed>) = 4 [pid 5029] close(3 [pid 5028] <... clone resumed>, child_tidptr=0x5555568c8690) = 5034 [pid 5027] <... clone3 resumed> => {parent_tid=[5035]}, 88) = 5035 [pid 5035] rseq(0x7f0e78062fe0, 0x20, 0, 0x53053053 [pid 5034] set_robust_list(0x5555568c86a0, 24 [pid 5033] <... setpgid resumed>) = 0 [pid 5032] write(3, "1000", 4 [pid 5031] close(3 [pid 5029] <... close resumed>) = 0 [pid 5027] rt_sigprocmask(SIG_SETMASK, [], [pid 5035] <... rseq resumed>) = 0 [pid 5034] <... set_robust_list resumed>) = 0 [pid 5033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5032] <... write resumed>) = 4 [pid 5031] <... close resumed>) = 0 [pid 5029] symlink("/dev/binderfs", "./binderfs" [pid 5027] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5035] set_robust_list(0x7f0e780629a0, 24 [pid 5034] chdir("./0" [pid 5033] <... openat resumed>) = 3 [pid 5032] close(3 [pid 5031] symlink("/dev/binderfs", "./binderfs" [pid 5029] <... symlink resumed>) = 0 [pid 5027] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... set_robust_list resumed>) = 0 [pid 5034] <... chdir resumed>) = 0 [pid 5033] write(3, "1000", 4 [pid 5032] <... close resumed>) = 0 [pid 5031] <... symlink resumed>) = 0 [pid 5029] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] symlink("/dev/binderfs", "./binderfs" [pid 5031] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... futex resumed>) = 0 [pid 5032] <... symlink resumed>) = 0 [pid 5031] <... futex resumed>) = 0 [pid 5029] rt_sigaction(SIGRT_1, {sa_handler=0x7f0e780cc160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0e780bd310}, [pid 5027] <... futex resumed>) = 0 [pid 5035] rt_sigprocmask(SIG_SETMASK, [], [pid 5034] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5033] <... write resumed>) = 4 [pid 5032] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] rt_sigaction(SIGRT_1, {sa_handler=0x7f0e780cc160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0e780bd310}, [pid 5029] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5027] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5035] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5034] <... prctl resumed>) = 0 [pid 5033] close(3 [pid 5032] <... futex resumed>) = 0 [pid 5031] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5029] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5035] memfd_create("syzkaller", 0 [pid 5034] setpgid(0, 0 [pid 5033] <... close resumed>) = 0 [pid 5032] rt_sigaction(SIGRT_1, {sa_handler=0x7f0e780cc160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0e780bd310}, [pid 5031] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5034] <... setpgid resumed>) = 0 [pid 5032] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5031] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5032] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5029] <... mmap resumed>) = 0x7f0e78042000 [pid 5032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5031] <... mmap resumed>) = 0x7f0e78042000 [pid 5029] mprotect(0x7f0e78043000, 131072, PROT_READ|PROT_WRITE [pid 5032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5031] mprotect(0x7f0e78043000, 131072, PROT_READ|PROT_WRITE [pid 5029] <... mprotect resumed>) = 0 [pid 5032] <... mmap resumed>) = 0x7f0e78042000 [pid 5031] <... mprotect resumed>) = 0 [pid 5029] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5032] mprotect(0x7f0e78043000, 131072, PROT_READ|PROT_WRITE [pid 5031] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5029] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5033] symlink("/dev/binderfs", "./binderfs" [pid 5032] <... mprotect resumed>) = 0 [pid 5031] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e78062990, parent_tid=0x7f0e78062990, exit_signal=0, stack=0x7f0e78042000, stack_size=0x20300, tls=0x7f0e780626c0} [pid 5034] <... openat resumed>) = 3 [pid 5033] <... symlink resumed>) = 0 [pid 5032] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5031] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e78062990, parent_tid=0x7f0e78062990, exit_signal=0, stack=0x7f0e78042000, stack_size=0x20300, tls=0x7f0e780626c0} [pid 5034] write(3, "1000", 4 [pid 5033] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5029] <... clone3 resumed> => {parent_tid=[5036]}, 88) = 5036 [pid 5034] <... write resumed>) = 4 [pid 5033] <... futex resumed>) = 0 [pid 5032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e78062990, parent_tid=0x7f0e78062990, exit_signal=0, stack=0x7f0e78042000, stack_size=0x20300, tls=0x7f0e780626c0} [pid 5031] <... clone3 resumed> => {parent_tid=[5037]}, 88) = 5037 [pid 5029] rt_sigprocmask(SIG_SETMASK, [], [pid 5035] <... memfd_create resumed>) = 3 [pid 5034] close(3 [pid 5033] rt_sigaction(SIGRT_1, {sa_handler=0x7f0e780cc160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0e780bd310}, [pid 5031] rt_sigprocmask(SIG_SETMASK, [], [pid 5029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5034] <... close resumed>) = 0 [pid 5033] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5032] <... clone3 resumed> => {parent_tid=[5038]}, 88) = 5038 [pid 5031] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5029] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5037 attached ./strace-static-x86_64: Process 5036 attached [pid 5035] <... mmap resumed>) = 0x7f0e6fc42000 [pid 5034] symlink("/dev/binderfs", "./binderfs" [pid 5033] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5032] rt_sigprocmask(SIG_SETMASK, [], [pid 5031] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5038 attached [pid 5037] rseq(0x7f0e78062fe0, 0x20, 0, 0x53053053 [pid 5036] rseq(0x7f0e78062fe0, 0x20, 0, 0x53053053 [pid 5034] <... symlink resumed>) = 0 [pid 5033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5031] <... futex resumed>) = 0 [pid 5029] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5038] rseq(0x7f0e78062fe0, 0x20, 0, 0x53053053 [pid 5037] <... rseq resumed>) = 0 [pid 5036] <... rseq resumed>) = 0 [pid 5034] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5032] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5038] <... rseq resumed>) = 0 [pid 5037] set_robust_list(0x7f0e780629a0, 24 [pid 5036] set_robust_list(0x7f0e780629a0, 24 [pid 5034] <... futex resumed>) = 0 [pid 5033] <... mmap resumed>) = 0x7f0e78042000 [pid 5032] <... futex resumed>) = 0 [pid 5038] set_robust_list(0x7f0e780629a0, 24 [pid 5037] <... set_robust_list resumed>) = 0 [pid 5036] <... set_robust_list resumed>) = 0 [pid 5034] rt_sigaction(SIGRT_1, {sa_handler=0x7f0e780cc160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0e780bd310}, [pid 5033] mprotect(0x7f0e78043000, 131072, PROT_READ|PROT_WRITE [pid 5032] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5038] <... set_robust_list resumed>) = 0 [pid 5037] rt_sigprocmask(SIG_SETMASK, [], [pid 5036] rt_sigprocmask(SIG_SETMASK, [], [pid 5034] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5033] <... mprotect resumed>) = 0 [pid 5038] rt_sigprocmask(SIG_SETMASK, [], [pid 5037] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5036] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5034] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5033] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5038] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5037] memfd_create("syzkaller", 0 [pid 5036] memfd_create("syzkaller", 0 [pid 5034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5033] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5038] memfd_create("syzkaller", 0 [pid 5037] <... memfd_create resumed>) = 3 [pid 5036] <... memfd_create resumed>) = 3 [pid 5034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e78062990, parent_tid=0x7f0e78062990, exit_signal=0, stack=0x7f0e78042000, stack_size=0x20300, tls=0x7f0e780626c0} [pid 5038] <... memfd_create resumed>) = 3 [pid 5037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5034] <... mmap resumed>) = 0x7f0e78042000 [pid 5038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5037] <... mmap resumed>) = 0x7f0e6fc42000 [pid 5036] <... mmap resumed>) = 0x7f0e6fc42000 [pid 5034] mprotect(0x7f0e78043000, 131072, PROT_READ|PROT_WRITE [pid 5033] <... clone3 resumed> => {parent_tid=[5039]}, 88) = 5039 [ 44.697613][ T5035] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5035 'syz-executor105' [pid 5038] <... mmap resumed>) = 0x7f0e6fc42000 [pid 5035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5034] <... mprotect resumed>) = 0 [pid 5033] rt_sigprocmask(SIG_SETMASK, [], [pid 5034] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5033] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 5039 attached [pid 5034] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5033] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] rseq(0x7f0e78062fe0, 0x20, 0, 0x53053053 [pid 5038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e78062990, parent_tid=0x7f0e78062990, exit_signal=0, stack=0x7f0e78042000, stack_size=0x20300, tls=0x7f0e780626c0} [pid 5033] <... futex resumed>) = 0 [pid 5039] <... rseq resumed>) = 0 [pid 5037] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5036] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5035] <... write resumed>) = 2097152 [pid 5033] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5039] set_robust_list(0x7f0e780629a0, 24 [pid 5037] <... write resumed>) = 2097152 [pid 5035] munmap(0x7f0e6fc42000, 2097152 [pid 5034] <... clone3 resumed> => {parent_tid=[5040]}, 88) = 5040 [pid 5039] <... set_robust_list resumed>) = 0 [pid 5034] rt_sigprocmask(SIG_SETMASK, [], [pid 5039] rt_sigprocmask(SIG_SETMASK, [], [pid 5034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5034] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] memfd_create("syzkaller", 0 [pid 5034] <... futex resumed>) = 0 [pid 5039] <... memfd_create resumed>) = 3 [pid 5034] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e6fc42000 [pid 5037] munmap(0x7f0e6fc42000, 2097152 [pid 5036] <... write resumed>) = 2097152 [pid 5036] munmap(0x7f0e6fc42000, 2097152 [pid 5037] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 5040 attached [pid 5035] <... munmap resumed>) = 0 [pid 5037] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5040] rseq(0x7f0e78062fe0, 0x20, 0, 0x53053053 [pid 5037] <... openat resumed>) = 4 [pid 5036] <... munmap resumed>) = 0 [pid 5035] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5037] ioctl(4, LOOP_SET_FD, 3 [pid 5040] <... rseq resumed>) = 0 [pid 5038] <... write resumed>) = 2097152 [pid 5036] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5035] <... openat resumed>) = 4 [pid 5040] set_robust_list(0x7f0e780629a0, 24 [pid 5036] <... openat resumed>) = 4 [pid 5035] ioctl(4, LOOP_SET_FD, 3 [pid 5040] <... set_robust_list resumed>) = 0 [pid 5036] ioctl(4, LOOP_SET_FD, 3 [pid 5040] rt_sigprocmask(SIG_SETMASK, [], [pid 5039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5038] munmap(0x7f0e6fc42000, 2097152 [pid 5037] <... ioctl resumed>) = 0 [pid 5035] <... ioctl resumed>) = 0 [pid 5040] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5039] <... write resumed>) = 2097152 [pid 5036] <... ioctl resumed>) = 0 [pid 5036] close(3) = 0 [pid 5036] mkdir("./file1", 0777 [pid 5040] memfd_create("syzkaller", 0 [pid 5038] <... munmap resumed>) = 0 [pid 5036] <... mkdir resumed>) = 0 [pid 5035] close(3 [pid 5040] <... memfd_create resumed>) = 3 [pid 5038] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5036] mount("/dev/loop1", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5035] <... close resumed>) = 0 [pid 5040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5038] <... openat resumed>) = 4 [pid 5037] close(3 [pid 5035] mkdir("./file1", 0777 [pid 5040] <... mmap resumed>) = 0x7f0e6fc42000 [ 44.815822][ T5037] loop2: detected capacity change from 0 to 4096 [ 44.824619][ T5035] loop0: detected capacity change from 0 to 4096 [ 44.824878][ T5036] loop1: detected capacity change from 0 to 4096 [ 44.846815][ T5036] ======================================================= [ 44.846815][ T5036] WARNING: The mand mount option has been deprecated and [pid 5038] ioctl(4, LOOP_SET_FD, 3 [pid 5037] <... close resumed>) = 0 [pid 5040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5039] munmap(0x7f0e6fc42000, 2097152 [pid 5035] <... mkdir resumed>) = 0 [pid 5039] <... munmap resumed>) = 0 [pid 5035] mount("/dev/loop0", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5039] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5039] ioctl(4, LOOP_SET_FD, 3 [pid 5037] mkdir("./file1", 0777 [pid 5039] <... ioctl resumed>) = 0 [pid 5039] close(3) = 0 [pid 5039] mkdir("./file1", 0777 [pid 5037] <... mkdir resumed>) = 0 [pid 5038] <... ioctl resumed>) = 0 [ 44.846815][ T5036] and is ignored by this kernel. Remove the mand [ 44.846815][ T5036] option from the mount to silence this warning. [ 44.846815][ T5036] ======================================================= [ 44.857013][ T5038] loop3: detected capacity change from 0 to 4096 [ 44.889212][ T5036] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 44.898790][ T5039] loop4: detected capacity change from 0 to 4096 [ 44.905617][ T5035] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [pid 5037] mount("/dev/loop2", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5039] <... mkdir resumed>) = 0 [pid 5039] mount("/dev/loop4", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5040] <... write resumed>) = 2097152 [pid 5038] close(3 [pid 5040] munmap(0x7f0e6fc42000, 2097152 [pid 5038] <... close resumed>) = 0 [pid 5040] <... munmap resumed>) = 0 [pid 5038] mkdir("./file1", 0777 [pid 5040] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5038] <... mkdir resumed>) = 0 [pid 5040] <... openat resumed>) = 4 [pid 5038] mount("/dev/loop3", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [ 44.919002][ T5036] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 4096) [ 44.921177][ T5039] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 44.939197][ T5037] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 44.939697][ T5039] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 4096) [ 44.958490][ T5040] loop5: detected capacity change from 0 to 4096 [pid 5040] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5039] <... mount resumed>) = 0 [pid 5040] close(3) = 0 [pid 5040] mkdir("./file1", 0777) = 0 [pid 5040] mount("/dev/loop5", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5039] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 44.965385][ T5035] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 4096) [ 44.965416][ T5038] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 44.977709][ T5041] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 44.995758][ T5037] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 4096) [ 45.007201][ T5040] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [pid 5039] chdir("./file1") = 0 [pid 5039] ioctl(4, LOOP_CLR_FD) = 0 [pid 5039] close(4) = 0 [pid 5036] <... mount resumed>) = 0 [pid 5036] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5036] chdir("./file1") = 0 [pid 5036] ioctl(4, LOOP_CLR_FD) = 0 [pid 5036] close(4) = 0 [pid 5036] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5029] <... futex resumed>) = 0 [pid 5036] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5029] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... mount resumed>) = 0 [ 45.012094][ T5038] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 4096) [ 45.020739][ T5042] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 45.044444][ T5040] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 4096) [ 45.052158][ T5043] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5040] <... mount resumed>) = 0 [pid 5039] <... futex resumed>) = 1 [pid 5038] <... mount resumed>) = 0 [pid 5037] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5035] <... mount resumed>) = 0 [pid 5033] <... futex resumed>) = 0 [pid 5035] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5033] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... openat resumed>) = 3 [pid 5033] <... futex resumed>) = 0 [pid 5035] chdir("./file1" [pid 5033] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... chdir resumed>) = 0 [pid 5035] ioctl(4, LOOP_CLR_FD) = 0 [pid 5035] close(4) = 0 [pid 5040] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5039] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5038] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5037] <... openat resumed>) = 3 [pid 5035] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5035] <... futex resumed>) = 1 [pid 5029] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... futex resumed>) = 0 [pid 5040] <... openat resumed>) = 3 [pid 5038] <... openat resumed>) = 3 [pid 5037] chdir("./file1" [pid 5035] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5029] <... futex resumed>) = 0 [pid 5027] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] chdir("./file1" [pid 5038] chdir("./file1" [pid 5037] <... chdir resumed>) = 0 [pid 5035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5027] <... futex resumed>) = 0 [pid 5040] <... chdir resumed>) = 0 [pid 5039] <... open resumed>) = 4 [pid 5038] <... chdir resumed>) = 0 [pid 5037] ioctl(4, LOOP_CLR_FD [pid 5036] <... open resumed>) = 4 [pid 5035] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5029] <... mmap resumed>) = 0x7f0e6fe21000 [pid 5027] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] ioctl(4, LOOP_CLR_FD [pid 5039] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] ioctl(4, LOOP_CLR_FD [pid 5037] <... ioctl resumed>) = 0 [pid 5036] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] mprotect(0x7f0e6fe22000, 131072, PROT_READ|PROT_WRITE [pid 5040] <... ioctl resumed>) = 0 [pid 5039] <... futex resumed>) = 1 [pid 5038] <... ioctl resumed>) = 0 [pid 5037] close(4 [pid 5036] <... futex resumed>) = 0 [pid 5035] <... open resumed>) = 4 [pid 5033] <... futex resumed>) = 0 [pid 5029] <... mprotect resumed>) = 0 [pid 5040] close(4 [pid 5039] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] close(4 [pid 5037] <... close resumed>) = 0 [pid 5036] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5035] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5040] <... close resumed>) = 0 [pid 5039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5038] <... close resumed>) = 0 [pid 5037] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... futex resumed>) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5029] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5027] <... futex resumed>) = 0 [pid 5040] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5038] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... futex resumed>) = 1 [pid 5035] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] <... futex resumed>) = 0 [pid 5029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe41990, parent_tid=0x7f0e6fe41990, exit_signal=0, stack=0x7f0e6fe21000, stack_size=0x20300, tls=0x7f0e6fe416c0} [pid 5027] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... futex resumed>) = 1 [pid 5039] <... open resumed>) = 5 [pid 5038] <... futex resumed>) = 1 [pid 5037] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5034] <... futex resumed>) = 0 [pid 5032] <... futex resumed>) = 0 [pid 5031] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5047 attached [pid 5040] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5035] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5034] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] <... futex resumed>) = 0 [pid 5029] <... clone3 resumed> => {parent_tid=[5047]}, 88) = 5047 [pid 5027] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] rseq(0x7f0e6fe41fe0, 0x20, 0, 0x53053053 [pid 5040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5039] <... futex resumed>) = 1 [pid 5038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5037] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5035] <... open resumed>) = 5 [pid 5034] <... futex resumed>) = 0 [pid 5033] <... futex resumed>) = 0 [pid 5032] <... futex resumed>) = 0 [pid 5031] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] rt_sigprocmask(SIG_SETMASK, [], [pid 5047] <... rseq resumed>) = 0 [pid 5040] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5039] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5037] <... open resumed>) = 4 [pid 5035] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5047] set_robust_list(0x7f0e6fe419a0, 24 [pid 5040] <... open resumed>) = 4 [pid 5039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5038] <... open resumed>) = 4 [pid 5037] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... futex resumed>) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5029] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... futex resumed>) = 0 [pid 5047] <... set_robust_list resumed>) = 0 [pid 5040] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] ftruncate(5, 33587195 [pid 5038] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... futex resumed>) = 1 [pid 5035] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] <... futex resumed>) = 0 [pid 5029] <... futex resumed>) = 0 [pid 5027] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] rt_sigprocmask(SIG_SETMASK, [], [pid 5040] <... futex resumed>) = 1 [pid 5035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5034] <... futex resumed>) = 0 [pid 5029] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] <... futex resumed>) = 0 [ 45.067894][ T5044] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 45.078659][ T5046] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 45.080457][ T5045] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5047] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5040] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] <... ftruncate resumed>) = 0 [pid 5038] <... futex resumed>) = 1 [pid 5037] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5035] ftruncate(5, 33587195 [pid 5034] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = 0 [pid 5031] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5039] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5035] <... ftruncate resumed>) = 0 [pid 5034] <... futex resumed>) = 0 [pid 5032] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] <... futex resumed>) = 0 [pid 5047] <... open resumed>) = 5 [pid 5040] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5039] <... futex resumed>) = 1 [pid 5038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5037] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5035] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] <... futex resumed>) = 0 [pid 5032] <... futex resumed>) = 0 [pid 5031] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... open resumed>) = 5 [pid 5039] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5037] <... open resumed>) = 5 [pid 5035] <... futex resumed>) = 1 [pid 5033] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] <... futex resumed>) = 0 [pid 5047] <... futex resumed>) = 1 [pid 5040] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5038] <... open resumed>) = 5 [pid 5037] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] <... futex resumed>) = 0 [pid 5029] <... futex resumed>) = 0 [pid 5027] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5040] <... futex resumed>) = 1 [pid 5039] sendfile(4, 5, NULL, 281474978811909 [pid 5038] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... futex resumed>) = 1 [pid 5035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5034] <... futex resumed>) = 0 [pid 5033] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] <... futex resumed>) = 0 [pid 5029] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... futex resumed>) = 0 [pid 5040] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5036] <... futex resumed>) = 0 [pid 5035] sendfile(4, 5, NULL, 281474978811909 [pid 5034] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... futex resumed>) = 1 [pid 5027] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5038] <... futex resumed>) = 1 [pid 5037] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5036] ftruncate(5, 33587195 [pid 5034] <... futex resumed>) = 0 [pid 5032] <... futex resumed>) = 0 [pid 5031] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] ftruncate(5, 33587195 [pid 5038] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5036] <... ftruncate resumed>) = 0 [pid 5034] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5032] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] <... futex resumed>) = 0 [pid 5040] <... ftruncate resumed>) = 0 [pid 5038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5037] ftruncate(5, 33587195 [pid 5036] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = 0 [pid 5031] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] ftruncate(5, 33587195 [pid 5037] <... ftruncate resumed>) = 0 [pid 5036] <... futex resumed>) = 1 [pid 5032] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... futex resumed>) = 0 [pid 5040] <... futex resumed>) = 1 [pid 5038] <... ftruncate resumed>) = 0 [pid 5037] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] <... futex resumed>) = 0 [pid 5029] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... futex resumed>) = 1 [pid 5036] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5034] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] <... futex resumed>) = 0 [pid 5029] <... futex resumed>) = 0 [pid 5040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5038] <... futex resumed>) = 1 [pid 5037] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5036] sendfile(4, 5, NULL, 281474978811909 [pid 5034] <... futex resumed>) = 0 [pid 5033] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5032] <... futex resumed>) = 0 [pid 5031] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] sendfile(4, 5, NULL, 281474978811909 [pid 5038] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5034] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5032] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] <... futex resumed>) = 0 [pid 5038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5037] sendfile(4, 5, NULL, 281474978811909 [pid 5033] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = 0 [pid 5031] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5038] sendfile(4, 5, NULL, 281474978811909 [pid 5033] <... futex resumed>) = 0 [pid 5032] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5027] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... mmap resumed>) = 0x7f0e6fe21000 [pid 5027] <... futex resumed>) = 0 [pid 5033] mprotect(0x7f0e6fe22000, 131072, PROT_READ|PROT_WRITE [pid 5027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5033] <... mprotect resumed>) = 0 [pid 5027] <... mmap resumed>) = 0x7f0e6fe21000 [pid 5033] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5027] mprotect(0x7f0e6fe22000, 131072, PROT_READ|PROT_WRITE [pid 5033] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5027] <... mprotect resumed>) = 0 [pid 5033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe41990, parent_tid=0x7f0e6fe41990, exit_signal=0, stack=0x7f0e6fe21000, stack_size=0x20300, tls=0x7f0e6fe416c0} [pid 5027] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5033] <... clone3 resumed> => {parent_tid=[5050]}, 88) = 5050 [pid 5027] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe41990, parent_tid=0x7f0e6fe41990, exit_signal=0, stack=0x7f0e6fe21000, stack_size=0x20300, tls=0x7f0e6fe416c0} [pid 5033] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5050 attached NULL, 8) = 0 [pid 5029] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5027] <... clone3 resumed> => {parent_tid=[5051]}, 88) = 5051 ./strace-static-x86_64: Process 5051 attached [pid 5050] rseq(0x7f0e6fe41fe0, 0x20, 0, 0x53053053 [pid 5034] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5033] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] rt_sigprocmask(SIG_SETMASK, [], [pid 5051] rseq(0x7f0e6fe41fe0, 0x20, 0, 0x53053053 [pid 5050] <... rseq resumed>) = 0 [pid 5047] <... futex resumed>) = 0 [pid 5034] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = 0 [pid 5031] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5029] <... futex resumed>) = 1 [pid 5027] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5051] <... rseq resumed>) = 0 [pid 5050] set_robust_list(0x7f0e6fe419a0, 24 [pid 5047] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5034] <... futex resumed>) = 0 [pid 5033] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] set_robust_list(0x7f0e6fe419a0, 24 [pid 5050] <... set_robust_list resumed>) = 0 [pid 5047] <... openat resumed>) = 6 [pid 5034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5031] <... futex resumed>) = 0 [pid 5027] <... futex resumed>) = 0 [pid 5051] <... set_robust_list resumed>) = 0 [pid 5050] rt_sigprocmask(SIG_SETMASK, [], [pid 5047] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... mmap resumed>) = 0x7f0e6fe21000 [pid 5032] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5027] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] rt_sigprocmask(SIG_SETMASK, [], [pid 5050] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5047] <... futex resumed>) = 1 [pid 5034] mprotect(0x7f0e6fe22000, 131072, PROT_READ|PROT_WRITE [pid 5032] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] <... mmap resumed>) = 0x7f0e6fe21000 [pid 5029] <... futex resumed>) = 0 [pid 5051] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5050] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5047] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] <... mprotect resumed>) = 0 [pid 5032] <... futex resumed>) = 0 [pid 5031] mprotect(0x7f0e6fe22000, 131072, PROT_READ|PROT_WRITE [pid 5029] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5050] <... openat resumed>) = 6 [pid 5047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5034] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5031] <... mprotect resumed>) = 0 [pid 5029] <... futex resumed>) = 0 [pid 5051] <... openat resumed>) = 6 [pid 5050] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] lseek(6, 257, SEEK_SET [pid 5034] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5032] <... mmap resumed>) = 0x7f0e6fe21000 [pid 5031] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5029] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 1 [pid 5047] <... lseek resumed>) = 257 [pid 5034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe41990, parent_tid=0x7f0e6fe41990, exit_signal=0, stack=0x7f0e6fe21000, stack_size=0x20300, tls=0x7f0e6fe416c0} [pid 5033] <... futex resumed>) = 0 [pid 5032] mprotect(0x7f0e6fe22000, 131072, PROT_READ|PROT_WRITE [pid 5031] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5051] <... futex resumed>) = 1 [pid 5050] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... mprotect resumed>) = 0 [pid 5031] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe41990, parent_tid=0x7f0e6fe41990, exit_signal=0, stack=0x7f0e6fe21000, stack_size=0x20300, tls=0x7f0e6fe416c0} [pid 5027] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5052 attached [pid 5051] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5050] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5047] <... futex resumed>) = 1 [pid 5034] <... clone3 resumed> => {parent_tid=[5052]}, 88) = 5052 [pid 5033] <... futex resumed>) = 0 [pid 5032] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5029] <... futex resumed>) = 0 [pid 5027] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] rseq(0x7f0e6fe41fe0, 0x20, 0, 0x53053053 [pid 5051] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5050] lseek(6, 257, SEEK_SET [pid 5047] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] rt_sigprocmask(SIG_SETMASK, [], [pid 5033] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5032] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5031] <... clone3 resumed> => {parent_tid=[5053]}, 88) = 5053 [pid 5029] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5053 attached [pid 5052] <... rseq resumed>) = 0 [pid 5051] lseek(6, 257, SEEK_SET [pid 5050] <... lseek resumed>) = 257 [pid 5047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe41990, parent_tid=0x7f0e6fe41990, exit_signal=0, stack=0x7f0e6fe21000, stack_size=0x20300, tls=0x7f0e6fe416c0} [pid 5031] rt_sigprocmask(SIG_SETMASK, [], [pid 5029] <... futex resumed>) = 0 [pid 5027] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] rseq(0x7f0e6fe41fe0, 0x20, 0, 0x53053053 [pid 5052] set_robust_list(0x7f0e6fe419a0, 24 [pid 5051] <... lseek resumed>) = 257 [pid 5050] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] getdents64(6, [pid 5034] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5029] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] <... rseq resumed>) = 0 [pid 5052] <... set_robust_list resumed>) = 0 [pid 5051] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 1 [pid 5034] <... futex resumed>) = 0 [pid 5033] <... futex resumed>) = 0 [pid 5032] <... clone3 resumed> => {parent_tid=[5054]}, 88) = 5054 [pid 5031] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5054 attached [pid 5051] <... futex resumed>) = 1 [pid 5050] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5032] rt_sigprocmask(SIG_SETMASK, [], [pid 5031] <... futex resumed>) = 0 [pid 5027] <... futex resumed>) = 0 [pid 5054] rseq(0x7f0e6fe41fe0, 0x20, 0, 0x53053053 [pid 5032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5031] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... rseq resumed>) = 0 [pid 5032] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] set_robust_list(0x7f0e6fe419a0, 24 [pid 5032] <... futex resumed>) = 0 [pid 5054] <... set_robust_list resumed>) = 0 [pid 5032] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5054] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 5054] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] <... futex resumed>) = 0 [pid 5054] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5032] <... futex resumed>) = 0 [pid 5054] lseek(6, 257, SEEK_SET [pid 5032] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... lseek resumed>) = 257 [pid 5054] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] <... futex resumed>) = 0 [pid 5054] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5032] <... futex