./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2427438682

<...>
Warning: Permanently added '10.128.1.11' (ED25519) to the list of known hosts.
execve("./syz-executor2427438682", ["./syz-executor2427438682"], 0x7ffeeaa9e740 /* 10 vars */) = 0
brk(NULL)                               = 0x555563b56000
brk(0x555563b56d00)                     = 0x555563b56d00
arch_prctl(ARCH_SET_FS, 0x555563b56380) = 0
set_tid_address(0x555563b56650)         = 5826
set_robust_list(0x555563b56660, 24)     = 0
rseq(0x555563b56ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2427438682", 4096) = 28
getrandom("\x60\x0b\x54\x2e\x25\x4b\x99\x4a", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555563b56d00
brk(0x555563b77d00)                     = 0x555563b77d00
brk(0x555563b78000)                     = 0x555563b78000
mprotect(0x7f1b2f858000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5827 attached
, child_tidptr=0x555563b56650) = 5827
[pid  5826] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5827] set_robust_list(0x555563b56660, 24) = 0
./strace-static-x86_64: Process 5828 attached
[pid  5827] mkdir("./syzkaller.WPaBK3", 0700 <unfinished ...>
[pid  5826] <... clone resumed>, child_tidptr=0x555563b56650) = 5828
[pid  5828] set_robust_list(0x555563b56660, 24) = 0
[pid  5828] mkdir("./syzkaller.3xSaUh", 0700 <unfinished ...>
[pid  5826] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5828] <... mkdir resumed>)        = 0
[pid  5827] <... mkdir resumed>)        = 0
[pid  5827] chmod("./syzkaller.WPaBK3", 0777 <unfinished ...>
[pid  5828] chmod("./syzkaller.3xSaUh", 0777./strace-static-x86_64: Process 5829 attached
) = 0
[pid  5827] <... chmod resumed>)        = 0
[pid  5829] set_robust_list(0x555563b56660, 24 <unfinished ...>
[pid  5828] chdir("./syzkaller.3xSaUh" <unfinished ...>
[pid  5827] chdir("./syzkaller.WPaBK3" <unfinished ...>
[pid  5826] <... clone resumed>, child_tidptr=0x555563b56650) = 5829