resumed>) = 0 [pid 5054] getdents64(6, [pid 5032] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] set_robust_list(0x7f0e6fe419a0, 24) = 0 [pid 5053] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5053] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5051] getdents64(6, [pid 5050] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5033] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... openat resumed>) = 6 [pid 5052] rt_sigprocmask(SIG_SETMASK, [], [pid 5053] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5031] <... futex resumed>) = 0 [pid 5053] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5031] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5031] <... futex resumed>) = 0 [pid 5053] lseek(6, 257, SEEK_SET [pid 5031] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] <... lseek resumed>) = 257 [pid 5053] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5031] <... futex resumed>) = 0 [pid 5053] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5031] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5031] <... futex resumed>) = 0 [pid 5053] getdents64(6, [pid 5031] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5050] getdents64(6, [pid 5033] <... futex resumed>) = 0 [pid 5027] <... futex resumed>) = 0 [pid 5047] <... getdents64 resumed>0x9999999999999999, 41) = -1 EIO (Input/output error) [pid 5047] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5052] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5036] <... sendfile resumed>) = 208896 [pid 5033] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5029] <... futex resumed>) = 0 [ 45.354664][ T5047] NILFS error (device loop1): nilfs_readdir: zero-length directory entry [ 45.365354][ T5047] Remounting filesystem read-only [ 45.371869][ T5054] NILFS error (device loop3): nilfs_readdir: zero-length directory entry [ 45.374534][ T5053] NILFS error (device loop2): nilfs_readdir: zero-length directory entry [ 45.389711][ T5050] NILFS error (device loop4): nilfs_readdir: zero-length directory entry [pid 5027] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5036] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] <... sendfile resumed>) = 368640 [pid 5039] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5034] futex(0x7f0e7812e6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0e6fe00000 [pid 5034] mprotect(0x7f0e6fe01000, 131072, PROT_READ|PROT_WRITE [pid 5052] <... openat resumed>) = 6 [pid 5052] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... sendfile resumed>) = 368640 [pid 5034] <... mprotect resumed>) = 0 [pid 5029] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] <... futex resumed>) = 0 [pid 5036] <... futex resumed>) = 0 [pid 5035] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5029] <... futex resumed>) = 1 [pid 5052] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5036] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5035] <... futex resumed>) = 0 [pid 5034] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5032] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5029] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5036] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 5035] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe20990, parent_tid=0x7f0e6fe20990, exit_signal=0, stack=0x7f0e6fe00000, stack_size=0x20300, tls=0x7f0e6fe206c0} [pid 5032] futex(0x7f0e7812e6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5036] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = 0 [pid 5031] futex(0x7f0e7812e6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5036] <... futex resumed>) = 0 [pid 5034] <... clone3 resumed> => {parent_tid=[5055]}, 88) = 5055 [pid 5032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5031] <... futex resumed>) = 0 [pid 5036] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] rt_sigprocmask(SIG_SETMASK, [], [pid 5032] <... mmap resumed>) = 0x7f0e6fe00000 [pid 5031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5032] mprotect(0x7f0e6fe01000, 131072, PROT_READ|PROT_WRITE [pid 5031] <... mmap resumed>) = 0x7f0e6fe00000 [pid 5034] futex(0x7f0e7812e6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... mprotect resumed>) = 0 [pid 5031] mprotect(0x7f0e6fe01000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5055 attached [pid 5054] <... getdents64 resumed>0x9999999999999999, 41) = -1 EIO (Input/output error) [pid 5051] <... getdents64 resumed>0x9999999999999999, 41) = -1 EIO (Input/output error) [pid 5050] <... getdents64 resumed>0x9999999999999999, 41) = -1 EIO (Input/output error) [pid 5038] <... sendfile resumed>) = 307200 [pid 5034] <... futex resumed>) = 0 [pid 5032] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5031] <... mprotect resumed>) = 0 [pid 5029] exit_group(0 [pid 5055] rseq(0x7f0e6fe20fe0, 0x20, 0, 0x53053053 [pid 5054] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... getdents64 resumed>0x9999999999999999, 41) = -1 EIO (Input/output error) [pid 5051] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] <... futex resumed>) = ? [pid 5038] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... sendfile resumed>) = 339968 [pid 5036] <... futex resumed>) = ? [pid 5034] futex(0x7f0e7812e6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5032] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5031] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5029] <... exit_group resumed>) = ? [pid 5055] <... rseq resumed>) = 0 [pid 5054] <... futex resumed>) = 0 [pid 5053] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] <... futex resumed>) = 1 [pid 5050] <... futex resumed>) = 1 [pid 5047] +++ exited with 0 +++ [pid 5040] <... sendfile resumed>) = 368640 [pid 5038] <... futex resumed>) = 0 [pid 5037] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] +++ exited with 0 +++ [pid 5033] <... futex resumed>) = 0 [pid 5032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe20990, parent_tid=0x7f0e6fe20990, exit_signal=0, stack=0x7f0e6fe00000, stack_size=0x20300, tls=0x7f0e6fe206c0} [pid 5031] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5027] <... futex resumed>) = 0 [pid 5055] set_robust_list(0x7f0e6fe209a0, 24 [pid 5053] <... futex resumed>) = 0 [pid 5040] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... futex resumed>) = 0 [pid 5031] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe20990, parent_tid=0x7f0e6fe20990, exit_signal=0, stack=0x7f0e6fe00000, stack_size=0x20300, tls=0x7f0e6fe206c0}./strace-static-x86_64: Process 5057 attached ./strace-static-x86_64: Process 5056 attached [pid 5055] <... set_robust_list resumed>) = 0 [pid 5053] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5051] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5050] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5040] <... futex resumed>) = 0 [pid 5038] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... clone3 resumed> => {parent_tid=[5056]}, 88) = 5056 [pid 5054] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5029] +++ exited with 0 +++ [pid 5027] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] rt_sigprocmask(SIG_SETMASK, [], [pid 5040] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] rt_sigprocmask(SIG_SETMASK, [], [pid 5031] <... clone3 resumed> => {parent_tid=[5057]}, 88) = 5057 [pid 5055] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5031] rt_sigprocmask(SIG_SETMASK, [], [pid 5055] lseek(6, 257, SEEK_SET [pid 5039] <... futex resumed>) = 0 [pid 5035] <... futex resumed>) = 0 [pid 5033] <... futex resumed>) = 1 [pid 5032] futex(0x7f0e7812e6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5057] rseq(0x7f0e6fe20fe0, 0x20, 0, 0x53053053 [pid 5027] <... futex resumed>) = 1 [pid 5056] rseq(0x7f0e6fe20fe0, 0x20, 0, 0x53053053 [pid 5023] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5029, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5055] <... lseek resumed>) = 257 [pid 5039] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5035] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5033] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5032] <... futex resumed>) = 0 [pid 5031] futex(0x7f0e7812e6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] restart_syscall(<... resuming interrupted clone ...> [pid 5057] <... rseq resumed>) = 0 [pid 5055] futex(0x7f0e7812e6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 5035] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 5032] futex(0x7f0e7812e6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] <... futex resumed>) = 0 [pid 5023] <... restart_syscall resumed>) = 0 [pid 5055] <... futex resumed>) = 1 [pid 5039] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = 0 [pid 5031] futex(0x7f0e7812e6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... rseq resumed>) = 0 [pid 5057] set_robust_list(0x7f0e6fe209a0, 24 [pid 5055] futex(0x7f0e7812e6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] <... futex resumed>) = 1 [pid 5035] <... futex resumed>) = 1 [pid 5034] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = 0 [pid 5027] <... futex resumed>) = 0 [pid 5040] <... futex resumed>) = 0 [pid 5039] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5035] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] <... futex resumed>) = 1 [pid 5033] exit_group(0 [pid 5056] set_robust_list(0x7f0e6fe209a0, 24 [pid 5027] exit_group(0 [pid 5057] <... set_robust_list resumed>) = 0 [pid 5023] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5057] rt_sigprocmask(SIG_SETMASK, [], [pid 5056] <... set_robust_list resumed>) = 0 [pid 5051] <... futex resumed>) = ? [pid 5050] <... futex resumed>) = ? [pid 5040] getdents64(6, [pid 5039] <... futex resumed>) = ? [pid 5035] <... futex resumed>) = ? [pid 5034] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] <... exit_group resumed>) = ? [ 45.398430][ T5051] NILFS error (device loop0): nilfs_readdir: zero-length directory entry [ 45.415413][ T5054] Remounting filesystem read-only [ 45.423598][ T5051] Remounting filesystem read-only [ 45.429469][ T5050] Remounting filesystem read-only [ 45.436960][ T5053] Remounting filesystem read-only [pid 5027] <... exit_group resumed>) = ? [pid 5023] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5056] rt_sigprocmask(SIG_SETMASK, [], [pid 5051] +++ exited with 0 +++ [pid 5050] +++ exited with 0 +++ [pid 5023] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5057] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5023] <... openat resumed>) = 3 [pid 5057] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 5056] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5023] newfstatat(3, "", [pid 5057] futex(0x7f0e7812e6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 5023] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5057] <... futex resumed>) = 1 [pid 5056] futex(0x7f0e7812e6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] <... futex resumed>) = 0 [pid 5023] getdents64(3, [pid 5057] futex(0x7f0e7812e6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] <... futex resumed>) = 1 [pid 5032] <... futex resumed>) = 0 [pid 5031] exit_group(0 [pid 5023] <... getdents64 resumed>0x5555568c9730 /* 4 entries */, 32768) = 112 [pid 5057] <... futex resumed>) = ? [pid 5056] futex(0x7f0e7812e6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] exit_group(0 [pid 5031] <... exit_group resumed>) = ? [pid 5023] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5057] +++ exited with 0 +++ [pid 5056] <... futex resumed>) = ? [pid 5054] <... futex resumed>) = ? [pid 5038] <... futex resumed>) = ? [pid 5037] <... futex resumed>) = ? [pid 5032] <... exit_group resumed>) = ? [pid 5023] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5056] +++ exited with 0 +++ [pid 5054] +++ exited with 0 +++ [pid 5053] <... futex resumed>) = ? [pid 5039] +++ exited with 0 +++ [pid 5038] +++ exited with 0 +++ [pid 5037] +++ exited with 0 +++ [pid 5035] +++ exited with 0 +++ [pid 5033] +++ exited with 0 +++ [pid 5032] +++ exited with 0 +++ [pid 5027] +++ exited with 0 +++ [pid 5023] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5033, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5023] unlink("./0/binderfs" [pid 5026] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5023] <... unlink resumed>) = 0 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5023] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5026] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5053] +++ exited with 0 +++ [pid 5040] <... getdents64 resumed>0x9999999999999999, 41) = -1 EIO (Input/output error) [pid 5031] +++ exited with 0 +++ [pid 5026] newfstatat(3, "", [pid 5040] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5032, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5022] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5027, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5040] <... futex resumed>) = 1 [pid 5034] <... futex resumed>) = 0 [pid 5040] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5034] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 5034] <... futex resumed>) = 0 [pid 5025] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5022] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5040] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5022] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5040] <... futex resumed>) = 0 [pid 5034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5025] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5022] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5040] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] exit_group(0 [pid 5025] <... openat resumed>) = 3 [pid 5022] <... openat resumed>) = 3 [pid 5055] <... futex resumed>) = ? [pid 5040] <... futex resumed>) = ? [pid 5034] <... exit_group resumed>) = ? [pid 5025] newfstatat(3, "", [pid 5022] newfstatat(3, "", [pid 5055] +++ exited with 0 +++ [pid 5040] +++ exited with 0 +++ [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5022] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] getdents64(3, [pid 5022] getdents64(3, [pid 5025] <... getdents64 resumed>0x5555568c9730 /* 4 entries */, 32768) = 112 [pid 5022] <... getdents64 resumed>0x5555568c9730 /* 4 entries */, 32768) = 112 [pid 5025] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5022] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5022] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5022] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5025] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5022] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] unlink("./0/binderfs" [pid 5022] unlink("./0/binderfs" [pid 5025] <... unlink resumed>) = 0 [pid 5022] <... unlink resumed>) = 0 [pid 5025] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5022] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5024] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5031, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5024] restart_syscall(<... resuming interrupted clone ...> [pid 5052] <... futex resumed>) = ? [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5024] <... restart_syscall resumed>) = 0 [ 45.461994][ T5040] NILFS error (device loop5): nilfs_readdir: zero-length directory entry [ 45.474177][ T5040] Remounting filesystem read-only [ 45.481864][ T5023] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer [ 45.491782][ T5025] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer [ 45.493537][ T5023] NILFS (loop1): discard dirty page: offset=208896, ino=18 [pid 5052] +++ exited with 0 +++ [pid 5034] +++ exited with 0 +++ [pid 5026] getdents64(3, [pid 5028] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5034, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5026] <... getdents64 resumed>0x5555568c9730 /* 4 entries */, 32768) = 112 [pid 5028] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5026] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5024] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5024] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 45.502013][ T5025] NILFS (loop3): discard dirty page: offset=307200, ino=18 [ 45.515587][ T5025] NILFS (loop3): discard dirty block: blocknr=0, size=4096 [ 45.516439][ T5022] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer [ 45.532600][ T5023] NILFS (loop1): discard dirty block: blocknr=0, size=4096 [ 45.535495][ T5022] NILFS (loop0): discard dirty page: offset=8192, ino=6 [ 45.542550][ T5025] NILFS (loop3): discard dirty page: offset=8192, ino=6 [ 45.547663][ T5022] NILFS (loop0): discard dirty block: blocknr=25, size=4096 [pid 5028] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5026] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5024] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5028] <... openat resumed>) = 3 [pid 5026] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5024] <... openat resumed>) = 3 [pid 5028] newfstatat(3, "", [pid 5026] unlink("./0/binderfs" [ 45.561573][ T5025] NILFS (loop3): discard dirty block: blocknr=25, size=4096 [ 45.562677][ T5022] NILFS (loop0): discard dirty page: offset=0, ino=5 [ 45.570557][ T5023] NILFS (loop1): discard dirty page: offset=8192, ino=6 [ 45.576387][ T5022] NILFS (loop0): discard dirty block: blocknr=27, size=4096 [ 45.583891][ T5025] NILFS (loop3): discard dirty page: offset=0, ino=5 [ 45.590818][ T5022] NILFS (loop0): discard dirty page: offset=0, ino=3 [ 45.597588][ T5023] NILFS (loop1): discard dirty block: blocknr=25, size=4096 [pid 5024] newfstatat(3, "", [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5026] <... unlink resumed>) = 0 [pid 5024] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] getdents64(3, [pid 5026] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5024] getdents64(3, [pid 5028] <... getdents64 resumed>0x5555568c9730 /* 4 entries */, 32768) = 112 [pid 5024] <... getdents64 resumed>0x5555568c9730 /* 4 entries */, 32768) = 112 [pid 5028] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [ 45.604167][ T5022] NILFS (loop0): discard dirty block: blocknr=28, size=4096 [ 45.611474][ T5025] NILFS (loop3): discard dirty block: blocknr=27, size=4096 [ 45.618979][ T5022] NILFS (loop0): discard dirty page: offset=4096, ino=3 [ 45.626769][ T5023] NILFS (loop1): discard dirty page: offset=0, ino=5 [ 45.633358][ T5022] NILFS (loop0): discard dirty block: blocknr=29, size=4096 [ 45.639751][ T5025] NILFS (loop3): discard dirty page: offset=0, ino=3 [ 45.647068][ T5022] NILFS (loop0): discard dirty page: offset=270336, ino=3 [pid 5024] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5024] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5024] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5028] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5024] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 45.654165][ T5025] NILFS (loop3): discard dirty block: blocknr=28, size=4096 [ 45.661256][ T5026] NILFS (loop4): disposed unprocessed dirty file(s) when stopping log writer [ 45.668151][ T5023] NILFS (loop1): discard dirty block: blocknr=27, size=4096 [ 45.676862][ T5022] NILFS (loop0): discard dirty block: blocknr=0, size=4096 [ 45.691364][ T5025] NILFS (loop3): discard dirty page: offset=4096, ino=3 [ 45.693509][ T5026] NILFS (loop4): discard dirty page: offset=8192, ino=6 [ 45.698739][ T5023] NILFS (loop1): discard dirty page: offset=0, ino=3 [pid 5028] unlink("./0/binderfs" [pid 5024] unlink("./0/binderfs" [pid 5028] <... unlink resumed>) = 0 [pid 5024] <... unlink resumed>) = 0 [pid 5028] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [ 45.705574][ T5026] NILFS (loop4): discard dirty block: blocknr=25, size=4096 [ 45.719842][ T5025] NILFS (loop3): discard dirty block: blocknr=29, size=4096 [ 45.727526][ T5023] NILFS (loop1): discard dirty block: blocknr=28, size=4096 [ 45.737563][ T5025] NILFS (loop3): discard dirty page: offset=270336, ino=3 [ 45.744174][ T5026] NILFS (loop4): discard dirty page: offset=0, ino=5 [ 45.744689][ T5023] NILFS (loop1): discard dirty page: offset=4096, ino=3 [pid 5024] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5022] <... umount2 resumed>) = 0 [pid 5025] <... umount2 resumed>) = 0 [pid 5022] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5022] newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 45.752021][ T5028] NILFS (loop5): disposed unprocessed dirty file(s) when stopping log writer [ 45.759313][ T5025] NILFS (loop3): discard dirty block: blocknr=0, size=4096 [ 45.773753][ T5026] NILFS (loop4): discard dirty block: blocknr=27, size=4096 [ 45.774982][ T5023] NILFS (loop1): discard dirty block: blocknr=29, size=4096 [ 45.781765][ T5024] NILFS (loop2): disposed unprocessed dirty file(s) when stopping log writer [ 45.798028][ T5028] NILFS (loop5): discard dirty page: offset=8192, ino=6 [ 45.798046][ T5028] NILFS (loop5): discard dirty block: blocknr=25, size=4096 [pid 5022] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5025] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] getdents64(4, 0x5555568d1770 /* 2 entries */, 32768) = 48 [pid 5025] getdents64(4, 0x5555568d1770 /* 0 entries */, 32768) = 0 [pid 5025] close(4) = 0 [pid 5025] rmdir("./0/file1" [pid 5022] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5022] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5025] <... rmdir resumed>) = 0 [pid 5025] getdents64(3, 0x5555568c9730 /* 0 entries */, 32768) = 0 [pid 5025] close(3) = 0 [pid 5025] rmdir("./0") = 0 [pid 5025] mkdir("./1", 0777) = 0 [pid 5025] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5025] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5025] close(3) = 0 [pid 5025] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568c8690) = 5058 [pid 5022] <... openat resumed>) = 4 ./strace-static-x86_64: Process 5058 attached [pid 5022] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5022] getdents64(4, 0x5555568d1770 /* 2 entries */, 32768) = 48 [pid 5022] getdents64(4, 0x5555568d1770 /* 0 entries */, 32768) = 0 [pid 5022] close(4) = 0 [pid 5022] rmdir("./0/file1") = 0 [pid 5022] getdents64(3, 0x5555568c9730 /* 0 entries */, 32768) = 0 [pid 5022] close(3) = 0 [pid 5022] rmdir("./0" [pid 5058] set_robust_list(0x5555568c86a0, 24 [pid 5022] <... rmdir resumed>) = 0 [pid 5022] mkdir("./1", 0777 [pid 5058] <... set_robust_list resumed>) = 0 [pid 5022] <... mkdir resumed>) = 0 [pid 5022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5022] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5022] close(3) = 0 [pid 5022] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5058] chdir("./1" [pid 5022] <... clone resumed>, child_tidptr=0x5555568c8690) = 5059 [pid 5058] <... chdir resumed>) = 0 [pid 5058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5058] setpgid(0, 0) = 0 [pid 5058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 5059 attached [pid 5059] set_robust_list(0x5555568c86a0, 24 [pid 5058] <... openat resumed>) = 3 [pid 5058] write(3, "1000", 4 [pid 5059] <... set_robust_list resumed>) = 0 [pid 5059] chdir("./1" [pid 5058] <... write resumed>) = 4 [pid 5058] close(3) = 0 [pid 5059] <... chdir resumed>) = 0 [pid 5059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] setpgid(0, 0 [pid 5058] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5058] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] rt_sigaction(SIGRT_1, {sa_handler=0x7f0e780cc160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0e780bd310}, NULL, 8) = 0 [pid 5058] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0e78042000 [pid 5058] mprotect(0x7f0e78043000, 131072, PROT_READ|PROT_WRITE) = 0 [ 45.816086][ T5023] NILFS (loop1): discard dirty page: offset=270336, ino=3 [ 45.820413][ T5026] NILFS (loop4): discard dirty page: offset=0, ino=3 [ 45.830453][ T5024] NILFS (loop2): discard dirty page: offset=339968, ino=18 [ 45.838549][ T5023] NILFS (loop1): discard dirty block: blocknr=0, size=4096 [pid 5058] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5058] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e78062990, parent_tid=0x7f0e78062990, exit_signal=0, stack=0x7f0e78042000, stack_size=0x20300, tls=0x7f0e780626c0} => {parent_tid=[5060]}, 88) = 5060 [pid 5059] <... setpgid resumed>) = 0 [pid 5058] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5058] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5060 attached [pid 5060] rseq(0x7f0e78062fe0, 0x20, 0, 0x53053053) = 0 [pid 5060] set_robust_list(0x7f0e780629a0, 24) = 0 [pid 5060] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5060] memfd_create("syzkaller", 0) = 3 [pid 5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e6fc42000 [pid 5059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5059] write(3, "1000", 4) = 4 [pid 5059] close(3) = 0 [pid 5059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5059] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] rt_sigaction(SIGRT_1, {sa_handler=0x7f0e780cc160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0e780bd310}, NULL, 8) = 0 [pid 5059] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0e78042000 [pid 5059] mprotect(0x7f0e78043000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5059] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e78062990, parent_tid=0x7f0e78062990, exit_signal=0, stack=0x7f0e78042000, stack_size=0x20300, tls=0x7f0e780626c0} => {parent_tid=[5061]}, 88) = 5061 [pid 5059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5059] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 45.863214][ T5026] NILFS (loop4): discard dirty block: blocknr=28, size=4096 [ 45.868808][ T5028] NILFS (loop5): discard dirty page: offset=0, ino=5 [ 45.872137][ T5024] NILFS (loop2): discard dirty block: blocknr=0, size=4096 [ 45.895215][ T5026] NILFS (loop4): discard dirty page: offset=4096, ino=3 [ 45.908620][ T5028] NILFS (loop5): discard dirty block: blocknr=27, size=4096 [pid 5059] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5061 attached [pid 5061] rseq(0x7f0e78062fe0, 0x20, 0, 0x53053053) = 0 [pid 5061] set_robust_list(0x7f0e780629a0, 24 [pid 5023] <... umount2 resumed>) = 0 [pid 5061] <... set_robust_list resumed>) = 0 [pid 5061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5023] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5061] memfd_create("syzkaller", 0 [pid 5023] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5061] <... memfd_create resumed>) = 3 [pid 5061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e6fc42000 [pid 5023] newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5023] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5023] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5023] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5023] getdents64(4, 0x5555568d1770 /* 2 entries */, 32768) = 48 [pid 5023] getdents64(4, 0x5555568d1770 /* 0 entries */, 32768) = 0 [pid 5023] close(4) = 0 [pid 5023] rmdir("./0/file1") = 0 [pid 5060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5023] getdents64(3, 0x5555568c9730 /* 0 entries */, 32768) = 0 [pid 5023] close(3) = 0 [pid 5023] rmdir("./0") = 0 [pid 5023] mkdir("./1", 0777) = 0 [pid 5023] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5023] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5023] close(3) = 0 [pid 5023] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568c8690) = 5062 ./strace-static-x86_64: Process 5062 attached [pid 5062] set_robust_list(0x5555568c86a0, 24) = 0 [pid 5062] chdir("./1") = 0 [pid 5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5062] setpgid(0, 0) = 0 [pid 5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5061] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5062] write(3, "1000", 4) = 4 [ 45.912934][ T5024] NILFS (loop2): discard dirty page: offset=8192, ino=6 [ 45.937127][ T5026] NILFS (loop4): discard dirty block: blocknr=29, size=4096 [ 45.946833][ T5026] NILFS (loop4): discard dirty page: offset=270336, ino=3 [ 45.952738][ T5028] NILFS (loop5): discard dirty page: offset=0, ino=3 [pid 5062] close(3) = 0 [pid 5060] <... write resumed>) = 2097152 [pid 5062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5062] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] rt_sigaction(SIGRT_1, {sa_handler=0x7f0e780cc160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0e780bd310}, NULL, 8) = 0 [pid 5062] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0e78042000 [pid 5062] mprotect(0x7f0e78043000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5062] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e78062990, parent_tid=0x7f0e78062990, exit_signal=0, stack=0x7f0e78042000, stack_size=0x20300, tls=0x7f0e780626c0} => {parent_tid=[5063]}, 88) = 5063 [pid 5062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5062] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5060] munmap(0x7f0e6fc42000, 2097152./strace-static-x86_64: Process 5063 attached [pid 5063] rseq(0x7f0e78062fe0, 0x20, 0, 0x53053053) = 0 [pid 5063] set_robust_list(0x7f0e780629a0, 24) = 0 [pid 5063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5060] <... munmap resumed>) = 0 [pid 5063] memfd_create("syzkaller", 0) = 3 [pid 5060] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5060] <... openat resumed>) = 4 [pid 5063] <... mmap resumed>) = 0x7f0e6fc42000 [pid 5060] ioctl(4, LOOP_SET_FD, 3 [pid 5063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5061] <... write resumed>) = 2097152 [ 45.971867][ T5024] NILFS (loop2): discard dirty block: blocknr=25, size=4096 [ 45.979734][ T5026] NILFS (loop4): discard dirty block: blocknr=0, size=4096 [ 45.988563][ T5028] NILFS (loop5): discard dirty block: blocknr=28, size=4096 [ 45.997312][ T5024] NILFS (loop2): discard dirty page: offset=0, ino=5 [ 46.015273][ T5060] loop3: detected capacity change from 0 to 4096 [pid 5061] munmap(0x7f0e6fc42000, 2097152 [pid 5060] <... ioctl resumed>) = 0 [pid 5060] close(3) = 0 [pid 5060] mkdir("./file1", 0777) = 0 [pid 5060] mount("/dev/loop3", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5061] <... munmap resumed>) = 0 [pid 5026] <... umount2 resumed>) = 0 [pid 5061] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5026] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5061] <... openat resumed>) = 4 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5061] ioctl(4, LOOP_SET_FD, 3 [pid 5026] newfstatat(AT_FDCWD, "./0/file1", [pid 5063] <... write resumed>) = 2097152 [ 46.022812][ T5028] NILFS (loop5): discard dirty page: offset=4096, ino=3 [ 46.026387][ T5024] NILFS (loop2): discard dirty block: blocknr=27, size=4096 [ 46.034788][ T5060] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 46.041820][ T5024] NILFS (loop2): discard dirty page: offset=0, ino=3 [ 46.051452][ T5028] NILFS (loop5): discard dirty block: blocknr=29, size=4096 [ 46.053819][ T5024] NILFS (loop2): discard dirty block: blocknr=28, size=4096 [pid 5063] munmap(0x7f0e6fc42000, 2097152) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5061] <... ioctl resumed>) = 0 [pid 5061] close(3 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5061] <... close resumed>) = 0 [pid 5026] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5061] mkdir("./file1", 0777 [pid 5026] <... openat resumed>) = 4 [pid 5063] <... openat resumed>) = 4 [pid 5061] <... mkdir resumed>) = 0 [pid 5026] newfstatat(4, "", [pid 5061] mount("/dev/loop0", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5063] ioctl(4, LOOP_SET_FD, 3 [pid 5026] getdents64(4, [pid 5063] <... ioctl resumed>) = 0 [pid 5063] close(3) = 0 [ 46.068752][ T5061] loop0: detected capacity change from 0 to 4096 [ 46.076096][ T5024] NILFS (loop2): discard dirty page: offset=4096, ino=3 [ 46.076752][ T5060] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 4096) [ 46.094515][ T5024] NILFS (loop2): discard dirty block: blocknr=29, size=4096 [ 46.094962][ T5028] NILFS (loop5): discard dirty page: offset=270336, ino=3 [ 46.102852][ T5024] NILFS (loop2): discard dirty page: offset=270336, ino=3 [ 46.110308][ T5063] loop1: detected capacity change from 0 to 4096 [pid 5063] mkdir("./file1", 0777) = 0 [pid 5063] mount("/dev/loop1", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5026] <... getdents64 resumed>0x5555568d1770 /* 2 entries */, 32768) = 48 [pid 5026] getdents64(4, 0x5555568d1770 /* 0 entries */, 32768) = 0 [pid 5026] close(4) = 0 [pid 5026] rmdir("./0/file1") = 0 [pid 5026] getdents64(3, 0x5555568c9730 /* 0 entries */, 32768) = 0 [pid 5060] <... mount resumed>) = 0 [pid 5060] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5060] chdir("./file1") = 0 [pid 5060] ioctl(4, LOOP_CLR_FD) = 0 [pid 5060] close(4 [pid 5026] close(3) = 0 [pid 5026] rmdir("./0" [pid 5060] <... close resumed>) = 0 [pid 5026] <... rmdir resumed>) = 0 [pid 5060] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... futex resumed>) = 0 [pid 5058] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... futex resumed>) = 1 [ 46.117189][ T5024] NILFS (loop2): discard dirty block: blocknr=0, size=4096 [ 46.126810][ T5063] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 46.129906][ T5061] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 46.140929][ T5028] NILFS (loop5): discard dirty block: blocknr=0, size=4096 [ 46.158618][ T5061] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 4096) [pid 5060] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5026] mkdir("./1", 0777) = 0 [pid 5026] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5026] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5026] close(3) = 0 [pid 5026] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568c8690) = 5065 ./strace-static-x86_64: Process 5065 attached [pid 5065] set_robust_list(0x5555568c86a0, 24) = 0 [pid 5065] chdir("./1") = 0 [pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] setpgid(0, 0) = 0 [pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] write(3, "1000", 4) = 4 [pid 5065] close(3) = 0 [pid 5065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5065] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] rt_sigaction(SIGRT_1, {sa_handler=0x7f0e780cc160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0e780bd310}, [pid 5060] <... open resumed>) = 4 [pid 5065] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5060] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5060] <... futex resumed>) = 1 [pid 5058] <... futex resumed>) = 0 [pid 5065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5060] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5060] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5058] <... futex resumed>) = 0 [pid 5024] <... umount2 resumed>) = 0 [pid 5065] <... mmap resumed>) = 0x7f0e78042000 [pid 5060] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5058] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5024] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] mprotect(0x7f0e78043000, 131072, PROT_READ|PROT_WRITE [pid 5060] <... open resumed>) = 5 [pid 5065] <... mprotect resumed>) = 0 [pid 5060] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5060] <... futex resumed>) = 1 [pid 5058] <... futex resumed>) = 0 [pid 5024] newfstatat(AT_FDCWD, "./0/file1", [pid 5065] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5060] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 46.173536][ T5064] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 46.189309][ T5063] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 4096) [pid 5058] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e78062990, parent_tid=0x7f0e78062990, exit_signal=0, stack=0x7f0e78042000, stack_size=0x20300, tls=0x7f0e780626c0} [pid 5060] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5058] <... futex resumed>) = 0 [pid 5024] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5060] ftruncate(5, 33587195 [pid 5058] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5024] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5066 attached [pid 5065] <... clone3 resumed> => {parent_tid=[5066]}, 88) = 5066 [pid 5060] <... ftruncate resumed>) = 0 [pid 5024] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5066] rseq(0x7f0e78062fe0, 0x20, 0, 0x53053053 [pid 5065] rt_sigprocmask(SIG_SETMASK, [], [pid 5060] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5066] <... rseq resumed>) = 0 [pid 5065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5060] <... futex resumed>) = 1 [pid 5058] <... futex resumed>) = 0 [pid 5024] <... openat resumed>) = 4 [pid 5066] set_robust_list(0x7f0e780629a0, 24 [pid 5065] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5058] <... futex resumed>) = 0 [pid 5028] <... umount2 resumed>) = 0 [pid 5060] sendfile(4, 5, NULL, 281474978811909 [pid 5058] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] <... set_robust_list resumed>) = 0 [pid 5065] <... futex resumed>) = 0 [pid 5061] <... mount resumed>) = 0 [pid 5028] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5024] newfstatat(4, "", [pid 5066] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5061] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5024] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5066] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5061] <... openat resumed>) = 3 [pid 5028] newfstatat(AT_FDCWD, "./0/file1", [pid 5024] getdents64(4, [pid 5066] memfd_create("syzkaller", 0 [pid 5061] chdir("./file1" [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5024] <... getdents64 resumed>0x5555568d1770 /* 2 entries */, 32768) = 48 [pid 5066] <... memfd_create resumed>) = 3 [pid 5061] <... chdir resumed>) = 0 [pid 5028] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5024] getdents64(4, [pid 5066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5061] ioctl(4, LOOP_CLR_FD [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5024] <... getdents64 resumed>0x5555568d1770 /* 0 entries */, 32768) = 0 [pid 5066] <... mmap resumed>) = 0x7f0e6fc42000 [pid 5061] <... ioctl resumed>) = 0 [pid 5028] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5024] close(4 [pid 5063] <... mount resumed>) = 0 [pid 5063] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5063] chdir("./file1") = 0 [pid 5061] close(4 [pid 5024] <... close resumed>) = 0 [pid 5063] ioctl(4, LOOP_CLR_FD) = 0 [pid 5061] <... close resumed>) = 0 [pid 5063] close(4) = 0 [pid 5063] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... openat resumed>) = 4 [pid 5024] rmdir("./0/file1" [pid 5066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5063] <... futex resumed>) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5061] <... futex resumed>) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5028] newfstatat(4, "", [pid 5063] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5024] <... rmdir resumed>) = 0 [pid 5063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] <... futex resumed>) = 0 [pid 5061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5059] <... futex resumed>) = 0 [pid 5028] getdents64(4, [pid 5024] getdents64(3, [pid 5063] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5062] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5059] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] <... getdents64 resumed>0x5555568d1770 /* 2 entries */, 32768) = 48 [pid 5024] <... getdents64 resumed>0x5555568c9730 /* 0 entries */, 32768) = 0 [pid 5058] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5028] getdents64(4, [pid 5024] close(3 [pid 5061] <... open resumed>) = 4 [pid 5058] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... getdents64 resumed>0x5555568d1770 /* 0 entries */, 32768) = 0 [pid 5024] <... close resumed>) = 0 [pid 5061] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... futex resumed>) = 0 [pid 5028] close(4 [pid 5024] rmdir("./0" [pid 5061] <... futex resumed>) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5028] <... close resumed>) = 0 [pid 5061] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... mmap resumed>) = 0x7f0e6fe21000 [pid 5028] rmdir("./0/file1" [pid 5024] <... rmdir resumed>) = 0 [pid 5061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5059] <... futex resumed>) = 0 [pid 5058] mprotect(0x7f0e6fe22000, 131072, PROT_READ|PROT_WRITE [pid 5061] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5059] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5058] <... mprotect resumed>) = 0 [pid 5028] <... rmdir resumed>) = 0 [pid 5024] mkdir("./1", 0777 [pid 5061] <... open resumed>) = 5 [pid 5058] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5028] getdents64(3, [pid 5061] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5028] <... getdents64 resumed>0x5555568c9730 /* 0 entries */, 32768) = 0 [pid 5024] <... mkdir resumed>) = 0 [pid 5061] <... futex resumed>) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5058] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe41990, parent_tid=0x7f0e6fe41990, exit_signal=0, stack=0x7f0e6fe21000, stack_size=0x20300, tls=0x7f0e6fe416c0} [pid 5028] close(3 [pid 5024] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5061] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] <... close resumed>) = 0 [ 46.247484][ T5067] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 46.278729][ T5068] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5024] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5069 attached [pid 5066] <... write resumed>) = 2097152 [pid 5061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5059] <... futex resumed>) = 0 [pid 5058] <... clone3 resumed> => {parent_tid=[5069]}, 88) = 5069 [pid 5028] rmdir("./0" [pid 5024] ioctl(3, LOOP_CLR_FD [pid 5069] rseq(0x7f0e6fe41fe0, 0x20, 0, 0x53053053 [pid 5066] munmap(0x7f0e6fc42000, 2097152 [pid 5061] ftruncate(5, 33587195 [pid 5059] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5058] rt_sigprocmask(SIG_SETMASK, [], [pid 5028] <... rmdir resumed>) = 0 [pid 5024] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5069] <... rseq resumed>) = 0 [pid 5058] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5058] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] mkdir("./1", 0777 [pid 5024] close(3 [pid 5058] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] <... mkdir resumed>) = 0 [pid 5024] <... close resumed>) = 0 [pid 5063] <... open resumed>) = 4 [pid 5069] set_robust_list(0x7f0e6fe419a0, 24 [pid 5063] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5024] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] <... set_robust_list resumed>) = 0 [pid 5063] <... futex resumed>) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5061] <... ftruncate resumed>) = 0 [pid 5028] <... openat resumed>) = 3 [pid 5069] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... munmap resumed>) = 0 [pid 5063] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] ioctl(3, LOOP_CLR_FD [pid 5069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] <... futex resumed>) = 0 [pid 5061] <... futex resumed>) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5028] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5024] <... clone resumed>, child_tidptr=0x5555568c8690) = 5070 [pid 5069] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5066] <... openat resumed>) = 4 [pid 5063] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5062] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] close(3 [pid 5069] <... openat resumed>) = 6 [pid 5066] ioctl(4, LOOP_SET_FD, 3 [pid 5063] <... open resumed>) = 5 [pid 5061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5059] <... futex resumed>) = 0 [pid 5028] <... close resumed>) = 0 [pid 5069] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5063] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] <... futex resumed>) = 0 [pid 5063] ftruncate(5, 33587195 [pid 5062] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... ftruncate resumed>) = 0 [pid 5063] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5063] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] <... futex resumed>) = 0 [pid 5061] sendfile(4, 5, NULL, 281474978811909 [pid 5059] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... futex resumed>) = 1 [pid 5063] sendfile(4, 5, NULL, 281474978811909 [pid 5062] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5058] <... futex resumed>) = 0 [pid 5028] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5070 attached [pid 5069] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] set_robust_list(0x5555568c86a0, 24 [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5058] <... futex resumed>) = 0 [pid 5028] <... clone resumed>, child_tidptr=0x5555568c8690) = 5071 [pid 5070] <... set_robust_list resumed>) = 0 [pid 5069] lseek(6, 257, SEEK_SET [pid 5058] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] chdir("./1" [pid 5069] <... lseek resumed>) = 257 [pid 5066] <... ioctl resumed>) = 0 [pid 5070] <... chdir resumed>) = 0 [pid 5069] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] close(3 [pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] <... futex resumed>) = 1 [pid 5066] <... close resumed>) = 0 [pid 5058] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5071 attached [pid 5070] <... prctl resumed>) = 0 [pid 5069] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] mkdir("./file1", 0777 [pid 5058] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] set_robust_list(0x5555568c86a0, 24 [pid 5070] setpgid(0, 0 [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5066] <... mkdir resumed>) = 0 [pid 5058] <... futex resumed>) = 0 [pid 5071] <... set_robust_list resumed>) = 0 [pid 5070] <... setpgid resumed>) = 0 [pid 5069] getdents64(6, [pid 5066] mount("/dev/loop4", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5058] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] chdir("./1" [ 46.343601][ T5066] loop4: detected capacity change from 0 to 4096 [pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5071] <... chdir resumed>) = 0 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5071] setpgid(0, 0) = 0 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1000", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5070] <... openat resumed>) = 3 [pid 5071] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5071] rt_sigaction(SIGRT_1, {sa_handler=0x7f0e780cc160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0e780bd310}, NULL, 8) = 0 [pid 5071] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0e78042000 [pid 5071] mprotect(0x7f0e78043000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5071] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5071] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e78062990, parent_tid=0x7f0e78062990, exit_signal=0, stack=0x7f0e78042000, stack_size=0x20300, tls=0x7f0e780626c0}./strace-static-x86_64: Process 5072 attached [pid 5070] write(3, "1000", 4 [pid 5059] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5071] <... clone3 resumed> => {parent_tid=[5072]}, 88) = 5072 [pid 5071] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5071] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] rseq(0x7f0e78062fe0, 0x20, 0, 0x53053053 [pid 5071] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5070] <... write resumed>) = 4 [pid 5059] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... getdents64 resumed>0x9999999999999999, 41) = -1 EIO (Input/output error) [pid 5072] <... rseq resumed>) = 0 [pid 5070] close(3 [pid 5062] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5060] <... sendfile resumed>) = 253952 [pid 5059] <... futex resumed>) = 0 [pid 5062] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0e6fe21000 [pid 5062] mprotect(0x7f0e6fe22000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5062] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe41990, parent_tid=0x7f0e6fe41990, exit_signal=0, stack=0x7f0e6fe21000, stack_size=0x20300, tls=0x7f0e6fe416c0} => {parent_tid=[5073]}, 88) = 5073 [pid 5062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5062] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5073 attached [pid 5073] rseq(0x7f0e6fe41fe0, 0x20, 0, 0x53053053) = 0 [pid 5073] set_robust_list(0x7f0e6fe419a0, 24 [pid 5072] set_robust_list(0x7f0e780629a0, 24 [pid 5070] <... close resumed>) = 0 [pid 5069] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5072] <... set_robust_list resumed>) = 0 [pid 5070] symlink("/dev/binderfs", "./binderfs" [pid 5069] <... futex resumed>) = 1 [pid 5060] <... futex resumed>) = 0 [pid 5059] <... mmap resumed>) = 0x7f0e6fe21000 [pid 5058] <... futex resumed>) = 0 [pid 5072] rt_sigprocmask(SIG_SETMASK, [], [pid 5070] <... symlink resumed>) = 0 [pid 5069] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5060] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] mprotect(0x7f0e6fe22000, 131072, PROT_READ|PROT_WRITE [pid 5058] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5070] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5059] <... mprotect resumed>) = 0 [pid 5058] <... futex resumed>) = 0 [pid 5073] <... set_robust_list resumed>) = 0 [pid 5072] memfd_create("syzkaller", 0 [pid 5070] <... futex resumed>) = 0 [pid 5060] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5059] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5058] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] rt_sigprocmask(SIG_SETMASK, [], [pid 5072] <... memfd_create resumed>) = 3 [pid 5070] rt_sigaction(SIGRT_1, {sa_handler=0x7f0e780cc160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0e780bd310}, [pid 5060] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 5059] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5073] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5070] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5060] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe41990, parent_tid=0x7f0e6fe41990, exit_signal=0, stack=0x7f0e6fe21000, stack_size=0x20300, tls=0x7f0e6fe416c0} [pid 5073] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5072] <... mmap resumed>) = 0x7f0e6fc42000 [pid 5070] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5060] <... futex resumed>) = 1 [pid 5058] <... futex resumed>) = 0 [pid 5073] <... openat resumed>) = 6 [pid 5072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5070] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5060] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] <... clone3 resumed> => {parent_tid=[5074]}, 88) = 5074 [pid 5058] exit_group(0 [pid 5073] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5069] <... futex resumed>) = ? [pid 5060] <... futex resumed>) = ? [pid 5059] rt_sigprocmask(SIG_SETMASK, [], [pid 5058] <... exit_group resumed>) = ? [pid 5073] <... futex resumed>) = 1 [pid 5070] <... mmap resumed>) = 0x7f0e78042000 [pid 5069] +++ exited with 0 +++ [pid 5062] <... futex resumed>) = 0 [pid 5060] +++ exited with 0 +++ [pid 5059] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5058] +++ exited with 0 +++ [pid 5073] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] mprotect(0x7f0e78043000, 131072, PROT_READ|PROT_WRITE [pid 5062] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5058, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5073] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5070] <... mprotect resumed>) = 0 [pid 5062] <... futex resumed>) = 0 [pid 5059] <... futex resumed>) = 0 [pid 5073] lseek(6, 257, SEEK_SET [pid 5070] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5062] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5059] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5074 attached [pid 5073] <... lseek resumed>) = 257 [pid 5070] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5074] rseq(0x7f0e6fe41fe0, 0x20, 0, 0x53053053 [pid 5073] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e78062990, parent_tid=0x7f0e78062990, exit_signal=0, stack=0x7f0e78042000, stack_size=0x20300, tls=0x7f0e780626c0} [pid 5074] <... rseq resumed>) = 0 [pid 5073] <... futex resumed>) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5074] set_robust_list(0x7f0e6fe419a0, 24 [pid 5073] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] <... clone3 resumed> => {parent_tid=[5076]}, 88) = 5076 [ 46.390082][ T5069] NILFS error (device loop3): nilfs_readdir: zero-length directory entry [ 46.399601][ T5066] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 46.410867][ T5069] Remounting filesystem read-only [ 46.419472][ T5066] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 4096) [pid 5062] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... set_robust_list resumed>) = 0 [pid 5073] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5070] rt_sigprocmask(SIG_SETMASK, [], [pid 5062] <... futex resumed>) = 0 [pid 5074] rt_sigprocmask(SIG_SETMASK, [], [pid 5073] getdents64(6, [pid 5070] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5062] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5076 attached [pid 5074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5072] <... write resumed>) = 2097152 [pid 5066] <... mount resumed>) = 0 [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5076] rseq(0x7f0e78062fe0, 0x20, 0, 0x53053053 [pid 5066] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5025] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5076] <... rseq resumed>) = 0 [pid 5066] <... openat resumed>) = 3 [pid 5025] <... openat resumed>) = 3 [pid 5076] set_robust_list(0x7f0e780629a0, 24 [pid 5066] chdir("./file1" [pid 5025] newfstatat(3, "", [pid 5076] <... set_robust_list resumed>) = 0 [pid 5066] <... chdir resumed>) = 0 [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5076] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] ioctl(4, LOOP_CLR_FD [pid 5025] getdents64(3, [pid 5076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5070] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... ioctl resumed>) = 0 [pid 5025] <... getdents64 resumed>0x5555568c9730 /* 4 entries */, 32768) = 112 [pid 5076] memfd_create("syzkaller", 0 [pid 5070] <... futex resumed>) = 0 [pid 5066] close(4 [pid 5025] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5076] <... memfd_create resumed>) = 3 [pid 5074] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5072] munmap(0x7f0e6fc42000, 2097152 [pid 5070] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] <... close resumed>) = 0 [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5074] <... openat resumed>) = 6 [pid 5066] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5076] <... mmap resumed>) = 0x7f0e6fc42000 [pid 5074] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5025] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5059] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5074] <... futex resumed>) = 0 [pid 5072] <... munmap resumed>) = 0 [pid 5066] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] unlink("./1/binderfs" [pid 5074] lseek(6, 257, SEEK_SET [pid 5072] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5066] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5065] <... futex resumed>) = 0 [pid 5063] <... sendfile resumed>) = 368640 [pid 5059] <... futex resumed>) = 0 [pid 5025] <... unlink resumed>) = 0 [pid 5066] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5065] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 46.466848][ T5075] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 46.476227][ T5073] NILFS error (device loop1): nilfs_readdir: zero-length directory entry [pid 5063] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5074] <... lseek resumed>) = 257 [pid 5072] <... openat resumed>) = 4 [pid 5066] <... open resumed>) = 4 [pid 5063] <... futex resumed>) = 0 [pid 5059] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] <... sendfile resumed>) = 368640 [pid 5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5074] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... getdents64 resumed>0x9999999999999999, 41) = -1 EIO (Input/output error) [pid 5072] ioctl(4, LOOP_SET_FD, 3 [pid 5066] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5061] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5074] <... futex resumed>) = 0 [pid 5073] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = 0 [pid 5059] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] <... futex resumed>) = 0 [pid 5062] <... futex resumed>) = 0 [pid 5061] getdents64(6, [pid 5059] <... futex resumed>) = 0 [pid 5073] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5059] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] <... futex resumed>) = 1 [pid 5063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5066] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] <... ioctl resumed>) = 0 [pid 5065] <... futex resumed>) = 0 [pid 5063] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5072] close(3 [pid 5065] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... close resumed>) = 0 [pid 5063] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 5065] <... futex resumed>) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5066] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5072] mkdir("./file1", 0777 [pid 5065] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] <... open resumed>) = 5 [pid 5072] <... mkdir resumed>) = 0 [pid 5072] mount("/dev/loop5", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5066] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [ 46.527986][ T5073] Remounting filesystem read-only [ 46.536132][ T5025] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer [ 46.541216][ T5072] loop5: detected capacity change from 0 to 4096 [ 46.546048][ T5025] NILFS (loop3): discard dirty page: offset=253952, ino=18 [ 46.559410][ T5061] NILFS error (device loop0): nilfs_readdir: zero-length directory entry [ 46.559670][ T5025] NILFS (loop3): discard dirty block: blocknr=0, size=4096 [pid 5063] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5063] <... futex resumed>) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5062] exit_group(0 [pid 5065] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] ftruncate(5, 33587195 [pid 5073] <... futex resumed>) = ? [pid 5065] <... futex resumed>) = 0 [pid 5062] <... exit_group resumed>) = ? [pid 5061] <... getdents64 resumed>0x9999999999999999, 41) = -1 EIO (Input/output error) [pid 5073] +++ exited with 0 +++ [pid 5061] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... write resumed>) = 2097152 [pid 5061] <... futex resumed>) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5061] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5059] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 5059] <... futex resumed>) = 0 [pid 5061] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] <... futex resumed>) = 0 [pid 5059] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5061] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] exit_group(0 [pid 5074] <... futex resumed>) = ? [pid 5061] <... futex resumed>) = ? [pid 5059] <... exit_group resumed>) = ? [pid 5076] munmap(0x7f0e6fc42000, 2097152 [pid 5074] +++ exited with 0 +++ [pid 5061] +++ exited with 0 +++ [pid 5059] +++ exited with 0 +++ [pid 5076] <... munmap resumed>) = 0 [pid 5076] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5076] ioctl(4, LOOP_SET_FD, 3 [pid 5066] <... ftruncate resumed>) = 0 [pid 5065] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] +++ exited with 0 +++ [pid 5062] +++ exited with 0 +++ [pid 5022] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5059, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5023] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5062, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5023] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5023] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5023] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5023] getdents64(3, 0x5555568c9730 /* 4 entries */, 32768) = 112 [pid 5023] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5023] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5076] <... ioctl resumed>) = 0 [pid 5023] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5076] close(3 [pid 5023] unlink("./1/binderfs" [pid 5076] <... close resumed>) = 0 [pid 5023] <... unlink resumed>) = 0 [pid 5076] mkdir("./file1", 0777 [pid 5023] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5076] <... mkdir resumed>) = 0 [pid 5076] mount("/dev/loop2", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [ 46.580861][ T5072] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 46.580867][ T5061] Remounting filesystem read-only [ 46.589215][ T5076] loop2: detected capacity change from 0 to 4096 [ 46.594952][ T5025] NILFS (loop3): discard dirty page: offset=8192, ino=6 [ 46.609364][ T5023] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer [ 46.609549][ T5025] NILFS (loop3): discard dirty block: blocknr=25, size=4096 [pid 5066] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5066] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5066] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5065] <... futex resumed>) = 0 [pid 5022] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 46.623078][ T5023] NILFS (loop1): discard dirty page: offset=8192, ino=6 [ 46.627097][ T5025] NILFS (loop3): discard dirty page: offset=0, ino=5 [ 46.632812][ T5076] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 46.649947][ T5025] NILFS (loop3): discard dirty block: blocknr=27, size=4096 [ 46.651144][ T5023] NILFS (loop1): discard dirty block: blocknr=25, size=4096 [ 46.658438][ T5025] NILFS (loop3): discard dirty page: offset=0, ino=3 [ 46.664975][ T5072] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 4096) [pid 5066] sendfile(4, 5, NULL, 281474978811909 [pid 5065] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5022] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5022] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5022] getdents64(3, 0x5555568c9730 /* 4 entries */, 32768) = 112 [pid 5022] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5022] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 46.672057][ T5025] NILFS (loop3): discard dirty block: blocknr=28, size=4096 [ 46.683949][ T5023] NILFS (loop1): discard dirty page: offset=0, ino=5 [ 46.695761][ T5076] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 4096) [ 46.708261][ T5023] NILFS (loop1): discard dirty block: blocknr=27, size=4096 [ 46.708906][ T5025] NILFS (loop3): discard dirty page: offset=4096, ino=3 [ 46.720093][ T5023] NILFS (loop1): discard dirty page: offset=0, ino=3 [pid 5022] unlink("./1/binderfs") = 0 [pid 5022] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5065] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0e6fe21000 [ 46.733789][ T5023] NILFS (loop1): discard dirty block: blocknr=28, size=4096 [ 46.733966][ T5022] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer [ 46.742136][ T5023] NILFS (loop1): discard dirty page: offset=4096, ino=3 [ 46.759654][ T5023] NILFS (loop1): discard dirty block: blocknr=29, size=4096 [ 46.762272][ T5025] NILFS (loop3): discard dirty block: blocknr=29, size=4096 [pid 5065] mprotect(0x7f0e6fe22000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5072] <... mount resumed>) = 0 [pid 5072] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5072] chdir("./file1") = 0 [pid 5072] ioctl(4, LOOP_CLR_FD) = 0 [pid 5072] close(4) = 0 [pid 5072] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] <... futex resumed>) = 0 [pid 5065] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5071] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5071] <... futex resumed>) = 1 [pid 5065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe41990, parent_tid=0x7f0e6fe41990, exit_signal=0, stack=0x7f0e6fe21000, stack_size=0x20300, tls=0x7f0e6fe416c0} [pid 5071] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... futex resumed>) = 0 [pid 5072] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5076] <... mount resumed>) = 0 [pid 5065] <... clone3 resumed> => {parent_tid=[5079]}, 88) = 5079 [pid 5076] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5065] rt_sigprocmask(SIG_SETMASK, [], [pid 5076] <... openat resumed>) = 3 [pid 5065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5076] chdir("./file1" [pid 5065] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... chdir resumed>) = 0 [pid 5065] <... futex resumed>) = 0 [pid 5065] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] ioctl(4, LOOP_CLR_FD) = 0 [pid 5076] close(4) = 0 [pid 5076] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5076] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5070] <... futex resumed>) = 0 [pid 5076] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5070] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5079 attached [pid 5079] rseq(0x7f0e6fe41fe0, 0x20, 0, 0x53053053) = 0 [pid 5079] set_robust_list(0x7f0e6fe419a0, 24) = 0 [pid 5079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 46.768101][ T5077] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 46.786310][ T5023] NILFS (loop1): discard dirty page: offset=270336, ino=3 [ 46.793135][ T5025] NILFS (loop3): discard dirty page: offset=270336, ino=3 [ 46.799541][ T5022] NILFS (loop0): discard dirty page: offset=8192, ino=6 [ 46.806315][ T5078] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5079] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 5079] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5079] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5065] <... futex resumed>) = 0 [pid 5065] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] lseek(6, 257, SEEK_SET) = 257 [pid 5079] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5079] getdents64(6, [pid 5065] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] <... sendfile resumed>) = 368640 [pid 5066] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] <... open resumed>) = 4 [pid 5072] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5072] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5071] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5071] <... futex resumed>) = 0 [pid 5072] <... open resumed>) = 5 [pid 5071] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5072] <... futex resumed>) = 0 [pid 5071] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] ftruncate(5, 33587195 [pid 5071] <... futex resumed>) = 0 [pid 5071] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... open resumed>) = 4 [pid 5076] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5076] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5070] <... futex resumed>) = 0 [pid 5076] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5070] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... open resumed>) = 5 [pid 5076] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5076] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5070] <... futex resumed>) = 0 [pid 5076] ftruncate(5, 33587195 [pid 5070] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... ftruncate resumed>) = 0 [pid 5076] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... ftruncate resumed>) = 0 [pid 5076] <... futex resumed>) = 1 [pid 5072] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... futex resumed>) = 0 [pid 5076] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] <... futex resumed>) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5070] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5072] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... futex resumed>) = 0 [pid 5076] sendfile(4, 5, NULL, 281474978811909 [pid 5072] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5071] <... futex resumed>) = 0 [pid 5070] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] sendfile(4, 5, NULL, 281474978811909 [pid 5071] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 46.828924][ T5023] NILFS (loop1): discard dirty block: blocknr=0, size=4096 [ 46.842160][ T5022] NILFS (loop0): discard dirty block: blocknr=25, size=4096 [ 46.849845][ T5079] NILFS error (device loop4): nilfs_readdir: zero-length directory entry [ 46.858776][ T5025] NILFS (loop3): discard dirty block: blocknr=0, size=4096 [pid 5065] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5065] <... futex resumed>) = 1 [pid 5025] <... umount2 resumed>) = 0 [pid 5023] <... umount2 resumed>) = 0 [pid 5066] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5065] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5023] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5070] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0e6fe21000 [pid 5070] mprotect(0x7f0e6fe22000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5070] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5070] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe41990, parent_tid=0x7f0e6fe41990, exit_signal=0, stack=0x7f0e6fe21000, stack_size=0x20300, tls=0x7f0e6fe416c0} => {parent_tid=[5080]}, 88) = 5080 [pid 5070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5070] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... getdents64 resumed>0x9999999999999999, 41) = -1 EIO (Input/output error) [pid 5079] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 5066] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5080 attached [pid 5066] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5023] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5071] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 46.904314][ T5022] NILFS (loop0): discard dirty page: offset=0, ino=5 [ 46.920758][ T5022] NILFS (loop0): discard dirty block: blocknr=27, size=4096 [ 46.928753][ T5022] NILFS (loop0): discard dirty page: offset=0, ino=3 [ 46.932688][ T5079] Remounting filesystem read-only [ 46.935950][ T5022] NILFS (loop0): discard dirty block: blocknr=28, size=4096 [pid 5080] rseq(0x7f0e6fe41fe0, 0x20, 0, 0x53053053 [pid 5071] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] exit_group(0 [pid 5025] newfstatat(AT_FDCWD, "./1/file1", [pid 5023] newfstatat(AT_FDCWD, "./1/file1", [pid 5080] <... rseq resumed>) = 0 [pid 5071] <... futex resumed>) = 0 [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5066] <... futex resumed>) = ? [pid 5065] <... exit_group resumed>) = ? [pid 5023] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5079] <... futex resumed>) = ? [pid 5079] +++ exited with 0 +++ [pid 5080] set_robust_list(0x7f0e6fe419a0, 24 [pid 5071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] +++ exited with 0 +++ [pid 5025] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5080] <... set_robust_list resumed>) = 0 [pid 5071] <... mmap resumed>) = 0x7f0e6fe21000 [pid 5065] +++ exited with 0 +++ [pid 5023] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5026] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5065, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5080] rt_sigprocmask(SIG_SETMASK, [], [pid 5071] mprotect(0x7f0e6fe22000, 131072, PROT_READ|PROT_WRITE [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5023] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5080] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5071] <... mprotect resumed>) = 0 [pid 5025] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5023] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5080] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5071] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5070] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5025] <... openat resumed>) = 4 [pid 5080] <... openat resumed>) = 6 [pid 5071] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5070] futex(0x7f0e7812e6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] newfstatat(4, "", [pid 5023] <... openat resumed>) = 4 [pid 5080] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe41990, parent_tid=0x7f0e6fe41990, exit_signal=0, stack=0x7f0e6fe21000, stack_size=0x20300, tls=0x7f0e6fe416c0} [pid 5070] <... futex resumed>) = 0 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5023] newfstatat(4, "", [pid 5080] <... futex resumed>) = 0 [pid 5070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5026] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5025] getdents64(4, [pid 5023] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 5081 attached [pid 5080] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] <... clone3 resumed> => {parent_tid=[5081]}, 88) = 5081 [pid 5070] <... mmap resumed>) = 0x7f0e6fe00000 [pid 5026] <... openat resumed>) = 3 [pid 5025] <... getdents64 resumed>0x5555568d1770 /* 2 entries */, 32768) = 48 [pid 5023] getdents64(4, [pid 5022] <... umount2 resumed>) = 0 [pid 5081] rseq(0x7f0e6fe41fe0, 0x20, 0, 0x53053053 [pid 5071] rt_sigprocmask(SIG_SETMASK, [], [pid 5070] mprotect(0x7f0e6fe01000, 131072, PROT_READ|PROT_WRITE [pid 5026] newfstatat(3, "", [pid 5025] getdents64(4, [pid 5023] <... getdents64 resumed>0x5555568d1770 /* 2 entries */, 32768) = 48 [pid 5022] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... rseq resumed>) = 0 [pid 5071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5025] <... getdents64 resumed>0x5555568d1770 /* 0 entries */, 32768) = 0 [pid 5023] getdents64(4, [pid 5081] set_robust_list(0x7f0e6fe419a0, 24 [pid 5071] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... mprotect resumed>) = 0 [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] close(4 [pid 5023] <... getdents64 resumed>0x5555568d1770 /* 0 entries */, 32768) = 0 [pid 5022] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] <... set_robust_list resumed>) = 0 [pid 5071] <... futex resumed>) = 0 [pid 5070] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5026] getdents64(3, [pid 5025] <... close resumed>) = 0 [pid 5023] close(4 [pid 5081] rt_sigprocmask(SIG_SETMASK, [], [pid 5071] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5026] <... getdents64 resumed>0x5555568c9730 /* 4 entries */, 32768) = 112 [pid 5025] rmdir("./1/file1" [pid 5023] <... close resumed>) = 0 [pid 5022] newfstatat(AT_FDCWD, "./1/file1", [pid 5081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5070] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe20990, parent_tid=0x7f0e6fe20990, exit_signal=0, stack=0x7f0e6fe00000, stack_size=0x20300, tls=0x7f0e6fe206c0} [pid 5026] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] <... rmdir resumed>) = 0 [pid 5023] rmdir("./1/file1" [pid 5022] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5081] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] getdents64(3, [pid 5023] <... rmdir resumed>) = 0 [pid 5022] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... openat resumed>) = 6 [pid 5070] <... clone3 resumed> => {parent_tid=[5082]}, 88) = 5082 [pid 5026] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5025] <... getdents64 resumed>0x5555568c9730 /* 0 entries */, 32768) = 0 [pid 5023] getdents64(3, [pid 5022] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] rt_sigprocmask(SIG_SETMASK, [], [pid 5026] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] close(3 [pid 5023] <... getdents64 resumed>0x5555568c9730 /* 0 entries */, 32768) = 0 [pid 5022] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5082 attached [pid 5081] <... futex resumed>) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5070] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5026] unlink("./1/binderfs" [pid 5025] <... close resumed>) = 0 [pid 5023] close(3 [pid 5022] <... openat resumed>) = 4 [pid 5082] rseq(0x7f0e6fe20fe0, 0x20, 0, 0x53053053 [pid 5081] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] futex(0x7f0e7812e6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] <... unlink resumed>) = 0 [pid 5025] rmdir("./1" [pid 5023] <... close resumed>) = 0 [ 46.948979][ T5022] NILFS (loop0): discard dirty page: offset=4096, ino=3 [ 46.956128][ T5022] NILFS (loop0): discard dirty block: blocknr=29, size=4096 [ 46.964442][ T5022] NILFS (loop0): discard dirty page: offset=270336, ino=3 [ 46.973533][ T5022] NILFS (loop0): discard dirty block: blocknr=0, size=4096 [pid 5022] newfstatat(4, "", [pid 5082] <... rseq resumed>) = 0 [pid 5081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5071] <... futex resumed>) = 0 [pid 5070] <... futex resumed>) = 0 [pid 5026] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] <... rmdir resumed>) = 0 [pid 5023] rmdir("./1" [pid 5022] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5082] set_robust_list(0x7f0e6fe209a0, 24 [pid 5081] lseek(6, 257, SEEK_SET [pid 5071] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] futex(0x7f0e7812e6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] mkdir("./2", 0777 [pid 5023] <... rmdir resumed>) = 0 [pid 5022] getdents64(4, [pid 5082] <... set_robust_list resumed>) = 0 [pid 5081] <... lseek resumed>) = 257 [pid 5025] <... mkdir resumed>) = 0 [pid 5023] mkdir("./2", 0777 [pid 5022] <... getdents64 resumed>0x5555568d1770 /* 2 entries */, 32768) = 48 [pid 5082] rt_sigprocmask(SIG_SETMASK, [], [pid 5081] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5023] <... mkdir resumed>) = 0 [pid 5022] getdents64(4, [pid 5082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5081] <... futex resumed>) = 1 [pid 5071] <... futex resumed>) = 0 [pid 5025] <... openat resumed>) = 3 [pid 5023] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5022] <... getdents64 resumed>0x5555568d1770 /* 0 entries */, 32768) = 0 [pid 5082] lseek(6, 257, SEEK_SET [pid 5081] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] ioctl(3, LOOP_CLR_FD [pid 5023] <... openat resumed>) = 3 [pid 5022] close(4 [pid 5082] <... lseek resumed>) = 257 [pid 5081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5071] <... futex resumed>) = 0 [pid 5025] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5023] ioctl(3, LOOP_CLR_FD [pid 5022] <... close resumed>) = 0 [pid 5082] futex(0x7f0e7812e6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] getdents64(6, [pid 5071] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] close(3 [pid 5023] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5022] rmdir("./1/file1" [pid 5082] <... futex resumed>) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5025] <... close resumed>) = 0 [pid 5023] close(3 [pid 5022] <... rmdir resumed>) = 0 [pid 5082] futex(0x7f0e7812e6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5023] <... close resumed>) = 0 [pid 5022] getdents64(3, [pid 5080] <... futex resumed>) = 0 [pid 5070] <... futex resumed>) = 1 [pid 5023] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5022] <... getdents64 resumed>0x5555568c9730 /* 0 entries */, 32768) = 0 [pid 5080] getdents64(6, [pid 5070] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5025] <... clone resumed>, child_tidptr=0x5555568c8690) = 5083 [pid 5022] close(3./strace-static-x86_64: Process 5083 attached [pid 5023] <... clone resumed>, child_tidptr=0x5555568c8690) = 5084 [pid 5022] <... close resumed>) = 0 [pid 5022] rmdir("./1") = 0 [pid 5022] mkdir("./2", 0777) = 0 [pid 5022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5022] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5022] close(3) = 0 [pid 5022] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] set_robust_list(0x5555568c86a0, 24 [pid 5022] <... clone resumed>, child_tidptr=0x5555568c8690) = 5085 [ 47.019566][ T5026] NILFS (loop4): disposed unprocessed dirty file(s) when stopping log writer [ 47.028728][ T5081] NILFS error (device loop5): nilfs_readdir: zero-length directory entry [ 47.030925][ T5026] NILFS (loop4): discard dirty page: offset=8192, ino=6 [ 47.046115][ T5026] NILFS (loop4): discard dirty block: blocknr=25, size=4096 [ 47.048521][ T5080] NILFS error (device loop2): nilfs_readdir: zero-length directory entry [ 47.055252][ T5026] NILFS (loop4): discard dirty page: offset=0, ino=5 ./strace-static-x86_64: Process 5084 attached [pid 5083] <... set_robust_list resumed>) = 0 [pid 5071] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5084] set_robust_list(0x5555568c86a0, 24 [pid 5071] futex(0x7f0e7812e6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... set_robust_list resumed>) = 0 [pid 5071] <... futex resumed>) = 0 [pid 5084] chdir("./2" [pid 5071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5084] <... chdir resumed>) = 0 [pid 5071] <... mmap resumed>) = 0x7f0e6fe00000 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5071] mprotect(0x7f0e6fe01000, 131072, PROT_READ|PROT_WRITE [pid 5084] <... prctl resumed>) = 0 [pid 5071] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 5085 attached [pid 5084] setpgid(0, 0 [pid 5071] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5085] set_robust_list(0x5555568c86a0, 24 [pid 5084] <... setpgid resumed>) = 0 [pid 5071] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5085] <... set_robust_list resumed>) = 0 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5071] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe20990, parent_tid=0x7f0e6fe20990, exit_signal=0, stack=0x7f0e6fe00000, stack_size=0x20300, tls=0x7f0e6fe206c0} [pid 5085] chdir("./2" [pid 5084] <... openat resumed>) = 3 [pid 5085] <... chdir resumed>) = 0 [pid 5084] write(3, "1000", 4 [pid 5071] <... clone3 resumed> => {parent_tid=[5086]}, 88) = 5086 [pid 5071] rt_sigprocmask(SIG_SETMASK, [], [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5084] <... write resumed>) = 4 [pid 5071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5085] <... prctl resumed>) = 0 [pid 5084] close(3 [pid 5083] chdir("./2" [pid 5071] futex(0x7f0e7812e6e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5086 attached [pid 5085] setpgid(0, 0 [pid 5084] <... close resumed>) = 0 [pid 5083] <... chdir resumed>) = 0 [pid 5071] <... futex resumed>) = 0 [pid 5086] rseq(0x7f0e6fe20fe0, 0x20, 0, 0x53053053 [pid 5085] <... setpgid resumed>) = 0 [pid 5084] symlink("/dev/binderfs", "./binderfs" [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5071] futex(0x7f0e7812e6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... rseq resumed>) = 0 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5084] <... symlink resumed>) = 0 [pid 5083] <... prctl resumed>) = 0 [pid 5081] <... getdents64 resumed>0x9999999999999999, 41) = -1 EIO (Input/output error) [pid 5072] <... sendfile resumed>) = 192512 [pid 5086] set_robust_list(0x7f0e6fe209a0, 24 [pid 5085] <... openat resumed>) = 3 [pid 5084] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] setpgid(0, 0 [pid 5081] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... set_robust_list resumed>) = 0 [pid 5085] write(3, "1000", 4 [pid 5084] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 0 [pid 5086] rt_sigprocmask(SIG_SETMASK, [], [pid 5085] <... write resumed>) = 4 [pid 5084] rt_sigaction(SIGRT_1, {sa_handler=0x7f0e780cc160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0e780bd310}, [pid 5083] <... setpgid resumed>) = 0 [pid 5081] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] <... futex resumed>) = 0 [pid 5086] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5085] close(3 [pid 5084] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5086] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5085] <... close resumed>) = 0 [pid 5084] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5086] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 5085] symlink("/dev/binderfs", "./binderfs" [pid 5084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5086] futex(0x7f0e7812e6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... symlink resumed>) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5070] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5072] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] <... futex resumed>) = 1 [pid 5085] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... mmap resumed>) = 0x7f0e78042000 [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5071] <... futex resumed>) = 0 [pid 5070] futex(0x7f0e7812e6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] futex(0x7f0e7812e6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] <... futex resumed>) = 0 [ 47.070904][ T5081] Remounting filesystem read-only [ 47.071421][ T5026] NILFS (loop4): discard dirty block: blocknr=27, size=4096 [ 47.095569][ T5080] Remounting filesystem read-only [ 47.096079][ T5026] NILFS (loop4): discard dirty page: offset=0, ino=3 [pid 5084] mprotect(0x7f0e78043000, 131072, PROT_READ|PROT_WRITE [pid 5083] <... openat resumed>) = 3 [pid 5082] <... futex resumed>) = 0 [pid 5071] exit_group(0 [pid 5070] <... futex resumed>) = 1 [pid 5086] <... futex resumed>) = ? [pid 5085] rt_sigaction(SIGRT_1, {sa_handler=0x7f0e780cc160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0e780bd310}, [pid 5084] <... mprotect resumed>) = 0 [pid 5083] write(3, "1000", 4 [pid 5082] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5081] <... futex resumed>) = ? [pid 5072] <... futex resumed>) = ? [pid 5071] <... exit_group resumed>) = ? [pid 5070] futex(0x7f0e7812e6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] +++ exited with 0 +++ [pid 5085] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5084] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5082] <... openat resumed>) = 7 [pid 5081] +++ exited with 0 +++ [pid 5085] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5084] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5082] futex(0x7f0e7812e6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... getdents64 resumed>0x9999999999999999, 41) = -1 EIO (Input/output error) [pid 5085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e78062990, parent_tid=0x7f0e78062990, exit_signal=0, stack=0x7f0e78042000, stack_size=0x20300, tls=0x7f0e780626c0} [pid 5082] <... futex resumed>) = 1 [pid 5080] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... futex resumed>) = 0 [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5082] futex(0x7f0e7812e6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] <... futex resumed>) = 0 [pid 5085] <... mmap resumed>) = 0x7f0e78042000 [pid 5084] <... clone3 resumed> => {parent_tid=[5087]}, 88) = 5087 [pid 5080] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] mprotect(0x7f0e78043000, 131072, PROT_READ|PROT_WRITE [pid 5084] rt_sigprocmask(SIG_SETMASK, [], [pid 5085] <... mprotect resumed>) = 0 [pid 5084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5085] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5084] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5084] <... futex resumed>) = 0 [pid 5076] <... sendfile resumed>) = 241664 [pid 5085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e78062990, parent_tid=0x7f0e78062990, exit_signal=0, stack=0x7f0e78042000, stack_size=0x20300, tls=0x7f0e780626c0} [pid 5084] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5083] <... write resumed>) = 4 [pid 5085] <... clone3 resumed> => {parent_tid=[5088]}, 88) = 5088 [pid 5085] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5085] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] +++ exited with 0 +++ [pid 5071] +++ exited with 0 +++ [pid 5085] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5083] close(3 [pid 5076] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] exit_group(0 [pid 5082] <... futex resumed>) = ? [pid 5080] <... futex resumed>) = ? [pid 5070] <... exit_group resumed>) = ? [pid 5082] +++ exited with 0 +++ [pid 5080] +++ exited with 0 +++ ./strace-static-x86_64: Process 5087 attached [pid 5087] rseq(0x7f0e78062fe0, 0x20, 0, 0x53053053) = 0 [pid 5087] set_robust_list(0x7f0e780629a0, 24) = 0 [pid 5087] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5087] memfd_create("syzkaller", 0) = 3 [pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5088 attached ) = 0x7f0e6fc42000 [pid 5088] rseq(0x7f0e78062fe0, 0x20, 0, 0x53053053) = 0 [pid 5088] set_robust_list(0x7f0e780629a0, 24) = 0 [pid 5088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5088] memfd_create("syzkaller", 0) = 3 [pid 5083] <... close resumed>) = 0 [pid 5076] <... futex resumed>) = ? [pid 5028] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5083] symlink("/dev/binderfs", "./binderfs" [pid 5076] +++ exited with 0 +++ [pid 5070] +++ exited with 0 +++ [pid 5028] restart_syscall(<... resuming interrupted clone ...> [pid 5088] <... mmap resumed>) = 0x7f0e6fc42000 [pid 5024] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5070, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5083] <... symlink resumed>) = 0 [pid 5028] <... restart_syscall resumed>) = 0 [pid 5024] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5028] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... futex resumed>) = 0 [pid 5024] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5028] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] rt_sigaction(SIGRT_1, {sa_handler=0x7f0e780cc160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0e780bd310}, [pid 5024] <... openat resumed>) = 3 [pid 5083] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5028] <... openat resumed>) = 3 [pid 5024] newfstatat(3, "", [pid 5083] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5028] newfstatat(3, "", [pid 5024] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5028] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5024] getdents64(3, [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5028] getdents64(3, [pid 5024] <... getdents64 resumed>0x5555568c9730 /* 4 entries */, 32768) = 112 [pid 5083] <... mmap resumed>) = 0x7f0e78042000 [pid 5028] <... getdents64 resumed>0x5555568c9730 /* 4 entries */, 32768) = 112 [pid 5024] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] mprotect(0x7f0e78043000, 131072, PROT_READ|PROT_WRITE [pid 5028] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5024] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... mprotect resumed>) = 0 [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5024] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5083] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5028] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5024] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5083] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5024] unlink("./1/binderfs" [pid 5083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e78062990, parent_tid=0x7f0e78062990, exit_signal=0, stack=0x7f0e78042000, stack_size=0x20300, tls=0x7f0e780626c0} [pid 5028] unlink("./1/binderfs" [pid 5024] <... unlink resumed>) = 0 [pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5028] <... unlink resumed>) = 0 [ 47.116136][ T5026] NILFS (loop4): discard dirty block: blocknr=28, size=4096 [ 47.126398][ T5026] NILFS (loop4): discard dirty page: offset=4096, ino=3 [ 47.136104][ T5026] NILFS (loop4): discard dirty block: blocknr=29, size=4096 [ 47.143733][ T5026] NILFS (loop4): discard dirty page: offset=270336, ino=3 [ 47.153535][ T5026] NILFS (loop4): discard dirty block: blocknr=0, size=4096 [pid 5024] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5089 attached [pid 5083] <... clone3 resumed> => {parent_tid=[5089]}, 88) = 5089 [pid 5028] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5026] <... umount2 resumed>) = 0 [pid 5083] rt_sigprocmask(SIG_SETMASK, [], [pid 5026] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] rseq(0x7f0e78062fe0, 0x20, 0, 0x53053053 [pid 5083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5089] <... rseq resumed>) = 0 [pid 5083] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... futex resumed>) = 0 [pid 5026] newfstatat(AT_FDCWD, "./1/file1", [pid 5089] set_robust_list(0x7f0e780629a0, 24 [pid 5083] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5088] <... write resumed>) = 2097152 [pid 5088] munmap(0x7f0e6fc42000, 2097152) = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5089] <... set_robust_list resumed>) = 0 [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5089] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5089] memfd_create("syzkaller", 0) = 3 [pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5088] <... openat resumed>) = 4 [pid 5089] <... mmap resumed>) = 0x7f0e6fc42000 [ 47.183506][ T5024] NILFS (loop2): discard dirty page: offset=8192, ino=6 [ 47.192499][ T5028] NILFS (loop5): disposed unprocessed dirty file(s) when stopping log writer [ 47.197626][ T5024] NILFS (loop2): discard dirty block: blocknr=25, size=4096 [ 47.208975][ T5028] NILFS (loop5): discard dirty page: offset=192512, ino=18 [ 47.216579][ T5028] NILFS (loop5): discard dirty block: blocknr=0, size=4096 [ 47.225959][ T5088] loop0: detected capacity change from 0 to 4096 [pid 5088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5088] close(3) = 0 [pid 5088] mkdir("./file1", 0777) = 0 [pid 5088] mount("/dev/loop0", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5087] <... write resumed>) = 2097152 [ 47.233525][ T5024] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer [ 47.233916][ T5028] NILFS (loop5): discard dirty page: offset=8192, ino=6 [ 47.245985][ T5088] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 47.254998][ T5028] NILFS (loop5): discard dirty block: blocknr=25, size=4096 [ 47.260746][ T5024] ================================================================== [ 47.274566][ T5024] BUG: KASAN: slab-use-after-free in nilfs_load_inode_block+0x2c1/0x300 [ 47.276684][ T5028] NILFS (loop5): discard dirty page: offset=0, ino=5 [ 47.282895][ T5024] Read of size 8 at addr ffff888021c2c430 by task syz-executor105/5024 [ 47.289595][ T5028] NILFS (loop5): discard dirty block: blocknr=27, size=4096 [ 47.297743][ T5024] [ 47.297747][ T5024] CPU: 0 PID: 5024 Comm: syz-executor105 Not tainted 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0 [ 47.297769][ T5024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 47.297780][ T5024] Call Trace: [ 47.297784][ T5024] [ 47.297790][ T5024] dump_stack_lvl+0xd9/0x1b0 [ 47.305364][ T5028] NILFS (loop5): discard dirty page: offset=0, ino=3 [ 47.307356][ T5024] print_report+0xc4/0x620 [ 47.307385][ T5024] ? __virt_addr_valid+0x5e/0x2d0 [ 47.307408][ T5024] ? __phys_addr+0xc6/0x140 [ 47.359095][ T5024] kasan_report+0xda/0x110 [ 47.363503][ T5024] ? nilfs_load_inode_block+0x2c1/0x300 [ 47.369230][ T5024] ? nilfs_load_inode_block+0x2c1/0x300 [ 47.374765][ T5024] nilfs_load_inode_block+0x2c1/0x300 [ 47.380214][ T5024] __nilfs_mark_inode_dirty+0x80/0x240 [ 47.385747][ T5024] ? nilfs_dirty_folio+0x4c0/0x4c0 [ 47.390846][ T5024] ? nilfs_transaction_begin+0x3fe/0xa40 [ 47.396573][ T5024] nilfs_dirty_inode+0x1ab/0x270 [ 47.401498][ T5024] ? nilfs_evict_inode+0x550/0x550 [ 47.406595][ T5024] ? reacquire_held_locks+0x4b0/0x4b0 [ 47.411963][ T5024] ? find_held_lock+0x2d/0x110 [ 47.416729][ T5024] ? nilfs_evict_inode+0x550/0x550 [ 47.421828][ T5024] __mark_inode_dirty+0x1e0/0xd50 [ 47.426844][ T5024] iput.part.0+0x5b/0x7a0 [ 47.431166][ T5024] iput+0x5c/0x80 [ 47.434799][ T5024] nilfs_dispose_list+0x49b/0x6e0 [ 47.440003][ T5024] ? nilfs_segctor_apply_buffers+0x470/0x470 [ 47.445975][ T5024] ? up_write+0x1b3/0x510 [ 47.450288][ T5024] nilfs_detach_log_writer+0x77c/0xa60 [ 47.455745][ T5024] ? nilfs_clean_segments+0xac0/0xac0 [ 47.461104][ T5024] ? find_rule+0x370/0x370 [ 47.465516][ T5024] ? prepare_to_swait_exclusive+0x240/0x240 [ 47.471400][ T5024] ? dispose_list+0x1e0/0x1e0 [ 47.476064][ T5024] nilfs_put_super+0x43/0x1b0 [ 47.480731][ T5024] ? nilfs_freeze+0xc0/0xc0 [ 47.485221][ T5024] generic_shutdown_super+0x158/0x480 [ 47.490578][ T5024] kill_block_super+0x64/0xb0 [ 47.495238][ T5024] deactivate_locked_super+0x9a/0x170 [ 47.500596][ T5024] deactivate_super+0xde/0x100 [ 47.505348][ T5024] cleanup_mnt+0x222/0x3d0 [ 47.509760][ T5024] task_work_run+0x14d/0x240 [ 47.514340][ T5024] ? task_work_cancel+0x30/0x30 [ 47.519270][ T5024] ptrace_notify+0x10c/0x130 [ 47.523845][ T5024] syscall_exit_to_user_mode_prepare+0x120/0x220 [ 47.530168][ T5024] syscall_exit_to_user_mode+0xd/0x50 [ 47.535528][ T5024] do_syscall_64+0x44/0xb0 [ 47.539936][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 47.545815][ T5024] RIP: 0033:0x7f0e780a6fa7 [ 47.550214][ T5024] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 47.569978][ T5024] RSP: 002b:00007ffc0ea1c078 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 47.578463][ T5024] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0e780a6fa7 [ 47.586417][ T5024] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffc0ea1c130 [ 47.594367][ T5024] RBP: 00007ffc0ea1c130 R08: 0000000000000000 R09: 0000000000000000 [ 47.602318][ T5024] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc0ea1d1f0 [ 47.610272][ T5024] R13: 00005555568c9700 R14: 431bde82d7b634db R15: 00007ffc0ea1d194 [ 47.618336][ T5024] [ 47.621338][ T5024] [ 47.623642][ T5024] Allocated by task 5076: [ 47.627948][ T5024] kasan_save_stack+0x33/0x50 [ 47.632615][ T5024] kasan_set_track+0x25/0x30 [ 47.637280][ T5024] __kasan_kmalloc+0xa2/0xb0 [ 47.641859][ T5024] nilfs_find_or_create_root+0x88/0x4c0 [ 47.647391][ T5024] nilfs_attach_checkpoint+0xd8/0x4e0 [ 47.652750][ T5024] nilfs_mount+0xafd/0x1120 [ 47.657236][ T5024] legacy_get_tree+0x109/0x220 [ 47.661991][ T5024] vfs_get_tree+0x88/0x350 [ 47.666407][ T5024] path_mount+0x1492/0x1ed0 [ 47.670897][ T5024] __x64_sys_mount+0x293/0x310 [ 47.675642][ T5024] do_syscall_64+0x38/0xb0 [ 47.680043][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 47.685920][ T5024] [ 47.688224][ T5024] Freed by task 5024: [ 47.692183][ T5024] kasan_save_stack+0x33/0x50 [ 47.696849][ T5024] kasan_set_track+0x25/0x30 [ 47.701424][ T5024] kasan_save_free_info+0x2b/0x40 [ 47.706456][ T5024] ____kasan_slab_free+0x15e/0x1b0 [ 47.711557][ T5024] slab_free_freelist_hook+0x10b/0x1e0 [ 47.716999][ T5024] __kmem_cache_free+0xb8/0x2f0 [ 47.721834][ T5024] nilfs_put_root+0xb6/0xe0 [ 47.726320][ T5024] nilfs_detach_log_writer+0x5e0/0xa60 [ 47.731766][ T5024] nilfs_put_super+0x43/0x1b0 [ 47.736430][ T5024] generic_shutdown_super+0x158/0x480 [ 47.741788][ T5024] kill_block_super+0x64/0xb0 [ 47.746446][ T5024] deactivate_locked_super+0x9a/0x170 [ 47.751801][ T5024] deactivate_super+0xde/0x100 [ 47.756635][ T5024] cleanup_mnt+0x222/0x3d0 [ 47.761043][ T5024] task_work_run+0x14d/0x240 [ 47.765624][ T5024] ptrace_notify+0x10c/0x130 [ 47.770196][ T5024] syscall_exit_to_user_mode_prepare+0x120/0x220 [ 47.776516][ T5024] syscall_exit_to_user_mode+0xd/0x50 [ 47.781884][ T5024] do_syscall_64+0x44/0xb0 [ 47.786282][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 47.792158][ T5024] [ 47.794466][ T5024] The buggy address belongs to the object at ffff888021c2c400 [ 47.794466][ T5024] which belongs to the cache kmalloc-256 of size 256 [ 47.808505][ T5024] The buggy address is located 48 bytes inside of [ 47.808505][ T5024] freed 256-byte region [ffff888021c2c400, ffff888021c2c500) [ 47.822193][ T5024] [ 47.824499][ T5024] The buggy address belongs to the physical page: [ 47.830887][ T5024] page:ffffea0000870b00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21c2c [ 47.841019][ T5024] head:ffffea0000870b00 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 47.849933][ T5024] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 47.857893][ T5024] page_type: 0xffffffff() [ 47.862224][ T5024] raw: 00fff00000010200 ffff888012841b40 dead000000000122 0000000000000000 [ 47.870792][ T5024] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 47.879355][ T5024] page dumped because: kasan: bad access detected [ 47.885746][ T5024] page_owner tracks the page as allocated [ 47.891438][ T5024] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5076, tgid 5070 (syz-executor105), ts 46732362464, free_ts 46524357816 [ 47.912346][ T5024] post_alloc_hook+0x2d2/0x350 [ 47.917190][ T5024] get_page_from_freelist+0x10a9/0x31e0 [ 47.922723][ T5024] __alloc_pages+0x1d0/0x4a0 [ 47.927311][ T5024] alloc_pages+0x1a9/0x270 [ 47.931714][ T5024] allocate_slab+0x24e/0x380 [ 47.936297][ T5024] ___slab_alloc+0x8bc/0x1570 [ 47.940961][ T5024] __slab_alloc.constprop.0+0x56/0xa0 [ 47.946334][ T5024] __kmem_cache_alloc_node+0x137/0x350 [ 47.951778][ T5024] __kmalloc+0x4c/0x100 [ 47.955922][ T5024] nilfs_mdt_init+0x2f/0x1e0 [ 47.960497][ T5024] nilfs_sufile_read+0x19e/0x5a0 [ 47.965422][ T5024] load_nilfs+0x669/0x12d0 [ 47.969822][ T5024] nilfs_mount+0xa8c/0x1120 [ 47.974323][ T5024] legacy_get_tree+0x109/0x220 [ 47.979161][ T5024] vfs_get_tree+0x88/0x350 [ 47.983565][ T5024] path_mount+0x1492/0x1ed0 [ 47.988050][ T5024] page last free stack trace: [ 47.992702][ T5024] free_unref_page_prepare+0x508/0xb90 [ 47.998153][ T5024] free_unref_page+0x33/0x3b0 [ 48.002818][ T5024] qlist_free_all+0x6a/0x170 [ 48.007399][ T5024] kasan_quarantine_reduce+0x18b/0x1d0 [ 48.012841][ T5024] __kasan_slab_alloc+0x65/0x90 [ 48.017773][ T5024] kmem_cache_alloc+0x172/0x3b0 [ 48.022642][ T5024] nilfs_btree_alloc_path+0x3b/0x180 [ 48.027914][ T5024] nilfs_btree_assign+0x84/0xe30 [ 48.032843][ T5024] nilfs_bmap_assign+0x87/0x180 [ 48.037766][ T5024] nilfs_segctor_do_construct+0x195f/0x8bf0 [ 48.043647][ T5024] nilfs_construct_dsync_segment+0x455/0x560 [ 48.049614][ T5024] nilfs_sync_file+0x1d4/0x2e0 [ 48.054362][ T5024] vfs_fsync_range+0x141/0x220 [ 48.059132][ T5024] generic_file_write_iter+0x2a8/0x350 [ 48.064576][ T5024] do_iter_readv_writev+0x21e/0x3c0 [ 48.069763][ T5024] do_iter_write+0x17f/0x830 [ 48.074342][ T5024] [ 48.076652][ T5024] Memory state around the buggy address: [pid 5026] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] <... write resumed>) = 2097152 [ 48.082278][ T5024] ffff888021c2c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.090320][ T5024] ffff888021c2c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.098361][ T5024] >ffff888021c2c400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.106400][ T5024] ^ [ 48.112009][ T5024] ffff888021c2c480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.120052][ T5024] ffff888021c2c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.128094][ T5024] ================================================================== [pid 5087] munmap(0x7f0e6fc42000, 2097152 [pid 5026] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5089] munmap(0x7f0e6fc42000, 2097152 [pid 5087] <... munmap resumed>) = 0 [pid 5026] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5089] <... munmap resumed>) = 0 [pid 5087] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5026] <... openat resumed>) = 4 [pid 5089] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5087] <... openat resumed>) = 4 [pid 5026] newfstatat(4, "", [pid 5089] <... openat resumed>) = 4 [pid 5087] ioctl(4, LOOP_SET_FD, 3 [pid 5026] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5089] ioctl(4, LOOP_SET_FD, 3 [pid 5026] getdents64(4, 0x5555568d1770 /* 2 entries */, 32768) = 48 [pid 5026] getdents64(4, 0x5555568d1770 /* 0 entries */, 32768) = 0 [pid 5026] close(4 [pid 5089] <... ioctl resumed>) = 0 [pid 5026] <... close resumed>) = 0 [pid 5089] close(3 [pid 5026] rmdir("./1/file1" [pid 5089] <... close resumed>) = 0 [pid 5026] <... rmdir resumed>) = 0 [pid 5089] mkdir("./file1", 0777 [pid 5026] getdents64(3, [pid 5089] <... mkdir resumed>) = 0 [pid 5026] <... getdents64 resumed>0x5555568c9730 /* 0 entries */, 32768) = 0 [pid 5089] mount("/dev/loop3", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5026] close(3) = 0 [pid 5026] rmdir("./1") = 0 [pid 5026] mkdir("./2", 0777) = 0 [pid 5026] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5026] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5026] close(3) = 0 [pid 5026] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568c8690) = 5090 [pid 5087] <... ioctl resumed>) = 0 [pid 5087] close(3) = 0 [pid 5087] mkdir("./file1", 0777) = 0 [ 48.137950][ T5028] NILFS (loop5): discard dirty block: blocknr=28, size=4096 [ 48.141683][ T5087] loop1: detected capacity change from 0 to 4096 [ 48.146011][ T5028] NILFS (loop5): discard dirty page: offset=4096, ino=3 [ 48.152535][ T5089] loop3: detected capacity change from 0 to 4096 [ 48.159308][ T5028] NILFS (loop5): discard dirty block: blocknr=29, size=4096 [ 48.178435][ T5087] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [pid 5087] mount("/dev/loop1", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, ""./strace-static-x86_64: Process 5090 attached [pid 5090] set_robust_list(0x5555568c86a0, 24) = 0 [pid 5090] chdir("./2") = 0 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5090] setpgid(0, 0) = 0 [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [pid 5090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5090] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] rt_sigaction(SIGRT_1, {sa_handler=0x7f0e780cc160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0e780bd310}, NULL, 8) = 0 [pid 5090] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0e78042000 [pid 5090] mprotect(0x7f0e78043000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 48.186530][ T5089] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 48.198331][ T5088] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 4096) [ 48.204088][ T5028] NILFS (loop5): discard dirty page: offset=270336, ino=3 [ 48.209379][ T5024] Disabling lock debugging due to kernel taint [ 48.221758][ T5089] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 4096) [pid 5090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e78062990, parent_tid=0x7f0e78062990, exit_signal=0, stack=0x7f0e78042000, stack_size=0x20300, tls=0x7f0e780626c0} => {parent_tid=[5091]}, 88) = 5091 [pid 5090] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5090] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5091 attached [pid 5091] rseq(0x7f0e78062fe0, 0x20, 0, 0x53053053) = 0 [pid 5091] set_robust_list(0x7f0e780629a0, 24) = 0 [pid 5091] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5091] memfd_create("syzkaller", 0) = 3 [pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e6fc42000 [ 48.222395][ T5087] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 4096) [ 48.244499][ T5092] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 48.248749][ T5028] NILFS (loop5): discard dirty block: blocknr=0, size=4096 [ 48.255937][ T5024] ================================================================== [ 48.270231][ T5024] BUG: KASAN: slab-use-after-free in nilfs_ifile_get_inode_block+0x180/0x190 [ 48.279070][ T5024] Read of size 8 at addr ffff888075798e50 by task syz-executor105/5024 [ 48.287287][ T5024] [ 48.289591][ T5024] CPU: 1 PID: 5024 Comm: syz-executor105 Tainted: G B 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0 [ 48.301559][ T5024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 48.311599][ T5024] Call Trace: [ 48.314872][ T5024] [ 48.317787][ T5024] dump_stack_lvl+0xd9/0x1b0 [ 48.322368][ T5024] print_report+0xc4/0x620 [ 48.326772][ T5024] ? __virt_addr_valid+0x5e/0x2d0 [ 48.331783][ T5024] ? __phys_addr+0xc6/0x140 [ 48.336276][ T5024] kasan_report+0xda/0x110 [ 48.340683][ T5024] ? nilfs_ifile_get_inode_block+0x180/0x190 [ 48.346655][ T5024] ? nilfs_ifile_get_inode_block+0x180/0x190 [ 48.352729][ T5024] nilfs_ifile_get_inode_block+0x180/0x190 [ 48.358525][ T5024] nilfs_load_inode_block+0x179/0x300 [ 48.363885][ T5024] __nilfs_mark_inode_dirty+0x80/0x240 [ 48.369329][ T5024] ? nilfs_dirty_folio+0x4c0/0x4c0 [ 48.374425][ T5024] ? nilfs_transaction_begin+0x3fe/0xa40 [ 48.380051][ T5024] nilfs_dirty_inode+0x1ab/0x270 [ 48.384978][ T5024] ? nilfs_evict_inode+0x550/0x550 [ 48.390077][ T5024] ? reacquire_held_locks+0x4b0/0x4b0 [ 48.395436][ T5024] ? find_held_lock+0x2d/0x110 [ 48.400274][ T5024] ? nilfs_evict_inode+0x550/0x550 [ 48.405366][ T5024] __mark_inode_dirty+0x1e0/0xd50 [ 48.410382][ T5024] iput.part.0+0x5b/0x7a0 [ 48.414698][ T5024] iput+0x5c/0x80 [ 48.418323][ T5024] nilfs_dispose_list+0x49b/0x6e0 [ 48.423352][ T5024] ? nilfs_segctor_apply_buffers+0x470/0x470 [ 48.429321][ T5024] ? up_write+0x1b3/0x510 [ 48.433637][ T5024] nilfs_detach_log_writer+0x77c/0xa60 [ 48.439171][ T5024] ? nilfs_clean_segments+0xac0/0xac0 [ 48.444530][ T5024] ? find_rule+0x370/0x370 [ 48.448939][ T5024] ? prepare_to_swait_exclusive+0x240/0x240 [ 48.454908][ T5024] ? dispose_list+0x1e0/0x1e0 [ 48.459576][ T5024] nilfs_put_super+0x43/0x1b0 [ 48.464237][ T5024] ? nilfs_freeze+0xc0/0xc0 [ 48.468723][ T5024] generic_shutdown_super+0x158/0x480 [ 48.474084][ T5024] kill_block_super+0x64/0xb0 [ 48.478742][ T5024] deactivate_locked_super+0x9a/0x170 [ 48.484099][ T5024] deactivate_super+0xde/0x100 [ 48.488846][ T5024] cleanup_mnt+0x222/0x3d0 [ 48.493252][ T5024] task_work_run+0x14d/0x240 [ 48.497835][ T5024] ? task_work_cancel+0x30/0x30 [ 48.502677][ T5024] ptrace_notify+0x10c/0x130 [ 48.507254][ T5024] syscall_exit_to_user_mode_prepare+0x120/0x220 [ 48.513575][ T5024] syscall_exit_to_user_mode+0xd/0x50 [ 48.519026][ T5024] do_syscall_64+0x44/0xb0 [ 48.523429][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 48.529334][ T5024] RIP: 0033:0x7f0e780a6fa7 [ 48.533743][ T5024] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 48.553348][ T5024] RSP: 002b:00007ffc0ea1c078 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 48.561752][ T5024] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0e780a6fa7 [ 48.569712][ T5024] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffc0ea1c130 [ 48.577668][ T5024] RBP: 00007ffc0ea1c130 R08: 0000000000000000 R09: 0000000000000000 [ 48.585626][ T5024] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc0ea1d1f0 [ 48.593581][ T5024] R13: 00005555568c9700 R14: 431bde82d7b634db R15: 00007ffc0ea1d194 [ 48.601632][ T5024] [ 48.604646][ T5024] [ 48.606951][ T5024] Allocated by task 5076: [ 48.611268][ T5024] kasan_save_stack+0x33/0x50 [ 48.615939][ T5024] kasan_set_track+0x25/0x30 [ 48.620518][ T5024] __kasan_slab_alloc+0x81/0x90 [ 48.625362][ T5024] kmem_cache_alloc_lru+0x21a/0x630 [ 48.630575][ T5024] nilfs_alloc_inode+0x26/0x150 [ 48.635416][ T5024] alloc_inode+0x5d/0x220 [ 48.639738][ T5024] iget5_locked+0x63/0xe0 [ 48.644056][ T5024] nilfs_iget_locked+0xa1/0xd0 [ 48.648820][ T5024] nilfs_ifile_read+0x30/0x1b0 [ 48.653571][ T5024] nilfs_attach_checkpoint+0x26c/0x4e0 [ 48.659020][ T5024] nilfs_mount+0xafd/0x1120 [ 48.663512][ T5024] legacy_get_tree+0x109/0x220 [ 48.668272][ T5024] vfs_get_tree+0x88/0x350 [ 48.672673][ T5024] path_mount+0x1492/0x1ed0 [ 48.677164][ T5024] __x64_sys_mount+0x293/0x310 [ 48.682084][ T5024] do_syscall_64+0x38/0xb0 [ 48.686534][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 48.692415][ T5024] [ 48.694720][ T5024] Freed by task 4668: [ 48.698766][ T5024] kasan_save_stack+0x33/0x50 [ 48.703434][ T5024] kasan_set_track+0x25/0x30 [ 48.708010][ T5024] kasan_save_free_info+0x2b/0x40 [ 48.713023][ T5024] ____kasan_slab_free+0x15e/0x1b0 [ 48.718210][ T5024] slab_free_freelist_hook+0x10b/0x1e0 [ 48.723658][ T5024] kmem_cache_free+0xf0/0x490 [ 48.728324][ T5024] i_callback+0x43/0x70 [ 48.732463][ T5024] rcu_core+0x7fb/0x1bb0 [ 48.736693][ T5024] __do_softirq+0x218/0x965 [ 48.741273][ T5024] [ 48.743593][ T5024] Last potentially related work creation: [ 48.749288][ T5024] kasan_save_stack+0x33/0x50 [ 48.753954][ T5024] __kasan_record_aux_stack+0xbc/0xd0 [ 48.759318][ T5024] __call_rcu_common.constprop.0+0x9a/0x790 [ 48.765203][ T5024] destroy_inode+0x129/0x1b0 [ 48.769779][ T5024] iput.part.0+0x55e/0x7a0 [ 48.774179][ T5024] iput+0x5c/0x80 [ 48.777798][ T5024] nilfs_put_root+0xae/0xe0 [ 48.782283][ T5024] nilfs_detach_log_writer+0x5e0/0xa60 [ 48.787728][ T5024] nilfs_put_super+0x43/0x1b0 [ 48.792410][ T5024] generic_shutdown_super+0x158/0x480 [ 48.797872][ T5024] kill_block_super+0x64/0xb0 [ 48.802534][ T5024] deactivate_locked_super+0x9a/0x170 [ 48.807888][ T5024] deactivate_super+0xde/0x100 [ 48.812645][ T5024] cleanup_mnt+0x222/0x3d0 [ 48.817056][ T5024] task_work_run+0x14d/0x240 [ 48.821654][ T5024] ptrace_notify+0x10c/0x130 [ 48.826225][ T5024] syscall_exit_to_user_mode_prepare+0x120/0x220 [ 48.832551][ T5024] syscall_exit_to_user_mode+0xd/0x50 [ 48.837909][ T5024] do_syscall_64+0x44/0xb0 [ 48.842304][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 48.848198][ T5024] [ 48.850503][ T5024] The buggy address belongs to the object at ffff888075798cd0 [ 48.850503][ T5024] which belongs to the cache nilfs2_inode_cache of size 1512 [ 48.865325][ T5024] The buggy address is located 384 bytes inside of [ 48.865325][ T5024] freed 1512-byte region [ffff888075798cd0, ffff8880757992b8) [ 48.879193][ T5024] [ 48.881502][ T5024] The buggy address belongs to the physical page: [ 48.887895][ T5024] page:ffffea0001d5e600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75798 [ 48.898115][ T5024] head:ffffea0001d5e600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 48.907033][ T5024] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 48.915096][ T5024] page_type: 0xffffffff() [ 48.919415][ T5024] raw: 00fff00000010200 ffff888142283140 dead000000000122 0000000000000000 [ 48.927983][ T5024] raw: 0000000000000000 0000000000130013 00000001ffffffff 0000000000000000 [ 48.936558][ T5024] page dumped because: kasan: bad access detected [ 48.942954][ T5024] page_owner tracks the page as allocated [ 48.948651][ T5024] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 5076, tgid 5070 (syz-executor105), ts 46732329284, free_ts 10351707866 [ 48.971224][ T5024] post_alloc_hook+0x2d2/0x350 [ 48.976074][ T5024] get_page_from_freelist+0x10a9/0x31e0 [ 48.981638][ T5024] __alloc_pages+0x1d0/0x4a0 [ 48.986219][ T5024] alloc_pages+0x1a9/0x270 [ 48.990625][ T5024] allocate_slab+0x24e/0x380 [ 48.995199][ T5024] ___slab_alloc+0x8bc/0x1570 [ 48.999862][ T5024] __slab_alloc.constprop.0+0x56/0xa0 [ 49.005241][ T5024] kmem_cache_alloc_lru+0x4e4/0x630 [ 49.010451][ T5024] nilfs_alloc_inode+0x26/0x150 [ 49.015338][ T5024] alloc_inode+0x5d/0x220 [ 49.019655][ T5024] iget5_locked+0x63/0xe0 [ 49.023976][ T5024] nilfs_iget_locked+0xa1/0xd0 [ 49.028731][ T5024] nilfs_sufile_read+0xd6/0x5a0 [ 49.033575][ T5024] load_nilfs+0x669/0x12d0 [ 49.038060][ T5024] nilfs_mount+0xa8c/0x1120 [ 49.042551][ T5024] legacy_get_tree+0x109/0x220 [ 49.047332][ T5024] page last free stack trace: [ 49.051982][ T5024] free_unref_page_prepare+0x508/0xb90 [ 49.057517][ T5024] free_unref_page+0x33/0x3b0 [ 49.062192][ T5024] free_contig_range+0xb6/0x190 [ 49.067035][ T5024] destroy_args+0x686/0x940 [ 49.071527][ T5024] debug_vm_pgtable+0x2339/0x3ff0 [ 49.076548][ T5024] do_one_initcall+0x117/0x630 [ 49.081301][ T5024] kernel_init_freeable+0x5bd/0x8f0 [ 49.086489][ T5024] kernel_init+0x1c/0x2a0 [ 49.090806][ T5024] ret_from_fork+0x2c/0x70 [ 49.095206][ T5024] ret_from_fork_asm+0x11/0x20 [ 49.099961][ T5024] [ 49.102287][ T5024] Memory state around the buggy address: [ 49.107897][ T5024] ffff888075798d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 49.115939][ T5024] ffff888075798d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 49.124002][ T5024] >ffff888075798e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 49.132046][ T5024] ^ [pid 5088] <... mount resumed>) = 0 [pid 5088] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5088] chdir("./file1") = 0 [pid 5088] ioctl(4, LOOP_CLR_FD) = 0 [pid 5088] close(4) = 0 [pid 5088] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 0 [pid 5085] <... futex resumed>) = 1 [pid 5088] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5085] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 49.138701][ T5024] ffff888075798e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 49.146747][ T5024] ffff888075798f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 49.154790][ T5024] ================================================================== [pid 5091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5088] <... open resumed>) = 4 [pid 5088] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5088] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5087] <... mount resumed>) = 0 [pid 5085] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... open resumed>) = 5 [pid 5087] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5088] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... openat resumed>) = 3 [pid 5088] <... futex resumed>) = 1 [pid 5087] chdir("./file1" [pid 5085] <... futex resumed>) = 0 [pid 5088] ftruncate(5, 33587195 [pid 5087] <... chdir resumed>) = 0 [pid 5085] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] ioctl(4, LOOP_CLR_FD [pid 5085] <... futex resumed>) = 0 [pid 5088] <... ftruncate resumed>) = 0 [pid 5087] <... ioctl resumed>) = 0 [pid 5085] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] close(4 [pid 5088] <... futex resumed>) = 1 [pid 5087] <... close resumed>) = 0 [pid 5085] <... futex resumed>) = 0 [pid 5088] sendfile(4, 5, NULL, 281474978811909 [pid 5087] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 49.189193][ T5093] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 49.205291][ T5094] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 49.215998][ T5024] ================================================================== [ 49.222023][ T5091] loop4: detected capacity change from 0 to 4096 [ 49.224322][ T5024] BUG: KASAN: slab-use-after-free in nilfs_palloc_get_entry_block+0x193/0x1b0 [ 49.239588][ T5024] Read of size 8 at addr ffff8880757992b0 by task syz-executor105/5024 [ 49.247827][ T5024] [ 49.250156][ T5024] CPU: 0 PID: 5024 Comm: syz-executor105 Tainted: G B 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0 [ 49.262065][ T5024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 49.272140][ T5024] Call Trace: [ 49.275415][ T5024] [ 49.278343][ T5024] dump_stack_lvl+0xd9/0x1b0 [ 49.282936][ T5024] print_report+0xc4/0x620 [ 49.283801][ T5096] loop5: detected capacity change from 0 to 4096 [ 49.287346][ T5024] ? __virt_addr_valid+0x5e/0x2d0 [ 49.287371][ T5024] ? __phys_addr+0xc6/0x140 [ 49.287393][ T5024] kasan_report+0xda/0x110 [ 49.307591][ T5024] ? nilfs_palloc_get_entry_block+0x193/0x1b0 [ 49.313655][ T5024] ? nilfs_palloc_get_entry_block+0x193/0x1b0 [ 49.319712][ T5024] nilfs_palloc_get_entry_block+0x193/0x1b0 [ 49.325597][ T5024] nilfs_ifile_get_inode_block+0xc5/0x190 [ 49.331311][ T5024] nilfs_load_inode_block+0x179/0x300 [ 49.336758][ T5024] __nilfs_mark_inode_dirty+0x80/0x240 [ 49.342206][ T5024] ? nilfs_dirty_folio+0x4c0/0x4c0 [ 49.347311][ T5024] ? nilfs_transaction_begin+0x3fe/0xa40 [ 49.352933][ T5024] nilfs_dirty_inode+0x1ab/0x270 [ 49.357944][ T5024] ? nilfs_evict_inode+0x550/0x550 [ 49.363042][ T5024] ? reacquire_held_locks+0x4b0/0x4b0 [ 49.368411][ T5024] ? find_held_lock+0x2d/0x110 [ 49.373162][ T5024] ? nilfs_evict_inode+0x550/0x550 [ 49.378347][ T5024] __mark_inode_dirty+0x1e0/0xd50 [ 49.383365][ T5024] iput.part.0+0x5b/0x7a0 [ 49.387685][ T5024] iput+0x5c/0x80 [ 49.391304][ T5024] nilfs_dispose_list+0x49b/0x6e0 [ 49.396318][ T5024] ? nilfs_segctor_apply_buffers+0x470/0x470 [ 49.402290][ T5024] ? up_write+0x1b3/0x510 [ 49.406606][ T5024] nilfs_detach_log_writer+0x77c/0xa60 [ 49.412055][ T5024] ? nilfs_clean_segments+0xac0/0xac0 [ 49.417419][ T5024] ? find_rule+0x370/0x370 [ 49.421835][ T5024] ? prepare_to_swait_exclusive+0x240/0x240 [ 49.427718][ T5024] ? dispose_list+0x1e0/0x1e0 [ 49.432398][ T5024] nilfs_put_super+0x43/0x1b0 [ 49.437066][ T5024] ? nilfs_freeze+0xc0/0xc0 [ 49.441554][ T5024] generic_shutdown_super+0x158/0x480 [ 49.446914][ T5024] kill_block_super+0x64/0xb0 [ 49.451573][ T5024] deactivate_locked_super+0x9a/0x170 [ 49.457015][ T5024] deactivate_super+0xde/0x100 [ 49.461764][ T5024] cleanup_mnt+0x222/0x3d0 [ 49.466173][ T5024] task_work_run+0x14d/0x240 [ 49.470755][ T5024] ? task_work_cancel+0x30/0x30 [ 49.475598][ T5024] ptrace_notify+0x10c/0x130 [ 49.480177][ T5024] syscall_exit_to_user_mode_prepare+0x120/0x220 [ 49.486504][ T5024] syscall_exit_to_user_mode+0xd/0x50 [ 49.491868][ T5024] do_syscall_64+0x44/0xb0 [ 49.496275][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.502171][ T5024] RIP: 0033:0x7f0e780a6fa7 [ 49.506567][ T5024] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 49.526159][ T5024] RSP: 002b:00007ffc0ea1c078 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 49.534563][ T5024] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0e780a6fa7 [ 49.542518][ T5024] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffc0ea1c130 [ 49.550472][ T5024] RBP: 00007ffc0ea1c130 R08: 0000000000000000 R09: 0000000000000000 [ 49.558429][ T5024] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc0ea1d1f0 [ 49.566411][ T5024] R13: 00005555568c9700 R14: 431bde82d7b634db R15: 00007ffc0ea1d194 [ 49.574374][ T5024] [ 49.577395][ T5024] [ 49.579705][ T5024] Allocated by task 5076: [ 49.584030][ T5024] kasan_save_stack+0x33/0x50 [ 49.588724][ T5024] kasan_set_track+0x25/0x30 [ 49.593300][ T5024] __kasan_slab_alloc+0x81/0x90 [ 49.598141][ T5024] kmem_cache_alloc_lru+0x21a/0x630 [ 49.603342][ T5024] nilfs_alloc_inode+0x26/0x150 [ 49.608183][ T5024] alloc_inode+0x5d/0x220 [ 49.612496][ T5024] iget5_locked+0x63/0xe0 [ 49.616896][ T5024] nilfs_iget_locked+0xa1/0xd0 [ 49.621641][ T5024] nilfs_ifile_read+0x30/0x1b0 [ 49.626393][ T5024] nilfs_attach_checkpoint+0x26c/0x4e0 [ 49.631838][ T5024] nilfs_mount+0xafd/0x1120 [ 49.636432][ T5024] legacy_get_tree+0x109/0x220 [ 49.641205][ T5024] vfs_get_tree+0x88/0x350 [ 49.645648][ T5024] path_mount+0x1492/0x1ed0 [ 49.650141][ T5024] __x64_sys_mount+0x293/0x310 [ 49.655174][ T5024] do_syscall_64+0x38/0xb0 [ 49.659576][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.665453][ T5024] [ 49.667756][ T5024] Freed by task 4668: [ 49.671735][ T5024] kasan_save_stack+0x33/0x50 [ 49.676411][ T5024] kasan_set_track+0x25/0x30 [ 49.680988][ T5024] kasan_save_free_info+0x2b/0x40 [ 49.686002][ T5024] ____kasan_slab_free+0x15e/0x1b0 [ 49.691126][ T5024] slab_free_freelist_hook+0x10b/0x1e0 [ 49.696575][ T5024] kmem_cache_free+0xf0/0x490 [ 49.701261][ T5024] i_callback+0x43/0x70 [ 49.705416][ T5024] rcu_core+0x7fb/0x1bb0 [ 49.709672][ T5024] __do_softirq+0x218/0x965 [ 49.714171][ T5024] [ 49.716476][ T5024] Last potentially related work creation: [ 49.722173][ T5024] kasan_save_stack+0x33/0x50 [ 49.726839][ T5024] __kasan_record_aux_stack+0xbc/0xd0 [ 49.732221][ T5024] __call_rcu_common.constprop.0+0x9a/0x790 [ 49.738119][ T5024] destroy_inode+0x129/0x1b0 [ 49.742696][ T5024] iput.part.0+0x55e/0x7a0 [ 49.747097][ T5024] iput+0x5c/0x80 [ 49.750736][ T5024] nilfs_put_root+0xae/0xe0 [ 49.755220][ T5024] nilfs_detach_log_writer+0x5e0/0xa60 [ 49.760664][ T5024] nilfs_put_super+0x43/0x1b0 [ 49.765328][ T5024] generic_shutdown_super+0x158/0x480 [ 49.770710][ T5024] kill_block_super+0x64/0xb0 [ 49.775369][ T5024] deactivate_locked_super+0x9a/0x170 [ 49.780727][ T5024] deactivate_super+0xde/0x100 [ 49.785476][ T5024] cleanup_mnt+0x222/0x3d0 [ 49.789885][ T5024] task_work_run+0x14d/0x240 [ 49.794470][ T5024] ptrace_notify+0x10c/0x130 [ 49.799046][ T5024] syscall_exit_to_user_mode_prepare+0x120/0x220 [ 49.805370][ T5024] syscall_exit_to_user_mode+0xd/0x50 [ 49.810733][ T5024] do_syscall_64+0x44/0xb0 [ 49.815160][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.821066][ T5024] [ 49.823372][ T5024] The buggy address belongs to the object at ffff888075798cd0 [ 49.823372][ T5024] which belongs to the cache nilfs2_inode_cache of size 1512 [ 49.838112][ T5024] The buggy address is located 1504 bytes inside of [ 49.838112][ T5024] freed 1512-byte region [ffff888075798cd0, ffff8880757992b8) [ 49.852069][ T5024] [ 49.854377][ T5024] The buggy address belongs to the physical page: [ 49.860768][ T5024] page:ffffea0001d5e600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75798 [ 49.870903][ T5024] head:ffffea0001d5e600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 49.879822][ T5024] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 49.887784][ T5024] page_type: 0xffffffff() [ 49.892093][ T5024] raw: 00fff00000010200 ffff888142283140 dead000000000122 0000000000000000 [ 49.900748][ T5024] raw: 0000000000000000 0000000000130013 00000001ffffffff 0000000000000000 [ 49.909312][ T5024] page dumped because: kasan: bad access detected [ 49.915795][ T5024] page_owner tracks the page as allocated [ 49.921493][ T5024] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 5076, tgid 5070 (syz-executor105), ts 46732329284, free_ts 10351707866 [ 49.944065][ T5024] post_alloc_hook+0x2d2/0x350 [ 49.948826][ T5024] get_page_from_freelist+0x10a9/0x31e0 [ 49.954363][ T5024] __alloc_pages+0x1d0/0x4a0 [ 49.958940][ T5024] alloc_pages+0x1a9/0x270 [ 49.963345][ T5024] allocate_slab+0x24e/0x380 [ 49.968011][ T5024] ___slab_alloc+0x8bc/0x1570 [ 49.972697][ T5024] __slab_alloc.constprop.0+0x56/0xa0 [ 49.978071][ T5024] kmem_cache_alloc_lru+0x4e4/0x630 [ 49.983258][ T5024] nilfs_alloc_inode+0x26/0x150 [ 49.988097][ T5024] alloc_inode+0x5d/0x220 [ 49.992412][ T5024] iget5_locked+0x63/0xe0 [ 49.996726][ T5024] nilfs_iget_locked+0xa1/0xd0 [ 50.001475][ T5024] nilfs_sufile_read+0xd6/0x5a0 [ 50.006322][ T5024] load_nilfs+0x669/0x12d0 [ 50.010718][ T5024] nilfs_mount+0xa8c/0x1120 [ 50.015208][ T5024] legacy_get_tree+0x109/0x220 [ 50.019977][ T5024] page last free stack trace: [ 50.024627][ T5024] free_unref_page_prepare+0x508/0xb90 [ 50.030173][ T5024] free_unref_page+0x33/0x3b0 [ 50.034836][ T5024] free_contig_range+0xb6/0x190 [ 50.039675][ T5024] destroy_args+0x686/0x940 [ 50.044170][ T5024] debug_vm_pgtable+0x2339/0x3ff0 [ 50.049183][ T5024] do_one_initcall+0x117/0x630 [ 50.053936][ T5024] kernel_init_freeable+0x5bd/0x8f0 [ 50.059121][ T5024] kernel_init+0x1c/0x2a0 [ 50.063466][ T5024] ret_from_fork+0x2c/0x70 [ 50.067868][ T5024] ret_from_fork_asm+0x11/0x20 [ 50.072625][ T5024] [ 50.074928][ T5024] Memory state around the buggy address: [ 50.080645][ T5024] ffff888075799180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [pid 5087] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] <... mount resumed>) = 0 [pid 5084] <... futex resumed>) = 0 [pid 5091] <... write resumed>) = 2097152 [pid 5091] munmap(0x7f0e6fc42000, 2097152) = 0 [pid 5091] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5091] ioctl(4, LOOP_SET_FD, 3 [pid 5028] <... umount2 resumed>) = 0 [pid 5028] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5028] newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5028] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5028] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] getdents64(4, 0x5555568d1770 /* 2 entries */, 32768) = 48 [pid 5028] getdents64(4, 0x5555568d1770 /* 0 entries */, 32768) = 0 [pid 5028] close(4) = 0 [pid 5028] rmdir("./1/file1") = 0 [pid 5028] getdents64(3, 0x5555568c9730 /* 0 entries */, 32768) = 0 [pid 5028] close(3) = 0 [pid 5028] rmdir("./1") = 0 [pid 5028] mkdir("./2", 0777) = 0 [pid 5028] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5028] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5028] close(3) = 0 [pid 5028] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568c8690) = 5095 [pid 5091] <... ioctl resumed>) = 0 [pid 5091] close(3) = 0 [pid 5091] mkdir("./file1", 0777) = 0 [pid 5091] mount("/dev/loop4", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, ""./strace-static-x86_64: Process 5095 attached [pid 5095] set_robust_list(0x5555568c86a0, 24) = 0 [pid 5095] chdir("./2") = 0 [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5095] setpgid(0, 0) = 0 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5095] write(3, "1000", 4) = 4 [pid 5095] close(3) = 0 [pid 5095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5095] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] rt_sigaction(SIGRT_1, {sa_handler=0x7f0e780cc160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0e780bd310}, NULL, 8) = 0 [pid 5095] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0e78042000 [pid 5095] mprotect(0x7f0e78043000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e78062990, parent_tid=0x7f0e78062990, exit_signal=0, stack=0x7f0e78042000, stack_size=0x20300, tls=0x7f0e780626c0} => {parent_tid=[5096]}, 88) = 5096 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5095] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5096 attached [pid 5096] rseq(0x7f0e78062fe0, 0x20, 0, 0x53053053) = 0 [pid 5096] set_robust_list(0x7f0e780629a0, 24) = 0 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5096] memfd_create("syzkaller", 0) = 3 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e6fc42000 [pid 5085] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5085] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0e6fe21000 [pid 5085] mprotect(0x7f0e6fe22000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5085] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe41990, parent_tid=0x7f0e6fe41990, exit_signal=0, stack=0x7f0e6fe21000, stack_size=0x20300, tls=0x7f0e6fe416c0} => {parent_tid=[5097]}, 88) = 5097 [pid 5085] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5085] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5097 attached [pid 5097] rseq(0x7f0e6fe41fe0, 0x20, 0, 0x53053053) = 0 [pid 5097] set_robust_list(0x7f0e6fe419a0, 24) = 0 [pid 5097] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5097] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 5097] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... futex resumed>) = 1 [pid 5097] lseek(6, 257, SEEK_SET) = 257 [pid 5097] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... futex resumed>) = 1 [pid 5097] getdents64(6, [pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5096] munmap(0x7f0e6fc42000, 2097152) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5096] close(3) = 0 [pid 5096] mkdir("./file1", 0777) = 0 [pid 5096] mount("/dev/loop5", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [ 50.088691][ T5024] ffff888075799200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 50.096737][ T5024] >ffff888075799280: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc [ 50.104800][ T5024] ^ [ 50.110411][ T5024] ffff888075799300: fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb [ 50.118454][ T5024] ffff888075799380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 50.126499][ T5024] ================================================================== [pid 5084] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5087] <... futex resumed>) = 0 [pid 5085] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5084] <... futex resumed>) = 1 [pid 5089] <... openat resumed>) = 3 [pid 5087] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5085] futex(0x7f0e7812e6ec, FUTEX_WAKE_PRIVATE, 1000000 [ 50.138220][ T5097] NILFS error (device loop0): nilfs_readdir: zero-length directory entry [ 50.146744][ T5096] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 50.149342][ T5030] udevd[5030]: incorrect nilfs2 checksum on /dev/loop5 [ 50.156348][ T5091] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 50.156761][ T5091] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 4096) [ 50.170099][ T5030] udevd[5030]: incorrect nilfs2 checksum on /dev/loop5 [ 50.177135][ T5024] ================================================================== [ 50.197933][ T5024] BUG: KASAN: slab-use-after-free in nilfs_palloc_get_entry_block+0x186/0x1b0 [ 50.206816][ T5024] Read of size 8 at addr ffff88802b585cb0 by task syz-executor105/5024 [ 50.215056][ T5024] [ 50.217468][ T5024] CPU: 1 PID: 5024 Comm: syz-executor105 Tainted: G B 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0 [ 50.226834][ T5096] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 4096) [ 50.229345][ T5024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 50.229357][ T5024] Call Trace: [ 50.229362][ T5024] [ 50.229369][ T5024] dump_stack_lvl+0xd9/0x1b0 [ 50.259935][ T5024] print_report+0xc4/0x620 [ 50.264386][ T5024] ? __virt_addr_valid+0x5e/0x2d0 [ 50.269435][ T5024] ? __phys_addr+0xc6/0x140 [ 50.273959][ T5024] kasan_report+0xda/0x110 [ 50.278429][ T5024] ? nilfs_palloc_get_entry_block+0x186/0x1b0 [ 50.284493][ T5024] ? nilfs_palloc_get_entry_block+0x186/0x1b0 [ 50.290730][ T5024] nilfs_palloc_get_entry_block+0x186/0x1b0 [ 50.296635][ T5024] nilfs_ifile_get_inode_block+0xc5/0x190 [ 50.302350][ T5024] nilfs_load_inode_block+0x179/0x300 [ 50.307714][ T5024] __nilfs_mark_inode_dirty+0x80/0x240 [ 50.313167][ T5024] ? nilfs_dirty_folio+0x4c0/0x4c0 [ 50.318270][ T5024] ? nilfs_transaction_begin+0x3fe/0xa40 [ 50.323988][ T5024] nilfs_dirty_inode+0x1ab/0x270 [ 50.328935][ T5024] ? nilfs_evict_inode+0x550/0x550 [ 50.334035][ T5024] ? reacquire_held_locks+0x4b0/0x4b0 [ 50.339398][ T5024] ? find_held_lock+0x2d/0x110 [ 50.344162][ T5024] ? nilfs_evict_inode+0x550/0x550 [ 50.349287][ T5024] __mark_inode_dirty+0x1e0/0xd50 [ 50.354306][ T5024] iput.part.0+0x5b/0x7a0 [ 50.358626][ T5024] iput+0x5c/0x80 [ 50.362251][ T5024] nilfs_dispose_list+0x49b/0x6e0 [ 50.367267][ T5024] ? nilfs_segctor_apply_buffers+0x470/0x470 [ 50.373251][ T5024] ? up_write+0x1b3/0x510 [ 50.377581][ T5024] nilfs_detach_log_writer+0x77c/0xa60 [ 50.383046][ T5024] ? nilfs_clean_segments+0xac0/0xac0 [ 50.388411][ T5024] ? find_rule+0x370/0x370 [ 50.392825][ T5024] ? prepare_to_swait_exclusive+0x240/0x240 [ 50.398800][ T5024] ? dispose_list+0x1e0/0x1e0 [ 50.403483][ T5024] nilfs_put_super+0x43/0x1b0 [ 50.408148][ T5024] ? nilfs_freeze+0xc0/0xc0 [ 50.412637][ T5024] generic_shutdown_super+0x158/0x480 [ 50.417996][ T5024] kill_block_super+0x64/0xb0 [ 50.422662][ T5024] deactivate_locked_super+0x9a/0x170 [ 50.428047][ T5024] deactivate_super+0xde/0x100 [ 50.432814][ T5024] cleanup_mnt+0x222/0x3d0 [ 50.437242][ T5024] task_work_run+0x14d/0x240 [ 50.441826][ T5024] ? task_work_cancel+0x30/0x30 [ 50.446669][ T5024] ptrace_notify+0x10c/0x130 [ 50.451281][ T5024] syscall_exit_to_user_mode_prepare+0x120/0x220 [ 50.457602][ T5024] syscall_exit_to_user_mode+0xd/0x50 [ 50.462967][ T5024] do_syscall_64+0x44/0xb0 [ 50.467366][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.473268][ T5024] RIP: 0033:0x7f0e780a6fa7 [ 50.477668][ T5024] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 50.497261][ T5024] RSP: 002b:00007ffc0ea1c078 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 50.505659][ T5024] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0e780a6fa7 [ 50.513620][ T5024] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffc0ea1c130 [ 50.521578][ T5024] RBP: 00007ffc0ea1c130 R08: 0000000000000000 R09: 0000000000000000 [ 50.529533][ T5024] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc0ea1d1f0 [ 50.537529][ T5024] R13: 00005555568c9700 R14: 431bde82d7b634db R15: 00007ffc0ea1d194 [ 50.545841][ T5024] [ 50.548841][ T5024] [ 50.551144][ T5024] Allocated by task 5076: [ 50.555451][ T5024] kasan_save_stack+0x33/0x50 [ 50.560134][ T5024] kasan_set_track+0x25/0x30 [ 50.564713][ T5024] __kasan_kmalloc+0xa2/0xb0 [ 50.569287][ T5024] __kmalloc+0x5d/0x100 [ 50.573432][ T5024] nilfs_mdt_init+0x2f/0x1e0 [ 50.578010][ T5024] nilfs_ifile_read+0xc9/0x1b0 [ 50.582771][ T5024] nilfs_attach_checkpoint+0x26c/0x4e0 [ 50.588218][ T5024] nilfs_mount+0xafd/0x1120 [ 50.592707][ T5024] legacy_get_tree+0x109/0x220 [ 50.597459][ T5024] vfs_get_tree+0x88/0x350 [ 50.601859][ T5024] path_mount+0x1492/0x1ed0 [ 50.606348][ T5024] __x64_sys_mount+0x293/0x310 [ 50.611635][ T5024] do_syscall_64+0x38/0xb0 [ 50.616050][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.622039][ T5024] [ 50.624364][ T5024] Freed by task 4668: [ 50.628329][ T5024] kasan_save_stack+0x33/0x50 [ 50.633001][ T5024] kasan_set_track+0x25/0x30 [ 50.637677][ T5024] kasan_save_free_info+0x2b/0x40 [ 50.642718][ T5024] ____kasan_slab_free+0x15e/0x1b0 [ 50.647834][ T5024] slab_free_freelist_hook+0x10b/0x1e0 [ 50.653284][ T5024] __kmem_cache_free+0xb8/0x2f0 [ 50.658123][ T5024] nilfs_free_inode+0x42/0x70 [ 50.662789][ T5024] i_callback+0x43/0x70 [ 50.666931][ T5024] rcu_core+0x7fb/0x1bb0 [ 50.671166][ T5024] __do_softirq+0x218/0x965 [ 50.675696][ T5024] [ 50.678005][ T5024] The buggy address belongs to the object at ffff88802b585c00 [ 50.678005][ T5024] which belongs to the cache kmalloc-512 of size 512 [ 50.692059][ T5024] The buggy address is located 176 bytes inside of [ 50.692059][ T5024] freed 512-byte region [ffff88802b585c00, ffff88802b585e00) [ 50.705938][ T5024] [ 50.708254][ T5024] The buggy address belongs to the physical page: [ 50.714686][ T5024] page:ffffea0000ad6100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2b584 [ 50.724912][ T5024] head:ffffea0000ad6100 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 50.733833][ T5024] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 50.741797][ T5024] page_type: 0xffffffff() [ 50.746199][ T5024] raw: 00fff00000010200 ffff888012841c80 ffffea000060c900 dead000000000002 [ 50.754769][ T5024] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 50.763424][ T5024] page dumped because: kasan: bad access detected [ 50.769824][ T5024] page_owner tracks the page as allocated [ 50.775636][ T5024] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4490, tgid 4490 (udevadm), ts 14413457908, free_ts 14394869291 [ 50.796558][ T5024] post_alloc_hook+0x2d2/0x350 [ 50.801343][ T5024] get_page_from_freelist+0x10a9/0x31e0 [ 50.806887][ T5024] __alloc_pages+0x1d0/0x4a0 [ 50.811472][ T5024] alloc_pages+0x1a9/0x270 [ 50.815969][ T5024] allocate_slab+0x24e/0x380 [ 50.820719][ T5024] ___slab_alloc+0x8bc/0x1570 [ 50.825388][ T5024] __slab_alloc.constprop.0+0x56/0xa0 [ 50.830874][ T5024] __kmem_cache_alloc_node+0x137/0x350 [ 50.836415][ T5024] kmalloc_trace+0x25/0xe0 [ 50.840823][ T5024] kernfs_fop_open+0x318/0xe00 [ 50.845596][ T5024] do_dentry_open+0x88b/0x1780 [ 50.850351][ T5024] path_openat+0x19af/0x29c0 [ 50.855012][ T5024] do_filp_open+0x1de/0x430 [ 50.859588][ T5024] do_sys_openat2+0x176/0x1e0 [ 50.864265][ T5024] __x64_sys_openat+0x175/0x210 [ 50.869476][ T5024] do_syscall_64+0x38/0xb0 [ 50.873875][ T5024] page last free stack trace: [ 50.878536][ T5024] free_unref_page_prepare+0x508/0xb90 [ 50.883986][ T5024] free_unref_page+0x33/0x3b0 [ 50.888659][ T5024] __unfreeze_partials+0x21d/0x240 [ 50.893756][ T5024] qlist_free_all+0x6a/0x170 [ 50.898427][ T5024] kasan_quarantine_reduce+0x18b/0x1d0 [ 50.903870][ T5024] __kasan_slab_alloc+0x65/0x90 [ 50.908717][ T5024] kmem_cache_alloc+0x172/0x3b0 [ 50.913556][ T5024] vm_area_dup+0x21/0x2f0 [ 50.918131][ T5024] __split_vma+0x1a8/0x830 [ 50.922729][ T5024] split_vma+0xc8/0x110 [ 50.926905][ T5024] mprotect_fixup+0x784/0xbf0 [ 50.931573][ T5024] do_mprotect_pkey+0x852/0xd60 [ 50.936414][ T5024] __x64_sys_mprotect+0x78/0xb0 [ 50.941286][ T5024] do_syscall_64+0x38/0xb0 [ 50.945687][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.951573][ T5024] [ 50.953879][ T5024] Memory state around the buggy address: [ 50.959493][ T5024] ffff88802b585b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.967540][ T5024] ffff88802b585c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 50.975586][ T5024] >ffff88802b585c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 50.983652][ T5024] ^ [ 50.989262][ T5024] ffff88802b585d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [pid 5084] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] chdir("./file1" [pid 5085] <... futex resumed>) = 0 [pid 5089] <... chdir resumed>) = 0 [pid 5085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5089] ioctl(4, LOOP_CLR_FD [pid 5085] <... mmap resumed>) = 0x7f0e6fe00000 [pid 5089] <... ioctl resumed>) = 0 [pid 5085] mprotect(0x7f0e6fe01000, 131072, PROT_READ|PROT_WRITE [pid 5089] close(4 [pid 5085] <... mprotect resumed>) = 0 [pid 5089] <... close resumed>) = 0 [pid 5085] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5089] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5089] <... futex resumed>) = 1 [pid 5085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe20990, parent_tid=0x7f0e6fe20990, exit_signal=0, stack=0x7f0e6fe00000, stack_size=0x20300, tls=0x7f0e6fe206c0} [pid 5083] <... futex resumed>) = 0 [pid 5089] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5083] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... clone3 resumed> => {parent_tid=[5098]}, 88) = 5098 [pid 5083] <... futex resumed>) = 0 [pid 5085] rt_sigprocmask(SIG_SETMASK, [], [pid 5083] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5085] futex(0x7f0e7812e6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7f0e7812e6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5098 attached [pid 5098] rseq(0x7f0e6fe20fe0, 0x20, 0, 0x53053053) = 0 [pid 5098] set_robust_list(0x7f0e6fe209a0, 24) = 0 [pid 5098] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5098] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5089] <... open resumed>) = 4 [pid 5084] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5089] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 0 [pid 5089] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5083] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... open resumed>) = 5 [pid 5084] <... mmap resumed>) = 0x7f0e6fe21000 [pid 5083] <... futex resumed>) = 0 [pid 5089] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] mprotect(0x7f0e6fe22000, 131072, PROT_READ|PROT_WRITE [pid 5083] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... futex resumed>) = 0 [pid 5084] <... mprotect resumed>) = 0 [pid 5083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5089] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5083] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5083] <... futex resumed>) = 0 [pid 5089] ftruncate(5, 33587195 [pid 5084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe41990, parent_tid=0x7f0e6fe41990, exit_signal=0, stack=0x7f0e6fe21000, stack_size=0x20300, tls=0x7f0e6fe416c0} [pid 5083] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... ftruncate resumed>) = 0 [pid 5089] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... clone3 resumed> => {parent_tid=[5099]}, 88) = 5099 [pid 5089] <... futex resumed>) = 1 [pid 5085] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5084] rt_sigprocmask(SIG_SETMASK, [], [pid 5083] <... futex resumed>) = 0 [pid 5089] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5083] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5089] sendfile(4, 5, NULL, 281474978811909 [pid 5084] <... futex resumed>) = 0 [pid 5083] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... openat resumed>) = 7 [pid 5098] futex(0x7f0e7812e6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f0e7812e6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5083] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5084] futex(0x7f0e7812e6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0e6fe00000 [pid 5084] mprotect(0x7f0e6fe01000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe20990, parent_tid=0x7f0e6fe20990, exit_signal=0, stack=0x7f0e6fe00000, stack_size=0x20300, tls=0x7f0e6fe206c0} [pid 5083] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... clone3 resumed> => {parent_tid=[5100]}, 88) = 5100 [pid 5084] rt_sigprocmask(SIG_SETMASK, [], [pid 5083] <... futex resumed>) = 0 [pid 5084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5084] futex(0x7f0e7812e6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f0e7812e6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... mmap resumed>) = 0x7f0e6fe21000 [pid 5083] mprotect(0x7f0e6fe22000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5083] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe41990, parent_tid=0x7f0e6fe41990, exit_signal=0, stack=0x7f0e6fe21000, stack_size=0x20300, tls=0x7f0e6fe416c0} => {parent_tid=[5101]}, 88) = 5101 [pid 5083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5083] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5100 attached [pid 5100] rseq(0x7f0e6fe20fe0, 0x20, 0, 0x53053053) = 0 [pid 5100] set_robust_list(0x7f0e6fe209a0, 24) = 0 [pid 5100] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5100] ftruncate(-1, 33587195) = -1 EBADF (Bad file descriptor) [pid 5100] futex(0x7f0e7812e6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5100] sendfile(-1, -1, NULL, 281474978811909 [pid 5084] futex(0x7f0e7812e6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... sendfile resumed>) = -1 EBADF (Bad file descriptor) [pid 5084] <... futex resumed>) = 0 [pid 5100] futex(0x7f0e7812e6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] futex(0x7f0e7812e6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... futex resumed>) = 0 [pid 5084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5100] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5084] futex(0x7f0e7812e6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f0e7812e6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5101 attached [pid 5101] rseq(0x7f0e6fe41fe0, 0x20, 0, 0x53053053) = 0 [pid 5101] set_robust_list(0x7f0e6fe419a0, 24) = 0 [pid 5101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5101] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 5101] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] <... futex resumed>) = 0 [pid 5101] lseek(6, 257, SEEK_SET [pid 5083] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... lseek resumed>) = 257 [pid 5083] <... futex resumed>) = 0 [pid 5101] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5101] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] <... futex resumed>) = 0 [pid 5101] getdents64(6, [pid 5083] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... openat resumed>) = 5 [pid 5097] <... getdents64 resumed>0x9999999999999999, 41) = -1 EIO (Input/output error) [pid 5087] <... open resumed>) = 4 [pid 5100] futex(0x7f0e7812e6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... sendfile resumed>) = 192512 [pid 5087] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 1 [pid 5088] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5084] <... futex resumed>) = 0 [pid 5100] futex(0x7f0e7812e6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] <... futex resumed>) = 0 [pid 5087] lseek(5, 257, SEEK_SET [pid 5084] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] <... lseek resumed>) = 257 [pid 5084] <... futex resumed>) = 0 [pid 5087] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... futex resumed>) = 0 [pid 5084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5087] getdents64(5, [ 50.997304][ T5024] ffff88802b585d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.005351][ T5024] ================================================================== [ 51.026784][ T5097] Remounting filesystem read-only [ 51.027165][ T5101] NILFS error (device loop3): nilfs_readdir: zero-length directory entry [pid 5084] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5085] exit_group(0 [pid 5084] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... futex resumed>) = ? [pid 5097] <... futex resumed>) = ? [pid 5088] <... futex resumed>) = ? [pid 5085] <... exit_group resumed>) = ? [pid 5098] +++ exited with 0 +++ [pid 5088] +++ exited with 0 +++ [pid 5097] +++ exited with 0 +++ [pid 5085] +++ exited with 0 +++ [pid 5022] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5085, si_uid=0, si_status=0, si_utime=0, si_stime=90 /* 0.90 s */} --- [pid 5022] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5022] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5022] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5022] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5022] getdents64(3, 0x5555568c9730 /* 4 entries */, 32768) = 112 [pid 5022] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5022] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5022] unlink("./2/binderfs") = 0 [pid 5022] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5099 attached [pid 5099] rseq(0x7f0e6fe41fe0, 0x20, 0, 0x53053053) = 0 [pid 5099] set_robust_list(0x7f0e6fe419a0, 24) = 0 [pid 5099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 51.046516][ T5087] NILFS error (device loop1): nilfs_readdir: zero-length directory entry [ 51.072037][ T5102] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 51.075431][ T5024] ================================================================== [ 51.083480][ T5022] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer [ 51.090976][ T5024] BUG: KASAN: slab-use-after-free in nilfs_palloc_get_entry_block+0x17c/0x1b0 [ 51.091009][ T5024] Read of size 1 at addr ffff888075798ef2 by task syz-executor105/5024 [ 51.104367][ T5087] Remounting filesystem read-only [ 51.108551][ T5024] [ 51.108558][ T5024] CPU: 1 PID: 5024 Comm: syz-executor105 Tainted: G B 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0 [ 51.108580][ T5024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 51.108591][ T5024] Call Trace: [ 51.108596][ T5024] [ 51.108602][ T5024] dump_stack_lvl+0xd9/0x1b0 [ 51.126045][ T5101] Remounting filesystem read-only [ 51.136086][ T5024] print_report+0xc4/0x620 [ 51.136118][ T5024] ? __virt_addr_valid+0x5e/0x2d0 [ 51.136139][ T5024] ? __phys_addr+0xc6/0x140 [ 51.176167][ T5024] kasan_report+0xda/0x110 [ 51.180584][ T5024] ? nilfs_palloc_get_entry_block+0x17c/0x1b0 [ 51.186651][ T5024] ? nilfs_palloc_get_entry_block+0x17c/0x1b0 [ 51.192712][ T5024] nilfs_palloc_get_entry_block+0x17c/0x1b0 [ 51.198601][ T5024] nilfs_ifile_get_inode_block+0xc5/0x190 [ 51.204315][ T5024] nilfs_load_inode_block+0x179/0x300 [ 51.209678][ T5024] __nilfs_mark_inode_dirty+0x80/0x240 [ 51.215133][ T5024] ? nilfs_dirty_folio+0x4c0/0x4c0 [ 51.220248][ T5024] ? nilfs_transaction_begin+0x3fe/0xa40 [ 51.225870][ T5024] nilfs_dirty_inode+0x1ab/0x270 [ 51.230795][ T5024] ? nilfs_evict_inode+0x550/0x550 [ 51.235983][ T5024] ? reacquire_held_locks+0x4b0/0x4b0 [ 51.241349][ T5024] ? find_held_lock+0x2d/0x110 [ 51.246102][ T5024] ? nilfs_evict_inode+0x550/0x550 [ 51.251203][ T5024] __mark_inode_dirty+0x1e0/0xd50 [ 51.256225][ T5024] iput.part.0+0x5b/0x7a0 [ 51.260550][ T5024] iput+0x5c/0x80 [ 51.264170][ T5024] nilfs_dispose_list+0x49b/0x6e0 [ 51.269186][ T5024] ? nilfs_segctor_apply_buffers+0x470/0x470 [ 51.275330][ T5024] ? up_write+0x1b3/0x510 [ 51.279650][ T5024] nilfs_detach_log_writer+0x77c/0xa60 [ 51.285110][ T5024] ? nilfs_clean_segments+0xac0/0xac0 [ 51.290473][ T5024] ? find_rule+0x370/0x370 [ 51.294884][ T5024] ? prepare_to_swait_exclusive+0x240/0x240 [ 51.300863][ T5024] ? dispose_list+0x1e0/0x1e0 [ 51.305540][ T5024] nilfs_put_super+0x43/0x1b0 [ 51.310210][ T5024] ? nilfs_freeze+0xc0/0xc0 [ 51.314705][ T5024] generic_shutdown_super+0x158/0x480 [ 51.320064][ T5024] kill_block_super+0x64/0xb0 [ 51.324728][ T5024] deactivate_locked_super+0x9a/0x170 [ 51.330094][ T5024] deactivate_super+0xde/0x100 [ 51.334850][ T5024] cleanup_mnt+0x222/0x3d0 [ 51.339266][ T5024] task_work_run+0x14d/0x240 [ 51.343851][ T5024] ? task_work_cancel+0x30/0x30 [ 51.348695][ T5024] ptrace_notify+0x10c/0x130 [ 51.353274][ T5024] syscall_exit_to_user_mode_prepare+0x120/0x220 [ 51.359604][ T5024] syscall_exit_to_user_mode+0xd/0x50 [ 51.364974][ T5024] do_syscall_64+0x44/0xb0 [ 51.369904][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.375974][ T5024] RIP: 0033:0x7f0e780a6fa7 [ 51.380400][ T5024] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 51.400086][ T5024] RSP: 002b:00007ffc0ea1c078 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 51.408484][ T5024] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0e780a6fa7 [ 51.416440][ T5024] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffc0ea1c130 [ 51.424658][ T5024] RBP: 00007ffc0ea1c130 R08: 0000000000000000 R09: 0000000000000000 [ 51.432702][ T5024] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc0ea1d1f0 [ 51.440681][ T5024] R13: 00005555568c9700 R14: 431bde82d7b634db R15: 00007ffc0ea1d194 [ 51.448650][ T5024] [ 51.451652][ T5024] [ 51.453961][ T5024] Allocated by task 5076: [ 51.458269][ T5024] kasan_save_stack+0x33/0x50 [ 51.462938][ T5024] kasan_set_track+0x25/0x30 [ 51.467519][ T5024] __kasan_slab_alloc+0x81/0x90 [ 51.472361][ T5024] kmem_cache_alloc_lru+0x21a/0x630 [ 51.477723][ T5024] nilfs_alloc_inode+0x26/0x150 [ 51.482564][ T5024] alloc_inode+0x5d/0x220 [ 51.486880][ T5024] iget5_locked+0x63/0xe0 [ 51.491194][ T5024] nilfs_iget_locked+0xa1/0xd0 [ 51.495944][ T5024] nilfs_ifile_read+0x30/0x1b0 [ 51.500702][ T5024] nilfs_attach_checkpoint+0x26c/0x4e0 [ 51.506148][ T5024] nilfs_mount+0xafd/0x1120 [ 51.510649][ T5024] legacy_get_tree+0x109/0x220 [ 51.515489][ T5024] vfs_get_tree+0x88/0x350 [ 51.519889][ T5024] path_mount+0x1492/0x1ed0 [ 51.524378][ T5024] __x64_sys_mount+0x293/0x310 [ 51.529136][ T5024] do_syscall_64+0x38/0xb0 [ 51.533538][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.539595][ T5024] [ 51.541905][ T5024] Freed by task 4668: [ 51.545865][ T5024] kasan_save_stack+0x33/0x50 [ 51.550532][ T5024] kasan_set_track+0x25/0x30 [ 51.555114][ T5024] kasan_save_free_info+0x2b/0x40 [ 51.560153][ T5024] ____kasan_slab_free+0x15e/0x1b0 [ 51.565258][ T5024] slab_free_freelist_hook+0x10b/0x1e0 [ 51.570702][ T5024] kmem_cache_free+0xf0/0x490 [ 51.575383][ T5024] i_callback+0x43/0x70 [ 51.579532][ T5024] rcu_core+0x7fb/0x1bb0 [ 51.583769][ T5024] __do_softirq+0x218/0x965 [ 51.588266][ T5024] [ 51.590574][ T5024] Last potentially related work creation: [ 51.596270][ T5024] kasan_save_stack+0x33/0x50 [ 51.600937][ T5024] __kasan_record_aux_stack+0xbc/0xd0 [ 51.606301][ T5024] __call_rcu_common.constprop.0+0x9a/0x790 [ 51.612625][ T5024] destroy_inode+0x129/0x1b0 [ 51.617203][ T5024] iput.part.0+0x55e/0x7a0 [ 51.621619][ T5024] iput+0x5c/0x80 [ 51.625238][ T5024] nilfs_put_root+0xae/0xe0 [ 51.629729][ T5024] nilfs_detach_log_writer+0x5e0/0xa60 [ 51.635282][ T5024] nilfs_put_super+0x43/0x1b0 [ 51.639967][ T5024] generic_shutdown_super+0x158/0x480 [ 51.645347][ T5024] kill_block_super+0x64/0xb0 [ 51.650028][ T5024] deactivate_locked_super+0x9a/0x170 [ 51.655387][ T5024] deactivate_super+0xde/0x100 [ 51.660140][ T5024] cleanup_mnt+0x222/0x3d0 [ 51.664569][ T5024] task_work_run+0x14d/0x240 [ 51.669150][ T5024] ptrace_notify+0x10c/0x130 [ 51.673774][ T5024] syscall_exit_to_user_mode_prepare+0x120/0x220 [ 51.680444][ T5024] syscall_exit_to_user_mode+0xd/0x50 [ 51.685896][ T5024] do_syscall_64+0x44/0xb0 [ 51.690295][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.696177][ T5024] [ 51.698485][ T5024] The buggy address belongs to the object at ffff888075798cd0 [ 51.698485][ T5024] which belongs to the cache nilfs2_inode_cache of size 1512 [ 51.713217][ T5024] The buggy address is located 546 bytes inside of [ 51.713217][ T5024] freed 1512-byte region [ffff888075798cd0, ffff8880757992b8) [ 51.727084][ T5024] [ 51.729391][ T5024] The buggy address belongs to the physical page: [ 51.735785][ T5024] page:ffffea0001d5e600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75798 [ 51.745923][ T5024] head:ffffea0001d5e600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 51.754844][ T5024] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 51.762806][ T5024] page_type: 0xffffffff() [ 51.767209][ T5024] raw: 00fff00000010200 ffff888142283140 dead000000000122 0000000000000000 [ 51.775779][ T5024] raw: 0000000000000000 0000000000130013 00000001ffffffff 0000000000000000 [ 51.784453][ T5024] page dumped because: kasan: bad access detected [ 51.790858][ T5024] page_owner tracks the page as allocated [ 51.796648][ T5024] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 5076, tgid 5070 (syz-executor105), ts 46732329284, free_ts 10351707866 [ 51.819217][ T5024] post_alloc_hook+0x2d2/0x350 [ 51.823980][ T5024] get_page_from_freelist+0x10a9/0x31e0 [ 51.829520][ T5024] __alloc_pages+0x1d0/0x4a0 [ 51.834136][ T5024] alloc_pages+0x1a9/0x270 [ 51.838543][ T5024] allocate_slab+0x24e/0x380 [ 51.843122][ T5024] ___slab_alloc+0x8bc/0x1570 [ 51.848132][ T5024] __slab_alloc.constprop.0+0x56/0xa0 [ 51.853495][ T5024] kmem_cache_alloc_lru+0x4e4/0x630 [ 51.858686][ T5024] nilfs_alloc_inode+0x26/0x150 [ 51.863522][ T5024] alloc_inode+0x5d/0x220 [ 51.867844][ T5024] iget5_locked+0x63/0xe0 [ 51.872167][ T5024] nilfs_iget_locked+0xa1/0xd0 [ 51.877005][ T5024] nilfs_sufile_read+0xd6/0x5a0 [ 51.881850][ T5024] load_nilfs+0x669/0x12d0 [ 51.886252][ T5024] nilfs_mount+0xa8c/0x1120 [ 51.890740][ T5024] legacy_get_tree+0x109/0x220 [ 51.895496][ T5024] page last free stack trace: [ 51.900153][ T5024] free_unref_page_prepare+0x508/0xb90 [ 51.905604][ T5024] free_unref_page+0x33/0x3b0 [ 51.910293][ T5024] free_contig_range+0xb6/0x190 [ 51.915136][ T5024] destroy_args+0x686/0x940 [ 51.919657][ T5024] debug_vm_pgtable+0x2339/0x3ff0 [ 51.924681][ T5024] do_one_initcall+0x117/0x630 [ 51.929446][ T5024] kernel_init_freeable+0x5bd/0x8f0 [ 51.934649][ T5024] kernel_init+0x1c/0x2a0 [ 51.938970][ T5024] ret_from_fork+0x2c/0x70 [ 51.943377][ T5024] ret_from_fork_asm+0x11/0x20 [ 51.948145][ T5024] [ 51.950455][ T5024] Memory state around the buggy address: [ 51.956071][ T5024] ffff888075798d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.964667][ T5024] ffff888075798e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.972717][ T5024] >ffff888075798e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 51.980759][ T5024] ^ [ 51.988451][ T5024] ffff888075798f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [pid 5099] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 6 [pid 5083] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5083] futex(0x7f0e7812e6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0e6fe00000 [pid 5083] mprotect(0x7f0e6fe01000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5083] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe20990, parent_tid=0x7f0e6fe20990, exit_signal=0, stack=0x7f0e6fe00000, stack_size=0x20300, tls=0x7f0e6fe206c0} => {parent_tid=[5103]}, 88) = 5103 [pid 5083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5083] futex(0x7f0e7812e6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f0e7812e6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5084] futex(0x7f0e7812e6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5084] <... futex resumed>) = 1 [pid 5100] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5084] futex(0x7f0e7812e6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5083] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 51.996583][ T5024] ffff888075798f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 52.004637][ T5024] ================================================================== [ 52.013558][ T5024] ================================================================== [ 52.021694][ T5024] BUG: KASAN: slab-use-after-free in nilfs_palloc_bitmap_blkoff+0x11c/0x140 [ 52.030385][ T5024] Read of size 1 at addr ffff888075798ef2 by task syz-executor105/5024 [ 52.038632][ T5024] [ 52.040956][ T5024] CPU: 0 PID: 5024 Comm: syz-executor105 Tainted: G B 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0 [ 52.042961][ T5022] NILFS (loop0): discard dirty page: offset=192512, ino=18 [ 52.052832][ T5024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 52.052844][ T5024] Call Trace: [ 52.052850][ T5024] [ 52.052855][ T5024] dump_stack_lvl+0xd9/0x1b0 [ 52.052879][ T5024] print_report+0xc4/0x620 [ 52.065725][ T5022] NILFS (loop0): discard dirty block: blocknr=0, size=4096 [ 52.070102][ T5024] ? __virt_addr_valid+0x5e/0x2d0 [ 52.070130][ T5024] ? __phys_addr+0xc6/0x140 [ 52.070151][ T5024] kasan_report+0xda/0x110 [ 52.070174][ T5024] ? nilfs_palloc_bitmap_blkoff+0x11c/0x140 [ 52.080546][ T5022] NILFS (loop0): discard dirty page: offset=8192, ino=6 [ 52.080937][ T5024] ? nilfs_palloc_bitmap_blkoff+0x11c/0x140 [ 52.085480][ T5022] NILFS (loop0): discard dirty block: blocknr=25, size=4096 [ 52.092492][ T5024] nilfs_palloc_bitmap_blkoff+0x11c/0x140 [ 52.092522][ T5024] nilfs_palloc_get_entry_block+0xf9/0x1b0 [ 52.092553][ T5024] nilfs_ifile_get_inode_block+0xc5/0x190 [ 52.092578][ T5024] nilfs_load_inode_block+0x179/0x300 [ 52.110737][ T5022] NILFS (loop0): discard dirty page: offset=0, ino=5 [ 52.112323][ T5024] __nilfs_mark_inode_dirty+0x80/0x240 [ 52.130967][ T5022] NILFS (loop0): discard dirty block: blocknr=27, size=4096 [ 52.132355][ T5024] ? nilfs_dirty_folio+0x4c0/0x4c0 [ 52.146288][ T5022] NILFS (loop0): discard dirty page: offset=0, ino=3 [ 52.149513][ T5024] ? nilfs_transaction_begin+0x3fe/0xa40 [ 52.154853][ T5022] NILFS (loop0): discard dirty block: blocknr=28, size=4096 [ 52.161498][ T5024] nilfs_dirty_inode+0x1ab/0x270 [ 52.161520][ T5024] ? nilfs_evict_inode+0x550/0x550 [ 52.161538][ T5024] ? reacquire_held_locks+0x4b0/0x4b0 [ 52.167487][ T5022] NILFS (loop0): discard dirty page: offset=4096, ino=3 [ 52.174236][ T5024] ? find_held_lock+0x2d/0x110 [ 52.179507][ T5022] NILFS (loop0): discard dirty block: blocknr=29, size=4096 [ 52.186045][ T5024] ? nilfs_evict_inode+0x550/0x550 [ 52.191928][ T5022] NILFS (loop0): discard dirty page: offset=270336, ino=3 [ 52.198912][ T5024] __mark_inode_dirty+0x1e0/0xd50 [ 52.198943][ T5024] iput.part.0+0x5b/0x7a0 [ 52.204119][ T5022] NILFS (loop0): discard dirty block: blocknr=0, size=4096 [ 52.208919][ T5024] iput+0x5c/0x80 [ 52.208942][ T5024] nilfs_dispose_list+0x49b/0x6e0 [ 52.270615][ T5024] ? nilfs_segctor_apply_buffers+0x470/0x470 [ 52.276679][ T5024] ? up_write+0x1b3/0x510 [ 52.280996][ T5024] nilfs_detach_log_writer+0x77c/0xa60 [ 52.286448][ T5024] ? nilfs_clean_segments+0xac0/0xac0 [ 52.291808][ T5024] ? find_rule+0x370/0x370 [ 52.296393][ T5024] ? prepare_to_swait_exclusive+0x240/0x240 [ 52.302276][ T5024] ? dispose_list+0x1e0/0x1e0 [ 52.307030][ T5024] nilfs_put_super+0x43/0x1b0 [ 52.311698][ T5024] ? nilfs_freeze+0xc0/0xc0 [ 52.316188][ T5024] generic_shutdown_super+0x158/0x480 [ 52.321646][ T5024] kill_block_super+0x64/0xb0 [ 52.326323][ T5024] deactivate_locked_super+0x9a/0x170 [ 52.331684][ T5024] deactivate_super+0xde/0x100 [ 52.336432][ T5024] cleanup_mnt+0x222/0x3d0 [ 52.340842][ T5024] task_work_run+0x14d/0x240 [ 52.345428][ T5024] ? task_work_cancel+0x30/0x30 [ 52.350271][ T5024] ptrace_notify+0x10c/0x130 [ 52.354849][ T5024] syscall_exit_to_user_mode_prepare+0x120/0x220 [ 52.361278][ T5024] syscall_exit_to_user_mode+0xd/0x50 [ 52.366680][ T5024] do_syscall_64+0x44/0xb0 [ 52.371081][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.376983][ T5024] RIP: 0033:0x7f0e780a6fa7 [ 52.381387][ T5024] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 52.401075][ T5024] RSP: 002b:00007ffc0ea1c078 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 52.409472][ T5024] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0e780a6fa7 [ 52.417603][ T5024] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffc0ea1c130 [ 52.425558][ T5024] RBP: 00007ffc0ea1c130 R08: 0000000000000000 R09: 0000000000000000 [ 52.433556][ T5024] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc0ea1d1f0 [ 52.441597][ T5024] R13: 00005555568c9700 R14: 431bde82d7b634db R15: 00007ffc0ea1d194 [ 52.449562][ T5024] [ 52.452569][ T5024] [ 52.454877][ T5024] Allocated by task 5076: [ 52.459182][ T5024] kasan_save_stack+0x33/0x50 [ 52.463851][ T5024] kasan_set_track+0x25/0x30 [ 52.468453][ T5024] __kasan_slab_alloc+0x81/0x90 [ 52.473299][ T5024] kmem_cache_alloc_lru+0x21a/0x630 [ 52.478487][ T5024] nilfs_alloc_inode+0x26/0x150 [ 52.483324][ T5024] alloc_inode+0x5d/0x220 [ 52.487646][ T5024] iget5_locked+0x63/0xe0 [ 52.491961][ T5024] nilfs_iget_locked+0xa1/0xd0 [ 52.496706][ T5024] nilfs_ifile_read+0x30/0x1b0 [ 52.501457][ T5024] nilfs_attach_checkpoint+0x26c/0x4e0 [ 52.506921][ T5024] nilfs_mount+0xafd/0x1120 [ 52.511414][ T5024] legacy_get_tree+0x109/0x220 [ 52.516200][ T5024] vfs_get_tree+0x88/0x350 [ 52.520613][ T5024] path_mount+0x1492/0x1ed0 [ 52.525103][ T5024] __x64_sys_mount+0x293/0x310 [ 52.529876][ T5024] do_syscall_64+0x38/0xb0 [ 52.534278][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.540152][ T5024] [ 52.542456][ T5024] Freed by task 4668: [ 52.546501][ T5024] kasan_save_stack+0x33/0x50 [ 52.551168][ T5024] kasan_set_track+0x25/0x30 [ 52.555746][ T5024] kasan_save_free_info+0x2b/0x40 [ 52.560769][ T5024] ____kasan_slab_free+0x15e/0x1b0 [ 52.565873][ T5024] slab_free_freelist_hook+0x10b/0x1e0 [ 52.571317][ T5024] kmem_cache_free+0xf0/0x490 [ 52.575982][ T5024] i_callback+0x43/0x70 [ 52.580122][ T5024] rcu_core+0x7fb/0x1bb0 [ 52.584363][ T5024] __do_softirq+0x218/0x965 [ 52.588864][ T5024] [ 52.591267][ T5024] Last potentially related work creation: [ 52.596960][ T5024] kasan_save_stack+0x33/0x50 [ 52.601628][ T5024] __kasan_record_aux_stack+0xbc/0xd0 [ 52.606992][ T5024] __call_rcu_common.constprop.0+0x9a/0x790 [ 52.612871][ T5024] destroy_inode+0x129/0x1b0 [ 52.617449][ T5024] iput.part.0+0x55e/0x7a0 [ 52.621854][ T5024] iput+0x5c/0x80 [ 52.625474][ T5024] nilfs_put_root+0xae/0xe0 [ 52.629962][ T5024] nilfs_detach_log_writer+0x5e0/0xa60 [ 52.635408][ T5024] nilfs_put_super+0x43/0x1b0 [ 52.640075][ T5024] generic_shutdown_super+0x158/0x480 [ 52.645521][ T5024] kill_block_super+0x64/0xb0 [ 52.650181][ T5024] deactivate_locked_super+0x9a/0x170 [ 52.655535][ T5024] deactivate_super+0xde/0x100 [ 52.660285][ T5024] cleanup_mnt+0x222/0x3d0 [ 52.664696][ T5024] task_work_run+0x14d/0x240 [ 52.669282][ T5024] ptrace_notify+0x10c/0x130 [ 52.673854][ T5024] syscall_exit_to_user_mode_prepare+0x120/0x220 [ 52.680182][ T5024] syscall_exit_to_user_mode+0xd/0x50 [ 52.685723][ T5024] do_syscall_64+0x44/0xb0 [ 52.690143][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.696018][ T5024] [ 52.698333][ T5024] The buggy address belongs to the object at ffff888075798cd0 [ 52.698333][ T5024] which belongs to the cache nilfs2_inode_cache of size 1512 [ 52.713066][ T5024] The buggy address is located 546 bytes inside of [ 52.713066][ T5024] freed 1512-byte region [ffff888075798cd0, ffff8880757992b8) [ 52.726969][ T5024] [ 52.729275][ T5024] The buggy address belongs to the physical page: [ 52.735750][ T5024] page:ffffea0001d5e600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75798 [ 52.745885][ T5024] head:ffffea0001d5e600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 52.754801][ T5024] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 52.762763][ T5024] page_type: 0xffffffff() [ 52.767075][ T5024] raw: 00fff00000010200 ffff888142283140 dead000000000122 0000000000000000 [ 52.775644][ T5024] raw: 0000000000000000 0000000000130013 00000001ffffffff 0000000000000000 [ 52.784206][ T5024] page dumped because: kasan: bad access detected [ 52.790621][ T5024] page_owner tracks the page as allocated [ 52.796404][ T5024] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 5076, tgid 5070 (syz-executor105), ts 46732329284, free_ts 10351707866 [ 52.818985][ T5024] post_alloc_hook+0x2d2/0x350 [ 52.823752][ T5024] get_page_from_freelist+0x10a9/0x31e0 [ 52.829310][ T5024] __alloc_pages+0x1d0/0x4a0 [ 52.833891][ T5024] alloc_pages+0x1a9/0x270 [ 52.838303][ T5024] allocate_slab+0x24e/0x380 [ 52.842880][ T5024] ___slab_alloc+0x8bc/0x1570 [ 52.847542][ T5024] __slab_alloc.constprop.0+0x56/0xa0 [ 52.852903][ T5024] kmem_cache_alloc_lru+0x4e4/0x630 [ 52.858100][ T5024] nilfs_alloc_inode+0x26/0x150 [ 52.862941][ T5024] alloc_inode+0x5d/0x220 [ 52.867262][ T5024] iget5_locked+0x63/0xe0 [ 52.871577][ T5024] nilfs_iget_locked+0xa1/0xd0 [ 52.876326][ T5024] nilfs_sufile_read+0xd6/0x5a0 [ 52.881168][ T5024] load_nilfs+0x669/0x12d0 [ 52.885566][ T5024] nilfs_mount+0xa8c/0x1120 [ 52.890058][ T5024] legacy_get_tree+0x109/0x220 [ 52.894836][ T5024] page last free stack trace: [ 52.899487][ T5024] free_unref_page_prepare+0x508/0xb90 [ 52.904936][ T5024] free_unref_page+0x33/0x3b0 [ 52.909603][ T5024] free_contig_range+0xb6/0x190 [ 52.914441][ T5024] destroy_args+0x686/0x940 [ 52.919036][ T5024] debug_vm_pgtable+0x2339/0x3ff0 [ 52.924052][ T5024] do_one_initcall+0x117/0x630 [ 52.928809][ T5024] kernel_init_freeable+0x5bd/0x8f0 [ 52.933996][ T5024] kernel_init+0x1c/0x2a0 [ 52.938316][ T5024] ret_from_fork+0x2c/0x70 [ 52.942725][ T5024] ret_from_fork_asm+0x11/0x20 [ 52.947487][ T5024] [ 52.949791][ T5024] Memory state around the buggy address: [ 52.955398][ T5024] ffff888075798d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 52.963448][ T5024] ffff888075798e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 52.971490][ T5024] >ffff888075798e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 52.979533][ T5024] ^ [ 52.987228][ T5024] ffff888075798f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 52.995354][ T5024] ffff888075798f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ./strace-static-x86_64: Process 5103 attached [pid 5101] <... getdents64 resumed>0x9999999999999999, 41) = -1 EIO (Input/output error) [pid 5100] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 5099] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... mount resumed>) = 0 [pid 5089] <... sendfile resumed>) = 368640 [pid 5087] <... getdents64 resumed>0x9999999999999999, 41) = -1 EIO (Input/output error) [pid 5090] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5090] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] kill(-5083, SIGKILL [pid 5023] kill(-5084, SIGKILL [pid 5090] <... futex resumed>) = 0 [pid 5025] <... kill resumed>) = 0 [pid 5023] <... kill resumed>) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5025] kill(5083, SIGKILL [pid 5023] kill(5084, SIGKILL [pid 5090] <... mmap resumed>) = 0x7f0e6fe21000 [pid 5025] <... kill resumed>) = 0 [pid 5023] <... kill resumed>) = 0 [pid 5090] mprotect(0x7f0e6fe22000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe41990, parent_tid=0x7f0e6fe41990, exit_signal=0, stack=0x7f0e6fe21000, stack_size=0x20300, tls=0x7f0e6fe416c0} => {parent_tid=[5105]}, 88) = 5105 [pid 5090] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5090] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... futex resumed>) = ? [pid 5091] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5099] +++ killed by SIGKILL +++ [pid 5101] +++ killed by SIGKILL +++ [pid 5087] +++ killed by SIGKILL +++ [pid 5091] <... openat resumed>) = 3 [pid 5089] +++ killed by SIGKILL +++ [pid 5103] +++ killed by SIGKILL +++ [pid 5083] +++ killed by SIGKILL +++ [pid 5091] chdir("./file1" [pid 5025] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5083, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5025] restart_syscall(<... resuming interrupted kill ...>) = 0 [pid 5025] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5100] +++ killed by SIGKILL +++ [pid 5091] <... chdir resumed>) = 0 [pid 5084] +++ killed by SIGKILL +++ [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5091] ioctl(4, LOOP_CLR_FD [pid 5025] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5023] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5084, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5091] <... ioctl resumed>) = 0 [pid 5025] <... openat resumed>) = 3 [pid 5023] restart_syscall(<... resuming interrupted kill ...> [pid 5091] close(4 [pid 5025] newfstatat(3, "", [pid 5091] <... close resumed>) = 0 [pid 5025] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5023] <... restart_syscall resumed>) = 0 [pid 5025] getdents64(3, 0x5555568c9730 /* 4 entries */, 32768) = 112 [pid 5025] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5023] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5025] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5023] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5025] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5023] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5025] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5023] <... openat resumed>) = 3 [pid 5025] unlink("./2/binderfs" [pid 5023] newfstatat(3, "", [pid 5025] <... unlink resumed>) = 0 [pid 5023] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5023] getdents64(3, [pid 5091] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] <... getdents64 resumed>0x5555568c9730 /* 4 entries */, 32768) = 112 [pid 5091] <... futex resumed>) = 0 [pid 5023] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5091] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5023] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5023] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5023] unlink("./2/binderfs") = 0 [ 53.003481][ T5024] ================================================================== [ 53.024761][ T5025] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer [ 53.046073][ T5025] NILFS (loop3): discard dirty page: offset=8192, ino=6 [pid 5023] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5105 attached [pid 5096] <... mount resumed>) = 0 [ 53.049781][ T5104] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 53.053863][ T5025] NILFS (loop3): discard dirty block: blocknr=25, size=4096 [ 53.064443][ T5024] ================================================================== [ 53.079292][ T5024] BUG: KASAN: slab-use-after-free in nilfs_palloc_bitmap_blkoff+0x134/0x140 [ 53.087999][ T5024] Read of size 8 at addr ffff8880757992b0 by task syz-executor105/5024 [ 53.090101][ T5025] NILFS (loop3): discard dirty page: offset=0, ino=5 [ 53.096225][ T5024] [pid 5105] rseq(0x7f0e6fe41fe0, 0x20, 0, 0x53053053 [pid 5096] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5090] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5090] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5090] <... futex resumed>) = 1 [pid 5091] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5090] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] <... umount2 resumed>) = 0 [pid 5023] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5023] newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5023] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5023] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5023] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5023] getdents64(4, 0x5555568d1770 /* 2 entries */, 32768) = 48 [pid 5023] getdents64(4, 0x5555568d1770 /* 0 entries */, 32768) = 0 [pid 5023] close(4) = 0 [pid 5023] rmdir("./2/file1") = 0 [pid 5023] getdents64(3, 0x5555568c9730 /* 0 entries */, 32768) = 0 [pid 5023] close(3) = 0 [pid 5023] rmdir("./2") = 0 [pid 5023] mkdir("./3", 0777) = 0 [pid 5023] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5023] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5023] close(3) = 0 [pid 5023] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568c8690) = 5106 ./strace-static-x86_64: Process 5106 attached [pid 5106] set_robust_list(0x5555568c86a0, 24) = 0 [pid 5106] chdir("./3") = 0 [pid 5106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5106] setpgid(0, 0) = 0 [pid 5106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5106] write(3, "1000", 4) = 4 [pid 5106] close(3) = 0 [pid 5106] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5106] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] rt_sigaction(SIGRT_1, {sa_handler=0x7f0e780cc160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0e780bd310}, NULL, 8) = 0 [pid 5106] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0e78042000 [pid 5106] mprotect(0x7f0e78043000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5106] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5106] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e78062990, parent_tid=0x7f0e78062990, exit_signal=0, stack=0x7f0e78042000, stack_size=0x20300, tls=0x7f0e780626c0} => {parent_tid=[5107]}, 88) = 5107 [pid 5106] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5106] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5096] <... openat resumed>) = 3 [pid 5096] chdir("./file1") = 0 [pid 5096] ioctl(4, LOOP_CLR_FD) = 0 [pid 5096] close(4) = 0 [pid 5096] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5091] <... open resumed>) = 4 [pid 5091] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5091] ftruncate(4, 33587195 [pid 5090] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... ftruncate resumed>) = 0 [ 53.096231][ T5024] CPU: 1 PID: 5024 Comm: syz-executor105 Tainted: G B 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0 [ 53.096252][ T5024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 53.096263][ T5024] Call Trace: [ 53.096268][ T5024] [ 53.104270][ T5025] NILFS (loop3): discard dirty block: blocknr=27, size=4096 [ 53.105211][ T5024] dump_stack_lvl+0xd9/0x1b0 [ 53.126019][ T5091] NILFS error (device loop4): nilfs_readdir: zero-length directory entry [pid 5091] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5091] sendfile(-1, 4, NULL, 281474978811909 [pid 5090] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... sendfile resumed>) = -1 EBADF (Bad file descriptor) [pid 5090] <... futex resumed>) = 0 [pid 5091] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 0 [pid 5090] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5091] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5090] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... openat resumed>) = 5 [pid 5090] <... futex resumed>) = 0 [pid 5091] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [ 53.127101][ T5024] print_report+0xc4/0x620 [ 53.127131][ T5024] ? __virt_addr_valid+0x5e/0x2d0 [ 53.130911][ T5091] Remounting filesystem read-only [ 53.133303][ T5024] ? __phys_addr+0xc6/0x140 [ 53.144379][ T5025] NILFS (loop3): discard dirty page: offset=0, ino=3 [ 53.145215][ T5024] kasan_report+0xda/0x110 [ 53.145243][ T5024] ? nilfs_palloc_bitmap_blkoff+0x134/0x140 [ 53.154263][ T5025] NILFS (loop3): discard dirty block: blocknr=28, size=4096 [ 53.158008][ T5024] ? nilfs_palloc_bitmap_blkoff+0x134/0x140 [ 53.158045][ T5024] nilfs_palloc_bitmap_blkoff+0x134/0x140 [ 53.163693][ T5025] NILFS (loop3): discard dirty page: offset=4096, ino=3 [ 53.168033][ T5024] nilfs_palloc_get_entry_block+0xf9/0x1b0 [ 53.168063][ T5024] nilfs_ifile_get_inode_block+0xc5/0x190 [ 53.168089][ T5024] nilfs_load_inode_block+0x179/0x300 [ 53.168108][ T5024] __nilfs_mark_inode_dirty+0x80/0x240 [ 53.168126][ T5024] ? nilfs_dirty_folio+0x4c0/0x4c0 [ 53.168144][ T5024] ? nilfs_transaction_begin+0x3fe/0xa40 [ 53.168167][ T5024] nilfs_dirty_inode+0x1ab/0x270 [ 53.168184][ T5024] ? nilfs_evict_inode+0x550/0x550 [ 53.168202][ T5024] ? reacquire_held_locks+0x4b0/0x4b0 [ 53.168226][ T5024] ? find_held_lock+0x2d/0x110 [ 53.168247][ T5024] ? nilfs_evict_inode+0x550/0x550 [ 53.168264][ T5024] __mark_inode_dirty+0x1e0/0xd50 [ 53.168289][ T5024] iput.part.0+0x5b/0x7a0 [ 53.175766][ T5025] NILFS (loop3): discard dirty block: blocknr=29, size=4096 [ 53.180042][ T5024] iput+0x5c/0x80 [ 53.180066][ T5024] nilfs_dispose_list+0x49b/0x6e0 [ 53.185229][ T5025] NILFS (loop3): discard dirty page: offset=270336, ino=3 [ 53.190410][ T5024] ? nilfs_segctor_apply_buffers+0x470/0x470 [ 53.190441][ T5024] ? up_write+0x1b3/0x510 [ 53.198281][ T5025] NILFS (loop3): discard dirty block: blocknr=0, size=4096 [ 53.203569][ T5024] nilfs_detach_log_writer+0x77c/0xa60 [ 53.266324][ T26] audit: type=1800 audit(1691305907.782:2): pid=5091 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor105" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 53.269851][ T5024] ? nilfs_clean_segments+0xac0/0xac0 [ 53.277706][ T5109] loop3: detected capacity change from 0 to 4096 [ 53.280038][ T5024] ? find_rule+0x370/0x370 [ 53.289451][ T5109] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 53.291697][ T5024] ? prepare_to_swait_exclusive+0x240/0x240 [ 53.296586][ T5109] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 4096) [ 53.300345][ T5024] ? dispose_list+0x1e0/0x1e0 [ 53.300373][ T5024] nilfs_put_super+0x43/0x1b0 [ 53.401276][ T5024] ? nilfs_freeze+0xc0/0xc0 [ 53.405774][ T5024] generic_shutdown_super+0x158/0x480 [ 53.411133][ T5024] kill_block_super+0x64/0xb0 [ 53.415804][ T5024] deactivate_locked_super+0x9a/0x170 [ 53.421168][ T5024] deactivate_super+0xde/0x100 [ 53.425919][ T5024] cleanup_mnt+0x222/0x3d0 [ 53.430331][ T5024] task_work_run+0x14d/0x240 [ 53.434913][ T5024] ? task_work_cancel+0x30/0x30 [ 53.439761][ T5024] ptrace_notify+0x10c/0x130 [ 53.444335][ T5024] syscall_exit_to_user_mode_prepare+0x120/0x220 [ 53.450657][ T5024] syscall_exit_to_user_mode+0xd/0x50 [ 53.456024][ T5024] do_syscall_64+0x44/0xb0 [ 53.460423][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.466389][ T5024] RIP: 0033:0x7f0e780a6fa7 [ 53.470804][ T5024] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 53.490401][ T5024] RSP: 002b:00007ffc0ea1c078 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 53.498813][ T5024] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0e780a6fa7 [ 53.506769][ T5024] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffc0ea1c130 [ 53.514720][ T5024] RBP: 00007ffc0ea1c130 R08: 0000000000000000 R09: 0000000000000000 [ 53.522681][ T5024] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc0ea1d1f0 [ 53.530639][ T5024] R13: 00005555568c9700 R14: 431bde82d7b634db R15: 00007ffc0ea1d194 [ 53.538602][ T5024] [ 53.541623][ T5024] [ 53.543925][ T5024] Allocated by task 5076: [ 53.548230][ T5024] kasan_save_stack+0x33/0x50 [ 53.552896][ T5024] kasan_set_track+0x25/0x30 [ 53.557474][ T5024] __kasan_slab_alloc+0x81/0x90 [ 53.562319][ T5024] kmem_cache_alloc_lru+0x21a/0x630 [ 53.567523][ T5024] nilfs_alloc_inode+0x26/0x150 [ 53.572534][ T5024] alloc_inode+0x5d/0x220 [ 53.576850][ T5024] iget5_locked+0x63/0xe0 [ 53.581301][ T5024] nilfs_iget_locked+0xa1/0xd0 [ 53.586065][ T5024] nilfs_ifile_read+0x30/0x1b0 [ 53.590823][ T5024] nilfs_attach_checkpoint+0x26c/0x4e0 [ 53.596267][ T5024] nilfs_mount+0xafd/0x1120 [ 53.600755][ T5024] legacy_get_tree+0x109/0x220 [ 53.605505][ T5024] vfs_get_tree+0x88/0x350 [ 53.609908][ T5024] path_mount+0x1492/0x1ed0 [ 53.614399][ T5024] __x64_sys_mount+0x293/0x310 [ 53.619148][ T5024] do_syscall_64+0x38/0xb0 [ 53.623548][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.629430][ T5024] [ 53.631735][ T5024] Freed by task 4668: [ 53.635889][ T5024] kasan_save_stack+0x33/0x50 [ 53.640555][ T5024] kasan_set_track+0x25/0x30 [ 53.645135][ T5024] kasan_save_free_info+0x2b/0x40 [ 53.650151][ T5024] ____kasan_slab_free+0x15e/0x1b0 [ 53.655338][ T5024] slab_free_freelist_hook+0x10b/0x1e0 [ 53.660782][ T5024] kmem_cache_free+0xf0/0x490 [ 53.665450][ T5024] i_callback+0x43/0x70 [ 53.669591][ T5024] rcu_core+0x7fb/0x1bb0 [ 53.673818][ T5024] __do_softirq+0x218/0x965 [ 53.678315][ T5024] [ 53.680646][ T5024] Last potentially related work creation: [ 53.686339][ T5024] kasan_save_stack+0x33/0x50 [ 53.691003][ T5024] __kasan_record_aux_stack+0xbc/0xd0 [ 53.696368][ T5024] __call_rcu_common.constprop.0+0x9a/0x790 [ 53.702251][ T5024] destroy_inode+0x129/0x1b0 [ 53.706827][ T5024] iput.part.0+0x55e/0x7a0 [ 53.711273][ T5024] iput+0x5c/0x80 [ 53.714892][ T5024] nilfs_put_root+0xae/0xe0 [ 53.719382][ T5024] nilfs_detach_log_writer+0x5e0/0xa60 [ 53.724832][ T5024] nilfs_put_super+0x43/0x1b0 [ 53.729573][ T5024] generic_shutdown_super+0x158/0x480 [ 53.734930][ T5024] kill_block_super+0x64/0xb0 [ 53.739598][ T5024] deactivate_locked_super+0x9a/0x170 [ 53.744956][ T5024] deactivate_super+0xde/0x100 [ 53.749704][ T5024] cleanup_mnt+0x222/0x3d0 [ 53.754115][ T5024] task_work_run+0x14d/0x240 [ 53.758722][ T5024] ptrace_notify+0x10c/0x130 [ 53.763300][ T5024] syscall_exit_to_user_mode_prepare+0x120/0x220 [ 53.769621][ T5024] syscall_exit_to_user_mode+0xd/0x50 [ 53.774983][ T5024] do_syscall_64+0x44/0xb0 [ 53.779384][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.785262][ T5024] [ 53.787572][ T5024] The buggy address belongs to the object at ffff888075798cd0 [ 53.787572][ T5024] which belongs to the cache nilfs2_inode_cache of size 1512 [ 53.802388][ T5024] The buggy address is located 1504 bytes inside of [ 53.802388][ T5024] freed 1512-byte region [ffff888075798cd0, ffff8880757992b8) [ 53.816786][ T5024] [ 53.819106][ T5024] The buggy address belongs to the physical page: [ 53.826738][ T5024] page:ffffea0001d5e600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75798 [ 53.837483][ T5024] head:ffffea0001d5e600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 53.846409][ T5024] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 53.856302][ T5024] page_type: 0xffffffff() [ 53.860616][ T5024] raw: 00fff00000010200 ffff888142283140 dead000000000122 0000000000000000 [ 53.869287][ T5024] raw: 0000000000000000 0000000000130013 00000001ffffffff 0000000000000000 [ 53.877854][ T5024] page dumped because: kasan: bad access detected [ 53.884246][ T5024] page_owner tracks the page as allocated [ 53.889954][ T5024] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 5076, tgid 5070 (syz-executor105), ts 46732329284, free_ts 10351707866 [ 53.912520][ T5024] post_alloc_hook+0x2d2/0x350 [ 53.917281][ T5024] get_page_from_freelist+0x10a9/0x31e0 [ 53.922819][ T5024] __alloc_pages+0x1d0/0x4a0 [ 53.927401][ T5024] alloc_pages+0x1a9/0x270 [ 53.931806][ T5024] allocate_slab+0x24e/0x380 [ 53.936383][ T5024] ___slab_alloc+0x8bc/0x1570 [ 53.941134][ T5024] __slab_alloc.constprop.0+0x56/0xa0 [ 53.946497][ T5024] kmem_cache_alloc_lru+0x4e4/0x630 [ 53.951682][ T5024] nilfs_alloc_inode+0x26/0x150 [ 53.956516][ T5024] alloc_inode+0x5d/0x220 [ 53.960831][ T5024] iget5_locked+0x63/0xe0 [ 53.965152][ T5024] nilfs_iget_locked+0xa1/0xd0 [ 53.969905][ T5024] nilfs_sufile_read+0xd6/0x5a0 [ 53.974746][ T5024] load_nilfs+0x669/0x12d0 [ 53.979148][ T5024] nilfs_mount+0xa8c/0x1120 [ 53.983633][ T5024] legacy_get_tree+0x109/0x220 [ 53.988382][ T5024] page last free stack trace: [ 53.993031][ T5024] free_unref_page_prepare+0x508/0xb90 [ 53.998486][ T5024] free_unref_page+0x33/0x3b0 [ 54.003152][ T5024] free_contig_range+0xb6/0x190 [ 54.008007][ T5024] destroy_args+0x686/0x940 [ 54.012502][ T5024] debug_vm_pgtable+0x2339/0x3ff0 [ 54.017515][ T5024] do_one_initcall+0x117/0x630 [ 54.022274][ T5024] kernel_init_freeable+0x5bd/0x8f0 [ 54.027460][ T5024] kernel_init+0x1c/0x2a0 [ 54.031783][ T5024] ret_from_fork+0x2c/0x70 [ 54.036210][ T5024] ret_from_fork_asm+0x11/0x20 [ 54.040970][ T5024] [ 54.043278][ T5024] Memory state around the buggy address: [ 54.048885][ T5024] ffff888075799180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [pid 5090] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 0 [pid 5090] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5090] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] lseek(5, 257, SEEK_SET) = 257 [pid 5091] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] getdents64(5, 0x9999999999999999, 41) = -1 EIO (Input/output error) [pid 5091] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 1 [pid 5091] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EROFS (Read-only file system) [pid 5091] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5091] <... futex resumed>) = 1 [pid 5091] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5026] kill(-5090, SIGKILL [pid 5091] <... futex resumed>) = ? [pid 5091] +++ killed by SIGKILL +++ [pid 5026] <... kill resumed>) = 0 [pid 5026] kill(5090, SIGKILL) = 0 [pid 5025] <... umount2 resumed>) = 0 [pid 5025] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5025] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] getdents64(4, 0x5555568d1770 /* 2 entries */, 32768) = 48 [pid 5025] getdents64(4, 0x5555568d1770 /* 0 entries */, 32768) = 0 [pid 5025] close(4) = 0 [pid 5025] rmdir("./2/file1") = 0 [pid 5025] getdents64(3, 0x5555568c9730 /* 0 entries */, 32768) = 0 [pid 5025] close(3) = 0 [pid 5025] rmdir("./2") = 0 [pid 5025] mkdir("./3", 0777) = 0 [pid 5025] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5025] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5025] close(3) = 0 [pid 5025] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568c8690) = 5108 ./strace-static-x86_64: Process 5108 attached [pid 5108] set_robust_list(0x5555568c86a0, 24) = 0 [pid 5108] chdir("./3") = 0 [pid 5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5108] setpgid(0, 0) = 0 [pid 5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5108] write(3, "1000", 4) = 4 [pid 5108] close(3) = 0 [pid 5108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5108] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] rt_sigaction(SIGRT_1, {sa_handler=0x7f0e780cc160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0e780bd310}, NULL, 8) = 0 [pid 5108] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0e78042000 [pid 5108] mprotect(0x7f0e78043000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e78062990, parent_tid=0x7f0e78062990, exit_signal=0, stack=0x7f0e78042000, stack_size=0x20300, tls=0x7f0e780626c0} => {parent_tid=[5109]}, 88) = 5109 [pid 5108] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5108] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5109 attached [pid 5109] rseq(0x7f0e78062fe0, 0x20, 0, 0x53053053) = 0 [pid 5109] set_robust_list(0x7f0e780629a0, 24) = 0 [pid 5109] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5109] memfd_create("syzkaller", 0) = 3 [pid 5109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e6fc42000 [pid 5109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 5109] munmap(0x7f0e6fc42000, 2097152) = 0 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = 1 [pid 5096] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5095] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5109] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5109] close(3) = 0 [pid 5109] mkdir("./file1", 0777) = 0 [pid 5109] mount("/dev/loop3", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5105] <... rseq resumed>) = ? [pid 5095] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5095] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] +++ killed by SIGKILL +++ [pid 5095] <... futex resumed>) = 0 [pid 5090] +++ killed by SIGKILL +++ [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0e6fe21000 [pid 5095] mprotect(0x7f0e6fe22000, 131072, PROT_READ|PROT_WRITE [pid 5096] <... open resumed>) = 4 [pid 5095] <... mprotect resumed>) = 0 [pid 5096] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5096] <... futex resumed>) = 0 [pid 5095] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5096] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe41990, parent_tid=0x7f0e6fe41990, exit_signal=0, stack=0x7f0e6fe21000, stack_size=0x20300, tls=0x7f0e6fe416c0} => {parent_tid=[5111]}, 88) = 5111 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5095] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5111 attached [pid 5111] rseq(0x7f0e6fe41fe0, 0x20, 0, 0x53053053) = 0 [pid 5095] <... futex resumed>) = 0 [pid 5111] set_robust_list(0x7f0e6fe419a0, 24 [pid 5095] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... set_robust_list resumed>) = 0 [pid 5111] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5111] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 5111] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5111] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = 1 [pid 5096] ftruncate(5, 33587195 [pid 5095] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... ftruncate resumed>) = 0 [pid 5096] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5096] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] <... futex resumed>) = 0 [pid 5096] sendfile(4, 5, NULL, 281474978811909 [pid 5095] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5026] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5090, si_uid=0, si_status=SIGKILL, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- [pid 5026] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5026] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 54.056932][ T5024] ffff888075799200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.064975][ T5024] >ffff888075799280: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc [ 54.073018][ T5024] ^ [ 54.078630][ T5024] ffff888075799300: fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb [ 54.086677][ T5024] ffff888075799380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.094721][ T5024] ================================================================== [pid 5026] getdents64(3, 0x5555568c9730 /* 4 entries */, 32768) = 112 [pid 5026] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] unlink("./2/binderfs") = 0 [pid 5026] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5107 attached [pid 5107] rseq(0x7f0e78062fe0, 0x20, 0, 0x53053053) = 0 [pid 5107] set_robust_list(0x7f0e780629a0, 24) = 0 [pid 5107] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5107] memfd_create("syzkaller", 0) = 3 [pid 5107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e6fc42000 [pid 5109] <... mount resumed>) = 0 [pid 5109] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5109] chdir("./file1") = 0 [pid 5109] ioctl(4, LOOP_CLR_FD) = 0 [pid 5109] close(4) = 0 [pid 5109] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5022] <... umount2 resumed>) = 0 [pid 5109] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5108] <... futex resumed>) = 0 [pid 5109] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5108] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5022] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5095] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5022] newfstatat(AT_FDCWD, "./2/file1", [pid 5095] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5111] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = 1 [pid 5022] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5111] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5095] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... openat resumed>) = 6 [pid 5022] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5111] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5111] <... futex resumed>) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5111] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5022] <... openat resumed>) = 4 [pid 5095] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] <... futex resumed>) = 0 [pid 5022] newfstatat(4, "", [pid 5111] lseek(6, 257, SEEK_SET [pid 5095] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... lseek resumed>) = 257 [pid 5022] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5111] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] getdents64(4, [pid 5111] <... futex resumed>) = 1 [pid 5111] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] <... futex resumed>) = 0 [pid 5111] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5095] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] <... getdents64 resumed>0x5555568d1770 /* 2 entries */, 32768) = 48 [pid 5111] getdents64(6, [pid 5095] <... futex resumed>) = 0 [pid 5026] <... umount2 resumed>) = 0 [ 54.144886][ T5110] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 54.148378][ T5049] udevd[5049]: incorrect nilfs2 checksum on /dev/loop3 [pid 5022] getdents64(4, [pid 5095] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5026] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5026] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5026] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5026] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5022] <... getdents64 resumed>0x5555568d1770 /* 0 entries */, 32768) = 0 [pid 5022] close(4) = 0 [pid 5022] rmdir("./2/file1" [pid 5026] getdents64(4, 0x5555568d1770 /* 2 entries */, 32768) = 48 [pid 5022] <... rmdir resumed>) = 0 [pid 5022] getdents64(3, 0x5555568c9730 /* 0 entries */, 32768) = 0 [pid 5022] close(3 [pid 5026] getdents64(4, [pid 5022] <... close resumed>) = 0 [pid 5022] rmdir("./2" [pid 5026] <... getdents64 resumed>0x5555568d1770 /* 0 entries */, 32768) = 0 [pid 5022] <... rmdir resumed>) = 0 [pid 5022] mkdir("./3", 0777 [pid 5026] close(4 [pid 5022] <... mkdir resumed>) = 0 [pid 5022] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5026] <... close resumed>) = 0 [pid 5022] <... openat resumed>) = 3 [pid 5022] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5022] close(3) = 0 [pid 5026] rmdir("./2/file1") = 0 [pid 5026] getdents64(3, 0x5555568c9730 /* 0 entries */, 32768) = 0 [pid 5026] close(3) = 0 [pid 5026] rmdir("./2") = 0 [pid 5022] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5026] mkdir("./3", 0777) = 0 [pid 5026] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5022] <... clone resumed>, child_tidptr=0x5555568c8690) = 5112 [pid 5026] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5026] close(3) = 0 [pid 5026] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5026] <... clone resumed>, child_tidptr=0x5555568c8690) = 5113 [pid 5109] <... open resumed>) = 4 [pid 5109] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5109] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5108] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5113 attached [pid 5109] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5108] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] set_robust_list(0x5555568c86a0, 24 [pid 5109] <... open resumed>) = 5 [pid 5113] <... set_robust_list resumed>) = 0 [pid 5109] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] chdir("./3" [pid 5109] <... futex resumed>) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5113] <... chdir resumed>) = 0 [pid 5109] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5109] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5108] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5112 attached [pid 5113] <... prctl resumed>) = 0 [pid 5109] ftruncate(5, 33587195 [pid 5108] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] setpgid(0, 0) = 0 [pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5113] write(3, "1000", 4) = 4 [pid 5113] close(3) = 0 [pid 5113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5113] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] rt_sigaction(SIGRT_1, {sa_handler=0x7f0e780cc160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0e780bd310}, [pid 5109] <... ftruncate resumed>) = 0 [pid 5113] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5112] set_robust_list(0x5555568c86a0, 24 [pid 5109] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5112] <... set_robust_list resumed>) = 0 [pid 5109] <... futex resumed>) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5113] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5112] chdir("./3" [pid 5109] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5109] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5108] <... futex resumed>) = 0 [pid 5113] <... mmap resumed>) = 0x7f0e78042000 [pid 5109] sendfile(4, 5, NULL, 281474978811909 [ 54.190439][ T5111] NILFS error (device loop5): nilfs_readdir: zero-length directory entry [pid 5108] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] mprotect(0x7f0e78043000, 131072, PROT_READ|PROT_WRITE [pid 5112] <... chdir resumed>) = 0 [pid 5113] <... mprotect resumed>) = 0 [pid 5095] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5113] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5113] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e78062990, parent_tid=0x7f0e78062990, exit_signal=0, stack=0x7f0e78042000, stack_size=0x20300, tls=0x7f0e780626c0} => {parent_tid=[5114]}, 88) = 5114 [pid 5113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5113] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5107] <... write resumed>) = 2097152 [pid 5107] munmap(0x7f0e6fc42000, 2097152) = 0 [pid 5107] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 ./strace-static-x86_64: Process 5114 attached [pid 5107] ioctl(4, LOOP_SET_FD, 3 [pid 5114] rseq(0x7f0e78062fe0, 0x20, 0, 0x53053053) = 0 [pid 5114] set_robust_list(0x7f0e780629a0, 24) = 0 [pid 5114] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5114] memfd_create("syzkaller", 0) = 3 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e6fc42000 [pid 5107] <... ioctl resumed>) = 0 [pid 5107] close(3) = 0 [pid 5107] mkdir("./file1", 0777 [pid 5108] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5108] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0e6fe21000 [pid 5108] mprotect(0x7f0e6fe22000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe41990, parent_tid=0x7f0e6fe41990, exit_signal=0, stack=0x7f0e6fe21000, stack_size=0x20300, tls=0x7f0e6fe416c0} => {parent_tid=[5115]}, 88) = 5115 [pid 5108] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 54.252928][ T5024] ================================================================== [ 54.261031][ T5024] BUG: KASAN: slab-use-after-free in nilfs_palloc_bitmap_blkoff+0x12d/0x140 [ 54.265201][ T5107] loop1: detected capacity change from 0 to 4096 [ 54.269751][ T5024] Read of size 8 at addr ffff88802b585cc8 by task syz-executor105/5024 [ 54.269768][ T5024] [ 54.269773][ T5024] CPU: 1 PID: 5024 Comm: syz-executor105 Tainted: G B 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0 [pid 5108] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] <... mkdir resumed>) = 0 [ 54.269795][ T5024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 54.302138][ T5107] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 54.308551][ T5024] Call Trace: [ 54.308558][ T5024] [ 54.308565][ T5024] dump_stack_lvl+0xd9/0x1b0 [ 54.308588][ T5024] print_report+0xc4/0x620 [ 54.308612][ T5024] ? __virt_addr_valid+0x5e/0x2d0 [ 54.308634][ T5024] ? __phys_addr+0xc6/0x140 [ 54.308656][ T5024] kasan_report+0xda/0x110 [ 54.308679][ T5024] ? nilfs_palloc_bitmap_blkoff+0x12d/0x140 [ 54.308704][ T5024] ? nilfs_palloc_bitmap_blkoff+0x12d/0x140 [ 54.331498][ T5115] NILFS error (device loop3): nilfs_readdir: zero-length directory entry [ 54.333423][ T5024] nilfs_palloc_bitmap_blkoff+0x12d/0x140 [ 54.358142][ T5115] Remounting filesystem read-only [ 54.359068][ T5024] nilfs_palloc_get_entry_block+0xf9/0x1b0 [ 54.379959][ T5114] loop4: detected capacity change from 0 to 4096 [ 54.384059][ T5024] nilfs_ifile_get_inode_block+0xc5/0x190 [ 54.396201][ T5024] nilfs_load_inode_block+0x179/0x300 [ 54.401590][ T5024] __nilfs_mark_inode_dirty+0x80/0x240 [ 54.407041][ T5024] ? nilfs_dirty_folio+0x4c0/0x4c0 [ 54.412143][ T5024] ? nilfs_transaction_begin+0x3fe/0xa40 [ 54.417767][ T5024] nilfs_dirty_inode+0x1ab/0x270 [ 54.422707][ T5024] ? nilfs_evict_inode+0x550/0x550 [ 54.427803][ T5024] ? reacquire_held_locks+0x4b0/0x4b0 [ 54.433164][ T5024] ? find_held_lock+0x2d/0x110 [ 54.437912][ T5024] ? nilfs_evict_inode+0x550/0x550 [ 54.443017][ T5024] __mark_inode_dirty+0x1e0/0xd50 [ 54.448038][ T5024] iput.part.0+0x5b/0x7a0 [ 54.452360][ T5024] iput+0x5c/0x80 [ 54.455982][ T5024] nilfs_dispose_list+0x49b/0x6e0 [ 54.460997][ T5024] ? nilfs_segctor_apply_buffers+0x470/0x470 [ 54.466974][ T5024] ? up_write+0x1b3/0x510 [ 54.471312][ T5024] nilfs_detach_log_writer+0x77c/0xa60 [ 54.476771][ T5024] ? nilfs_clean_segments+0xac0/0xac0 [ 54.482152][ T5024] ? find_rule+0x370/0x370 [ 54.486563][ T5024] ? prepare_to_swait_exclusive+0x240/0x240 [ 54.492444][ T5024] ? dispose_list+0x1e0/0x1e0 [ 54.497128][ T5024] nilfs_put_super+0x43/0x1b0 [ 54.501793][ T5024] ? nilfs_freeze+0xc0/0xc0 [ 54.506280][ T5024] generic_shutdown_super+0x158/0x480 [ 54.511638][ T5024] kill_block_super+0x64/0xb0 [ 54.516299][ T5024] deactivate_locked_super+0x9a/0x170 [ 54.521654][ T5024] deactivate_super+0xde/0x100 [ 54.526402][ T5024] cleanup_mnt+0x222/0x3d0 [ 54.530812][ T5024] task_work_run+0x14d/0x240 [ 54.535399][ T5024] ? task_work_cancel+0x30/0x30 [ 54.540244][ T5024] ptrace_notify+0x10c/0x130 [ 54.544825][ T5024] syscall_exit_to_user_mode_prepare+0x120/0x220 [ 54.551160][ T5024] syscall_exit_to_user_mode+0xd/0x50 [ 54.556527][ T5024] do_syscall_64+0x44/0xb0 [ 54.560937][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.566816][ T5024] RIP: 0033:0x7f0e780a6fa7 [ 54.571217][ T5024] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 54.591006][ T5024] RSP: 002b:00007ffc0ea1c078 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 54.599405][ T5024] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0e780a6fa7 [ 54.607364][ T5024] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffc0ea1c130 [ 54.615321][ T5024] RBP: 00007ffc0ea1c130 R08: 0000000000000000 R09: 0000000000000000 [ 54.623275][ T5024] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc0ea1d1f0 [ 54.631260][ T5024] R13: 00005555568c9700 R14: 431bde82d7b634db R15: 00007ffc0ea1d194 [ 54.639262][ T5024] [ 54.642284][ T5024] [ 54.644604][ T5024] Allocated by task 5076: [ 54.648910][ T5024] kasan_save_stack+0x33/0x50 [ 54.653578][ T5024] kasan_set_track+0x25/0x30 [ 54.658244][ T5024] __kasan_kmalloc+0xa2/0xb0 [ 54.662827][ T5024] __kmalloc+0x5d/0x100 [ 54.666992][ T5024] nilfs_mdt_init+0x2f/0x1e0 [ 54.671571][ T5024] nilfs_ifile_read+0xc9/0x1b0 [ 54.676408][ T5024] nilfs_attach_checkpoint+0x26c/0x4e0 [ 54.681882][ T5024] nilfs_mount+0xafd/0x1120 [ 54.686389][ T5024] legacy_get_tree+0x109/0x220 [ 54.691142][ T5024] vfs_get_tree+0x88/0x350 [ 54.695544][ T5024] path_mount+0x1492/0x1ed0 [ 54.700031][ T5024] __x64_sys_mount+0x293/0x310 [ 54.704779][ T5024] do_syscall_64+0x38/0xb0 [ 54.709179][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.715056][ T5024] [ 54.717539][ T5024] Freed by task 4668: [ 54.721498][ T5024] kasan_save_stack+0x33/0x50 [ 54.726168][ T5024] kasan_set_track+0x25/0x30 [ 54.730756][ T5024] kasan_save_free_info+0x2b/0x40 [ 54.735771][ T5024] ____kasan_slab_free+0x15e/0x1b0 [ 54.740867][ T5024] slab_free_freelist_hook+0x10b/0x1e0 [ 54.746310][ T5024] __kmem_cache_free+0xb8/0x2f0 [ 54.751149][ T5024] nilfs_free_inode+0x42/0x70 [ 54.755809][ T5024] i_callback+0x43/0x70 [ 54.759965][ T5024] rcu_core+0x7fb/0x1bb0 [ 54.764206][ T5024] __do_softirq+0x218/0x965 [ 54.768704][ T5024] [ 54.771011][ T5024] The buggy address belongs to the object at ffff88802b585c00 [ 54.771011][ T5024] which belongs to the cache kmalloc-512 of size 512 [ 54.785043][ T5024] The buggy address is located 200 bytes inside of [ 54.785043][ T5024] freed 512-byte region [ffff88802b585c00, ffff88802b585e00) [ 54.798996][ T5024] [ 54.801389][ T5024] The buggy address belongs to the physical page: [ 54.807775][ T5024] page:ffffea0000ad6100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2b584 [ 54.817990][ T5024] head:ffffea0000ad6100 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 54.826949][ T5024] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 54.834906][ T5024] page_type: 0xffffffff() [ 54.839221][ T5024] raw: 00fff00000010200 ffff888012841c80 ffffea000060c900 dead000000000002 [ 54.847790][ T5024] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 54.856356][ T5024] page dumped because: kasan: bad access detected [ 54.862775][ T5024] page_owner tracks the page as allocated [ 54.868466][ T5024] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4490, tgid 4490 (udevadm), ts 14413457908, free_ts 14394869291 [ 54.889379][ T5024] post_alloc_hook+0x2d2/0x350 [ 54.894139][ T5024] get_page_from_freelist+0x10a9/0x31e0 [ 54.899767][ T5024] __alloc_pages+0x1d0/0x4a0 [ 54.904345][ T5024] alloc_pages+0x1a9/0x270 [ 54.908748][ T5024] allocate_slab+0x24e/0x380 [ 54.913348][ T5024] ___slab_alloc+0x8bc/0x1570 [ 54.918011][ T5024] __slab_alloc.constprop.0+0x56/0xa0 [ 54.923370][ T5024] __kmem_cache_alloc_node+0x137/0x350 [ 54.928832][ T5024] kmalloc_trace+0x25/0xe0 [ 54.933238][ T5024] kernfs_fop_open+0x318/0xe00 [ 54.937994][ T5024] do_dentry_open+0x88b/0x1780 [ 54.942758][ T5024] path_openat+0x19af/0x29c0 [ 54.947402][ T5024] do_filp_open+0x1de/0x430 [ 54.951894][ T5024] do_sys_openat2+0x176/0x1e0 [ 54.956561][ T5024] __x64_sys_openat+0x175/0x210 [ 54.961411][ T5024] do_syscall_64+0x38/0xb0 [ 54.965815][ T5024] page last free stack trace: [ 54.970465][ T5024] free_unref_page_prepare+0x508/0xb90 [ 54.975912][ T5024] free_unref_page+0x33/0x3b0 [ 54.980575][ T5024] __unfreeze_partials+0x21d/0x240 [ 54.985674][ T5024] qlist_free_all+0x6a/0x170 [ 54.990256][ T5024] kasan_quarantine_reduce+0x18b/0x1d0 [ 54.995699][ T5024] __kasan_slab_alloc+0x65/0x90 [ 55.000545][ T5024] kmem_cache_alloc+0x172/0x3b0 [ 55.005380][ T5024] vm_area_dup+0x21/0x2f0 [ 55.009695][ T5024] __split_vma+0x1a8/0x830 [ 55.014095][ T5024] split_vma+0xc8/0x110 [ 55.018238][ T5024] mprotect_fixup+0x784/0xbf0 [ 55.022901][ T5024] do_mprotect_pkey+0x852/0xd60 [ 55.027737][ T5024] __x64_sys_mprotect+0x78/0xb0 [ 55.032600][ T5024] do_syscall_64+0x38/0xb0 [ 55.037033][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.042913][ T5024] [ 55.045215][ T5024] Memory state around the buggy address: [ 55.050825][ T5024] ffff88802b585b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.058952][ T5024] ffff88802b585c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.067010][ T5024] >ffff88802b585c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.075050][ T5024] ^ [ 55.081534][ T5024] ffff88802b585d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.089576][ T5024] ffff88802b585d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.097613][ T5024] ================================================================== [pid 5107] mount("/dev/loop1", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5095] futex(0x7f0e7812e6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0e6fe00000 [pid 5095] mprotect(0x7f0e6fe01000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5028] kill(-5095, SIGKILL) = 0 [pid 5028] kill(5095, SIGKILL) = 0 [pid 5114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152./strace-static-x86_64: Process 5115 attached [pid 5115] rseq(0x7f0e6fe41fe0, 0x20, 0, 0x53053053) = 0 [pid 5115] set_robust_list(0x7f0e6fe419a0, 24) = 0 [pid 5115] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5115] openat(AT_FDCWD, "./file0", O_RDONLY) = 6 [pid 5115] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5115] lseek(6, 257, SEEK_SET [pid 5108] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... lseek resumed>) = 257 [pid 5108] <... futex resumed>) = 0 [pid 5115] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] <... futex resumed>) = 0 [pid 5108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5115] getdents64(6, [pid 5108] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... write resumed>) = 2097152 [pid 5114] munmap(0x7f0e6fc42000, 2097152) = 0 [pid 5114] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5114] ioctl(4, LOOP_SET_FD, 3 [pid 5108] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5108] futex(0x7f0e7812e6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0e6fe00000 [pid 5108] mprotect(0x7f0e6fe01000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe20990, parent_tid=0x7f0e6fe20990, exit_signal=0, stack=0x7f0e6fe00000, stack_size=0x20300, tls=0x7f0e6fe206c0} => {parent_tid=[5116]}, 88) = 5116 [pid 5108] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5108] futex(0x7f0e7812e6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7f0e7812e6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] <... sendfile resumed>) = 368640 [pid 5109] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7f0e7812e6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5116 attached [pid 5116] rseq(0x7f0e6fe20fe0, 0x20, 0, 0x53053053) = 0 [pid 5116] set_robust_list(0x7f0e6fe209a0, 24) = 0 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5116] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 ENOSPC (No space left on device) [pid 5116] futex(0x7f0e7812e6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = 1 [pid 5116] futex(0x7f0e7812e6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5096] <... sendfile resumed>) = ? [pid 5112] <... prctl resumed>) = 0 [pid 5096] +++ killed by SIGKILL +++ [pid 5112] setpgid(0, 0) = 0 [pid 5112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5112] write(3, "1000", 4) = 4 [pid 5112] close(3) = 0 [pid 5112] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5112] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] rt_sigaction(SIGRT_1, {sa_handler=0x7f0e780cc160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0e780bd310}, NULL, 8) = 0 [pid 5112] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0e78042000 [pid 5112] mprotect(0x7f0e78043000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5112] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5112] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e78062990, parent_tid=0x7f0e78062990, exit_signal=0, stack=0x7f0e78042000, stack_size=0x20300, tls=0x7f0e780626c0} => {parent_tid=[5117]}, 88) = 5117 [pid 5112] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5112] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5115] <... getdents64 resumed>0x9999999999999999, 41) = -1 EIO (Input/output error) [pid 5115] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] futex(0x7f0e7812e6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5117 attached [pid 5117] rseq(0x7f0e78062fe0, 0x20, 0, 0x53053053) = 0 [pid 5117] set_robust_list(0x7f0e780629a0, 24) = 0 [pid 5117] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5111] <... getdents64 resumed> ) = ? [pid 5108] exit_group(0 [pid 5117] memfd_create("syzkaller", 0 [pid 5108] <... exit_group resumed>) = ? [pid 5115] <... futex resumed>) = ? [pid 5115] +++ exited with 0 +++ [pid 5109] <... futex resumed>) = ? [pid 5117] <... memfd_create resumed>) = 3 [pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e6fc42000 [pid 5109] +++ exited with 0 +++ [pid 5116] <... futex resumed>) = ? [pid 5114] <... ioctl resumed>) = 0 [pid 5114] close(3) = 0 [pid 5114] mkdir("./file1", 0777 [pid 5116] +++ exited with 0 +++ [pid 5108] +++ exited with 0 +++ [pid 5025] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5108, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5025] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5025] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5114] <... mkdir resumed>) = 0 [pid 5025] getdents64(3, [pid 5114] mount("/dev/loop4", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5025] <... getdents64 resumed>0x5555568c9730 /* 4 entries */, 32768) = 112 [pid 5025] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] unlink("./3/binderfs") = 0 [pid 5025] umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5111] +++ killed by SIGKILL +++ [pid 5095] +++ killed by SIGKILL +++ [ 55.108745][ T5111] Remounting filesystem read-only [ 55.127790][ T5025] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer [ 55.128361][ T5114] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 55.141758][ T5025] NILFS (loop3): discard dirty page: offset=8192, ino=6 [pid 5117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5028] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5095, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5028] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5028] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5028] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5028] getdents64(3, 0x5555568c9730 /* 4 entries */, 32768) = 112 [pid 5028] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5117] <... write resumed>) = 2097152 [pid 5117] munmap(0x7f0e6fc42000, 2097152) = 0 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5117] ioctl(4, LOOP_SET_FD, 3 [pid 5028] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5117] <... ioctl resumed>) = 0 [pid 5117] close(3 [pid 5028] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5028] unlink("./2/binderfs") = 0 [pid 5028] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5117] <... close resumed>) = 0 [ 55.153879][ T5025] NILFS (loop3): discard dirty block: blocknr=25, size=4096 [ 55.164645][ T5025] NILFS (loop3): discard dirty page: offset=0, ino=5 [ 55.167601][ T5117] loop0: detected capacity change from 0 to 4096 [ 55.172219][ T5025] NILFS (loop3): discard dirty block: blocknr=27, size=4096 [ 55.185720][ T5114] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 4096) [ 55.187815][ T5025] NILFS (loop3): discard dirty page: offset=0, ino=3 [ 55.198731][ T5024] ================================================================== [ 55.203095][ T5028] NILFS (loop5): disposed unprocessed dirty file(s) when stopping log writer [ 55.210088][ T5024] BUG: KASAN: slab-use-after-free in nilfs_palloc_bitmap_blkoff+0x126/0x140 [ 55.210119][ T5024] Read of size 8 at addr ffff88802b585cc0 by task syz-executor105/5024 [ 55.210134][ T5024] [ 55.210138][ T5024] CPU: 1 PID: 5024 Comm: syz-executor105 Tainted: G B 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0 [ 55.210158][ T5024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 55.210168][ T5024] Call Trace: [ 55.210172][ T5024] [ 55.210178][ T5024] dump_stack_lvl+0xd9/0x1b0 [ 55.210199][ T5024] print_report+0xc4/0x620 [ 55.219095][ T5025] NILFS (loop3): discard dirty block: blocknr=28, size=4096 [ 55.227567][ T5024] ? __virt_addr_valid+0x5e/0x2d0 [ 55.227593][ T5024] ? __phys_addr+0xc6/0x140 [ 55.237556][ T5028] NILFS (loop5): discard dirty page: offset=8192, ino=6 [ 55.238216][ T5024] kasan_report+0xda/0x110 [ 55.303422][ T5024] ? nilfs_palloc_bitmap_blkoff+0x126/0x140 [ 55.309318][ T5024] ? nilfs_palloc_bitmap_blkoff+0x126/0x140 [ 55.315204][ T5024] nilfs_palloc_bitmap_blkoff+0x126/0x140 [ 55.320920][ T5024] nilfs_palloc_get_entry_block+0xf9/0x1b0 [ 55.326721][ T5024] nilfs_ifile_get_inode_block+0xc5/0x190 [ 55.332431][ T5024] nilfs_load_inode_block+0x179/0x300 [ 55.337791][ T5024] __nilfs_mark_inode_dirty+0x80/0x240 [ 55.343236][ T5024] ? nilfs_dirty_folio+0x4c0/0x4c0 [ 55.348355][ T5024] ? nilfs_transaction_begin+0x3fe/0xa40 [ 55.353997][ T5024] nilfs_dirty_inode+0x1ab/0x270 [ 55.358939][ T5024] ? nilfs_evict_inode+0x550/0x550 [ 55.364055][ T5024] ? reacquire_held_locks+0x4b0/0x4b0 [ 55.369420][ T5024] ? find_held_lock+0x2d/0x110 [ 55.374172][ T5024] ? nilfs_evict_inode+0x550/0x550 [ 55.379353][ T5024] __mark_inode_dirty+0x1e0/0xd50 [ 55.384386][ T5024] iput.part.0+0x5b/0x7a0 [ 55.388703][ T5024] iput+0x5c/0x80 [ 55.392321][ T5024] nilfs_dispose_list+0x49b/0x6e0 [ 55.397337][ T5024] ? nilfs_segctor_apply_buffers+0x470/0x470 [ 55.403310][ T5024] ? up_write+0x1b3/0x510 [ 55.407662][ T5024] nilfs_detach_log_writer+0x77c/0xa60 [ 55.413123][ T5024] ? nilfs_clean_segments+0xac0/0xac0 [ 55.418582][ T5024] ? find_rule+0x370/0x370 [ 55.423001][ T5024] ? prepare_to_swait_exclusive+0x240/0x240 [ 55.428895][ T5024] ? dispose_list+0x1e0/0x1e0 [ 55.433584][ T5024] nilfs_put_super+0x43/0x1b0 [ 55.438248][ T5024] ? nilfs_freeze+0xc0/0xc0 [ 55.442736][ T5024] generic_shutdown_super+0x158/0x480 [ 55.448095][ T5024] kill_block_super+0x64/0xb0 [ 55.452754][ T5024] deactivate_locked_super+0x9a/0x170 [ 55.458112][ T5024] deactivate_super+0xde/0x100 [ 55.462863][ T5024] cleanup_mnt+0x222/0x3d0 [ 55.467270][ T5024] task_work_run+0x14d/0x240 [ 55.471851][ T5024] ? task_work_cancel+0x30/0x30 [ 55.476780][ T5024] ptrace_notify+0x10c/0x130 [ 55.481443][ T5024] syscall_exit_to_user_mode_prepare+0x120/0x220 [ 55.487766][ T5024] syscall_exit_to_user_mode+0xd/0x50 [ 55.493128][ T5024] do_syscall_64+0x44/0xb0 [ 55.497539][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.503417][ T5024] RIP: 0033:0x7f0e780a6fa7 [ 55.507821][ T5024] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 55.527431][ T5024] RSP: 002b:00007ffc0ea1c078 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 55.535911][ T5024] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0e780a6fa7 [ 55.543861][ T5024] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffc0ea1c130 [ 55.551812][ T5024] RBP: 00007ffc0ea1c130 R08: 0000000000000000 R09: 0000000000000000 [ 55.559854][ T5024] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc0ea1d1f0 [ 55.567815][ T5024] R13: 00005555568c9700 R14: 431bde82d7b634db R15: 00007ffc0ea1d194 [ 55.575779][ T5024] [ 55.578780][ T5024] [ 55.581083][ T5024] Allocated by task 5076: [ 55.585405][ T5024] kasan_save_stack+0x33/0x50 [ 55.590074][ T5024] kasan_set_track+0x25/0x30 [ 55.594657][ T5024] __kasan_kmalloc+0xa2/0xb0 [ 55.599322][ T5024] __kmalloc+0x5d/0x100 [ 55.603469][ T5024] nilfs_mdt_init+0x2f/0x1e0 [ 55.608045][ T5024] nilfs_ifile_read+0xc9/0x1b0 [ 55.612795][ T5024] nilfs_attach_checkpoint+0x26c/0x4e0 [ 55.618238][ T5024] nilfs_mount+0xafd/0x1120 [ 55.622724][ T5024] legacy_get_tree+0x109/0x220 [ 55.627496][ T5024] vfs_get_tree+0x88/0x350 [ 55.631901][ T5024] path_mount+0x1492/0x1ed0 [ 55.636389][ T5024] __x64_sys_mount+0x293/0x310 [ 55.641132][ T5024] do_syscall_64+0x38/0xb0 [ 55.645533][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.651410][ T5024] [ 55.653727][ T5024] Freed by task 4668: [ 55.657684][ T5024] kasan_save_stack+0x33/0x50 [ 55.662349][ T5024] kasan_set_track+0x25/0x30 [ 55.666929][ T5024] kasan_save_free_info+0x2b/0x40 [ 55.671942][ T5024] ____kasan_slab_free+0x15e/0x1b0 [ 55.677048][ T5024] slab_free_freelist_hook+0x10b/0x1e0 [ 55.682496][ T5024] __kmem_cache_free+0xb8/0x2f0 [ 55.687376][ T5024] nilfs_free_inode+0x42/0x70 [ 55.692123][ T5024] i_callback+0x43/0x70 [ 55.696354][ T5024] rcu_core+0x7fb/0x1bb0 [ 55.700589][ T5024] __do_softirq+0x218/0x965 [ 55.705087][ T5024] [ 55.707392][ T5024] The buggy address belongs to the object at ffff88802b585c00 [ 55.707392][ T5024] which belongs to the cache kmalloc-512 of size 512 [ 55.721428][ T5024] The buggy address is located 192 bytes inside of [ 55.721428][ T5024] freed 512-byte region [ffff88802b585c00, ffff88802b585e00) [ 55.735203][ T5024] [ 55.737510][ T5024] The buggy address belongs to the physical page: [ 55.743898][ T5024] page:ffffea0000ad6100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2b584 [ 55.754391][ T5024] head:ffffea0000ad6100 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 55.763306][ T5024] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 55.771282][ T5024] page_type: 0xffffffff() [ 55.775594][ T5024] raw: 00fff00000010200 ffff888012841c80 ffffea000060c900 dead000000000002 [ 55.784162][ T5024] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 55.792735][ T5024] page dumped because: kasan: bad access detected [ 55.799127][ T5024] page_owner tracks the page as allocated [ 55.804821][ T5024] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4490, tgid 4490 (udevadm), ts 14413457908, free_ts 14394869291 [ 55.825908][ T5024] post_alloc_hook+0x2d2/0x350 [ 55.830670][ T5024] get_page_from_freelist+0x10a9/0x31e0 [ 55.836211][ T5024] __alloc_pages+0x1d0/0x4a0 [ 55.840796][ T5024] alloc_pages+0x1a9/0x270 [ 55.845201][ T5024] allocate_slab+0x24e/0x380 [ 55.849804][ T5024] ___slab_alloc+0x8bc/0x1570 [ 55.854476][ T5024] __slab_alloc.constprop.0+0x56/0xa0 [ 55.859840][ T5024] __kmem_cache_alloc_node+0x137/0x350 [ 55.865306][ T5024] kmalloc_trace+0x25/0xe0 [ 55.869713][ T5024] kernfs_fop_open+0x318/0xe00 [ 55.874469][ T5024] do_dentry_open+0x88b/0x1780 [ 55.879220][ T5024] path_openat+0x19af/0x29c0 [ 55.883792][ T5024] do_filp_open+0x1de/0x430 [ 55.888280][ T5024] do_sys_openat2+0x176/0x1e0 [ 55.892950][ T5024] __x64_sys_openat+0x175/0x210 [ 55.897790][ T5024] do_syscall_64+0x38/0xb0 [ 55.902212][ T5024] page last free stack trace: [ 55.906863][ T5024] free_unref_page_prepare+0x508/0xb90 [ 55.912313][ T5024] free_unref_page+0x33/0x3b0 [ 55.916979][ T5024] __unfreeze_partials+0x21d/0x240 [ 55.922092][ T5024] qlist_free_all+0x6a/0x170 [ 55.926673][ T5024] kasan_quarantine_reduce+0x18b/0x1d0 [ 55.932116][ T5024] __kasan_slab_alloc+0x65/0x90 [ 55.936952][ T5024] kmem_cache_alloc+0x172/0x3b0 [ 55.941787][ T5024] vm_area_dup+0x21/0x2f0 [ 55.946097][ T5024] __split_vma+0x1a8/0x830 [ 55.950497][ T5024] split_vma+0xc8/0x110 [ 55.954667][ T5024] mprotect_fixup+0x784/0xbf0 [ 55.959346][ T5024] do_mprotect_pkey+0x852/0xd60 [ 55.964187][ T5024] __x64_sys_mprotect+0x78/0xb0 [ 55.969027][ T5024] do_syscall_64+0x38/0xb0 [ 55.973429][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.979328][ T5024] [ 55.981634][ T5024] Memory state around the buggy address: [ 55.987258][ T5024] ffff88802b585b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.995357][ T5024] ffff88802b585c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.003487][ T5024] >ffff88802b585c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [pid 5117] mkdir("./file1", 0777) = 0 [pid 5114] <... mount resumed>) = 0 [pid 5117] mount("/dev/loop0", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5114] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 56.011532][ T5024] ^ [ 56.017664][ T5024] ffff88802b585d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.025705][ T5024] ffff88802b585d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.033859][ T5024] ================================================================== [ 56.042795][ T5025] NILFS (loop3): discard dirty page: offset=4096, ino=3 [ 56.044498][ T5118] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 56.061632][ T5025] NILFS (loop3): discard dirty block: blocknr=29, size=4096 [ 56.062015][ T5024] ================================================================== [ 56.069708][ T5107] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 4096) [ 56.076973][ T5024] BUG: KASAN: slab-use-after-free in nilfs_palloc_get_entry_block+0x1a7/0x1b0 [ 56.086519][ T5117] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 56.095330][ T5024] Read of size 8 at addr ffff8880757992b0 by task syz-executor105/5024 [ 56.104939][ T5028] NILFS (loop5): discard dirty block: blocknr=25, size=4096 [ 56.113036][ T5024] [ 56.113041][ T5024] CPU: 1 PID: 5024 Comm: syz-executor105 Tainted: G B 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0 [ 56.120886][ T5025] NILFS (loop3): discard dirty page: offset=270336, ino=3 [ 56.122695][ T5024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 56.152111][ T5024] Call Trace: [ 56.155373][ T5024] [ 56.158289][ T5024] dump_stack_lvl+0xd9/0x1b0 [ 56.162886][ T5024] print_report+0xc4/0x620 [ 56.167293][ T5024] ? __virt_addr_valid+0x5e/0x2d0 [ 56.172307][ T5024] ? __phys_addr+0xc6/0x140 [ 56.177769][ T5024] kasan_report+0xda/0x110 [ 56.182177][ T5024] ? nilfs_palloc_get_entry_block+0x1a7/0x1b0 [ 56.188263][ T5024] ? nilfs_palloc_get_entry_block+0x1a7/0x1b0 [ 56.194324][ T5024] nilfs_palloc_get_entry_block+0x1a7/0x1b0 [ 56.200210][ T5024] nilfs_ifile_get_inode_block+0xc5/0x190 [ 56.205923][ T5024] nilfs_load_inode_block+0x179/0x300 [ 56.211310][ T5024] __nilfs_mark_inode_dirty+0x80/0x240 [ 56.216774][ T5024] ? nilfs_dirty_folio+0x4c0/0x4c0 [ 56.221886][ T5024] ? nilfs_transaction_begin+0x3fe/0xa40 [ 56.227861][ T5024] nilfs_dirty_inode+0x1ab/0x270 [ 56.232791][ T5024] ? nilfs_evict_inode+0x550/0x550 [ 56.237902][ T5024] ? reacquire_held_locks+0x4b0/0x4b0 [ 56.243354][ T5024] ? find_held_lock+0x2d/0x110 [ 56.248112][ T5024] ? nilfs_evict_inode+0x550/0x550 [ 56.253209][ T5024] __mark_inode_dirty+0x1e0/0xd50 [ 56.258315][ T5024] iput.part.0+0x5b/0x7a0 [ 56.262636][ T5024] iput+0x5c/0x80 [ 56.266270][ T5024] nilfs_dispose_list+0x49b/0x6e0 [ 56.271288][ T5024] ? nilfs_segctor_apply_buffers+0x470/0x470 [ 56.277350][ T5024] ? up_write+0x1b3/0x510 [ 56.281666][ T5024] nilfs_detach_log_writer+0x77c/0xa60 [ 56.287135][ T5024] ? nilfs_clean_segments+0xac0/0xac0 [ 56.292499][ T5024] ? find_rule+0x370/0x370 [ 56.297016][ T5024] ? prepare_to_swait_exclusive+0x240/0x240 [ 56.302907][ T5024] ? dispose_list+0x1e0/0x1e0 [ 56.307573][ T5024] nilfs_put_super+0x43/0x1b0 [ 56.312258][ T5024] ? nilfs_freeze+0xc0/0xc0 [ 56.316836][ T5024] generic_shutdown_super+0x158/0x480 [ 56.322195][ T5024] kill_block_super+0x64/0xb0 [ 56.326861][ T5024] deactivate_locked_super+0x9a/0x170 [ 56.332218][ T5024] deactivate_super+0xde/0x100 [ 56.336968][ T5024] cleanup_mnt+0x222/0x3d0 [ 56.341380][ T5024] task_work_run+0x14d/0x240 [ 56.345960][ T5024] ? task_work_cancel+0x30/0x30 [ 56.350805][ T5024] ptrace_notify+0x10c/0x130 [ 56.355381][ T5024] syscall_exit_to_user_mode_prepare+0x120/0x220 [ 56.361704][ T5024] syscall_exit_to_user_mode+0xd/0x50 [ 56.367072][ T5024] do_syscall_64+0x44/0xb0 [ 56.371473][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.377375][ T5024] RIP: 0033:0x7f0e780a6fa7 [ 56.381773][ T5024] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 56.401454][ T5024] RSP: 002b:00007ffc0ea1c078 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 56.409850][ T5024] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0e780a6fa7 [ 56.417808][ T5024] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffc0ea1c130 [ 56.425762][ T5024] RBP: 00007ffc0ea1c130 R08: 0000000000000000 R09: 0000000000000000 [ 56.433737][ T5024] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc0ea1d1f0 [ 56.441780][ T5024] R13: 00005555568c9700 R14: 431bde82d7b634db R15: 00007ffc0ea1d194 [ 56.449742][ T5024] [ 56.452741][ T5024] [ 56.455045][ T5024] Allocated by task 5076: [ 56.459351][ T5024] kasan_save_stack+0x33/0x50 [ 56.464018][ T5024] kasan_set_track+0x25/0x30 [ 56.468600][ T5024] __kasan_slab_alloc+0x81/0x90 [ 56.473442][ T5024] kmem_cache_alloc_lru+0x21a/0x630 [ 56.478634][ T5024] nilfs_alloc_inode+0x26/0x150 [ 56.483472][ T5024] alloc_inode+0x5d/0x220 [ 56.487790][ T5024] iget5_locked+0x63/0xe0 [ 56.492102][ T5024] nilfs_iget_locked+0xa1/0xd0 [ 56.496854][ T5024] nilfs_ifile_read+0x30/0x1b0 [ 56.501694][ T5024] nilfs_attach_checkpoint+0x26c/0x4e0 [ 56.507139][ T5024] nilfs_mount+0xafd/0x1120 [ 56.511626][ T5024] legacy_get_tree+0x109/0x220 [ 56.516377][ T5024] vfs_get_tree+0x88/0x350 [ 56.520778][ T5024] path_mount+0x1492/0x1ed0 [ 56.525262][ T5024] __x64_sys_mount+0x293/0x310 [ 56.530010][ T5024] do_syscall_64+0x38/0xb0 [ 56.534412][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.540292][ T5024] [ 56.542601][ T5024] Freed by task 4668: [ 56.546561][ T5024] kasan_save_stack+0x33/0x50 [ 56.551229][ T5024] kasan_set_track+0x25/0x30 [ 56.555806][ T5024] kasan_save_free_info+0x2b/0x40 [ 56.560824][ T5024] ____kasan_slab_free+0x15e/0x1b0 [ 56.565926][ T5024] slab_free_freelist_hook+0x10b/0x1e0 [ 56.571371][ T5024] kmem_cache_free+0xf0/0x490 [ 56.576123][ T5024] i_callback+0x43/0x70 [ 56.580283][ T5024] rcu_core+0x7fb/0x1bb0 [ 56.584512][ T5024] __do_softirq+0x218/0x965 [ 56.589009][ T5024] [ 56.591319][ T5024] Last potentially related work creation: [ 56.597097][ T5024] kasan_save_stack+0x33/0x50 [ 56.601763][ T5024] __kasan_record_aux_stack+0xbc/0xd0 [ 56.607122][ T5024] __call_rcu_common.constprop.0+0x9a/0x790 [ 56.613005][ T5024] destroy_inode+0x129/0x1b0 [ 56.617585][ T5024] iput.part.0+0x55e/0x7a0 [ 56.621998][ T5024] iput+0x5c/0x80 [ 56.625621][ T5024] nilfs_put_root+0xae/0xe0 [ 56.630112][ T5024] nilfs_detach_log_writer+0x5e0/0xa60 [ 56.635648][ T5024] nilfs_put_super+0x43/0x1b0 [ 56.640313][ T5024] generic_shutdown_super+0x158/0x480 [ 56.645668][ T5024] kill_block_super+0x64/0xb0 [ 56.650367][ T5024] deactivate_locked_super+0x9a/0x170 [ 56.655723][ T5024] deactivate_super+0xde/0x100 [ 56.660470][ T5024] cleanup_mnt+0x222/0x3d0 [ 56.664881][ T5024] task_work_run+0x14d/0x240 [ 56.669461][ T5024] ptrace_notify+0x10c/0x130 [ 56.674038][ T5024] syscall_exit_to_user_mode_prepare+0x120/0x220 [ 56.680357][ T5024] syscall_exit_to_user_mode+0xd/0x50 [ 56.685716][ T5024] do_syscall_64+0x44/0xb0 [ 56.690118][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.695997][ T5024] [ 56.698304][ T5024] The buggy address belongs to the object at ffff888075798cd0 [ 56.698304][ T5024] which belongs to the cache nilfs2_inode_cache of size 1512 [ 56.713034][ T5024] The buggy address is located 1504 bytes inside of [ 56.713034][ T5024] freed 1512-byte region [ffff888075798cd0, ffff8880757992b8) [ 56.727076][ T5024] [ 56.729383][ T5024] The buggy address belongs to the physical page: [ 56.735773][ T5024] page:ffffea0001d5e600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75798 [ 56.745925][ T5024] head:ffffea0001d5e600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 56.754863][ T5024] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 56.764305][ T5024] page_type: 0xffffffff() [ 56.768639][ T5024] raw: 00fff00000010200 ffff888142283140 dead000000000122 0000000000000000 [ 56.777211][ T5024] raw: 0000000000000000 0000000000130013 00000001ffffffff 0000000000000000 [ 56.785875][ T5024] page dumped because: kasan: bad access detected [ 56.792270][ T5024] page_owner tracks the page as allocated [ 56.797965][ T5024] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 5076, tgid 5070 (syz-executor105), ts 46732329284, free_ts 10351707866 [ 56.820526][ T5024] post_alloc_hook+0x2d2/0x350 [ 56.825293][ T5024] get_page_from_freelist+0x10a9/0x31e0 [ 56.830830][ T5024] __alloc_pages+0x1d0/0x4a0 [ 56.835410][ T5024] alloc_pages+0x1a9/0x270 [ 56.839819][ T5024] allocate_slab+0x24e/0x380 [ 56.845093][ T5024] ___slab_alloc+0x8bc/0x1570 [ 56.850313][ T5024] __slab_alloc.constprop.0+0x56/0xa0 [ 56.855680][ T5024] kmem_cache_alloc_lru+0x4e4/0x630 [ 56.860867][ T5024] nilfs_alloc_inode+0x26/0x150 [ 56.865702][ T5024] alloc_inode+0x5d/0x220 [ 56.870017][ T5024] iget5_locked+0x63/0xe0 [ 56.874339][ T5024] nilfs_iget_locked+0xa1/0xd0 [ 56.879107][ T5024] nilfs_sufile_read+0xd6/0x5a0 [ 56.884054][ T5024] load_nilfs+0x669/0x12d0 [ 56.888481][ T5024] nilfs_mount+0xa8c/0x1120 [ 56.892973][ T5024] legacy_get_tree+0x109/0x220 [ 56.897726][ T5024] page last free stack trace: [ 56.902378][ T5024] free_unref_page_prepare+0x508/0xb90 [ 56.907827][ T5024] free_unref_page+0x33/0x3b0 [ 56.912624][ T5024] free_contig_range+0xb6/0x190 [ 56.917569][ T5024] destroy_args+0x686/0x940 [ 56.922066][ T5024] debug_vm_pgtable+0x2339/0x3ff0 [ 56.927099][ T5024] do_one_initcall+0x117/0x630 [ 56.931856][ T5024] kernel_init_freeable+0x5bd/0x8f0 [ 56.937045][ T5024] kernel_init+0x1c/0x2a0 [ 56.941364][ T5024] ret_from_fork+0x2c/0x70 [ 56.945764][ T5024] ret_from_fork_asm+0x11/0x20 [ 56.950522][ T5024] [ 56.952826][ T5024] Memory state around the buggy address: [ 56.958437][ T5024] ffff888075799180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [pid 5114] chdir("./file1") = 0 [pid 5114] ioctl(4, LOOP_CLR_FD) = 0 [ 56.966484][ T5024] ffff888075799200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.974530][ T5024] >ffff888075799280: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc [ 56.982753][ T5024] ^ [ 56.988370][ T5024] ffff888075799300: fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb [ 56.996413][ T5024] ffff888075799380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 57.004470][ T5024] ================================================================== [pid 5114] close(4 [pid 5025] <... umount2 resumed>) = 0 [pid 5025] umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5025] umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5025] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 57.013988][ T5024] ================================================================== [ 57.021002][ T5028] NILFS (loop5): discard dirty page: offset=0, ino=5 [ 57.022063][ T5024] BUG: KASAN: slab-use-after-free in nilfs_palloc_get_entry_block+0x19d/0x1b0 [ 57.036271][ T5025] NILFS (loop3): discard dirty block: blocknr=0, size=4096 [ 57.037697][ T5024] Read of size 8 at addr ffff88802b585ca8 by task syz-executor105/5024 [ 57.046434][ T5028] NILFS (loop5): discard dirty block: blocknr=27, size=4096 [ 57.053064][ T5024] [pid 5025] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5025] getdents64(4, 0x5555568d1770 /* 2 entries */, 32768) = 48 [pid 5025] getdents64(4, 0x5555568d1770 /* 0 entries */, 32768) = 0 [pid 5025] close(4) = 0 [pid 5025] rmdir("./3/file1") = 0 [pid 5025] getdents64(3, 0x5555568c9730 /* 0 entries */, 32768) = 0 [pid 5025] close(3) = 0 [pid 5025] rmdir("./3") = 0 [pid 5025] mkdir("./4", 0777) = 0 [pid 5025] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5025] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5025] close(3) = 0 [pid 5025] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555568c8690) = 5119 ./strace-static-x86_64: Process 5119 attached [pid 5119] set_robust_list(0x5555568c86a0, 24) = 0 [pid 5119] chdir("./4") = 0 [pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5119] setpgid(0, 0) = 0 [pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5119] write(3, "1000", 4) = 4 [pid 5119] close(3) = 0 [pid 5119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5119] futex(0x7f0e7812e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] rt_sigaction(SIGRT_1, {sa_handler=0x7f0e780cc160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0e780bd310}, NULL, 8) = 0 [pid 5119] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0e78042000 [pid 5119] mprotect(0x7f0e78043000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e78062990, parent_tid=0x7f0e78062990, exit_signal=0, stack=0x7f0e78042000, stack_size=0x20300, tls=0x7f0e780626c0} => {parent_tid=[5120]}, 88) = 5120 [pid 5119] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5119] futex(0x7f0e7812e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f0e7812e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5120 attached [pid 5120] rseq(0x7f0e78062fe0, 0x20, 0, 0x53053053) = 0 [pid 5120] set_robust_list(0x7f0e780629a0, 24) = 0 [pid 5120] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5120] memfd_create("syzkaller", 0) = 3 [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e6fc42000 [ 57.053070][ T5024] CPU: 1 PID: 5024 Comm: syz-executor105 Tainted: G B 6.5.0-rc4-syzkaller-00245-gf6a691685962 #0 [ 57.074551][ T5024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 57.081975][ T5028] NILFS (loop5): discard dirty page: offset=0, ino=3 [ 57.084604][ T5024] Call Trace: [ 57.084611][ T5024] [ 57.084618][ T5024] dump_stack_lvl+0xd9/0x1b0 [ 57.084643][ T5024] print_report+0xc4/0x620 [ 57.106545][ T5024] ? __virt_addr_valid+0x5e/0x2d0 [pid 5120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5106] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5106] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0e6fe21000 [pid 5106] mprotect(0x7f0e6fe22000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5106] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5106] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0e6fe41990, parent_tid=0x7f0e6fe41990, exit_signal=0, stack=0x7f0e6fe21000, stack_size=0x20300, tls=0x7f0e6fe416c0} => {parent_tid=[5121]}, 88) = 5121 [pid 5106] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5106] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5121 attached [pid 5121] rseq(0x7f0e6fe41fe0, 0x20, 0, 0x53053053) = 0 [pid 5121] set_robust_list(0x7f0e6fe419a0, 24) = 0 [pid 5121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5121] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 3 [pid 5121] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... futex resumed>) = 1 [pid 5121] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5 [pid 5121] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... futex resumed>) = 1 [pid 5121] ftruncate(5, 33587195) = 0 [pid 5121] futex(0x7f0e7812e6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f0e7812e6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] futex(0x7f0e7812e6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... futex resumed>) = 1 [pid 5121] sendfile(3, 5, NULL, 281474978811909 [pid 5120] <... write resumed>) = 2097152 [pid 5120] munmap(0x7f0e6fc42000, 2097152) = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 57.109886][ T5028] NILFS (loop5): discard dirty block: blocknr=28, size=4096 [ 57.111602][ T5024] ? __phys_addr+0xc6/0x140 [ 57.111631][ T5024] kasan_report+0xda/0x110 [ 57.127889][ T5024] ? nilfs_palloc_get_entry_block+0x19d/0x1b0 [ 57.132088][ T5028] NILFS (loop5): discard dirty page: offset=4096, ino=3 [ 57.133965][ T5024] ? nilfs_palloc_get_entry_block+0x19d/0x1b0 [ 57.146947][ T5024] nilfs_palloc_get_entry_block+0x19d/0x1b0 [ 57.152878][ T5024] nilfs_ifile_get_inode_block+0xc5/0x190 [ 57.158645][ T5024] nilfs_load_inode_block+0x179/0x300 [pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0 [ 57.164031][ T5024] __nilfs_mark_inode_dirty+0x80/0x240 [ 57.164936][ T5120] loop3: detected capacity change from 0 to 4096 [ 57.169505][ T5024] ? nilfs_dirty_folio+0x4c0/0x4c0 [ 57.169528][ T5024] ? nilfs_transaction_begin+0x3fe/0xa40 [ 57.169553][ T5024] nilfs_dirty_inode+0x1ab/0x270 [ 57.180163][ T5028] NILFS (loop5): discard dirty block: blocknr=29, size=4096 [ 57.180945][ T5024] ? nilfs_evict_inode+0x550/0x550 [ 57.200657][ T5028] NILFS (loop5): discard dirty page: offset=270336, ino=3 [ 57.203860][ T5024] ? reacquire_held_locks+0x4b0/0x4b0 [ 57.216443][ T5024] ? find_held_lock+0x2d/0x110 [ 57.221226][ T5024] ? nilfs_evict_inode+0x550/0x550 [ 57.226363][ T5024] __mark_inode_dirty+0x1e0/0xd50 [ 57.231423][ T5024] iput.part.0+0x5b/0x7a0 [ 57.235870][ T5024] iput+0x5c/0x80 [ 57.237186][ T5028] NILFS (loop5): discard dirty block: blocknr=0, size=4096 [ 57.239499][ T5024] nilfs_dispose_list+0x49b/0x6e0 [ 57.239528][ T5024] ? nilfs_segctor_apply_buffers+0x470/0x470 [ 57.257686][ T5024] ? up_write+0x1b3/0x510 [ 57.262032][ T5024] nilfs_detach_log_writer+0x77c/0xa60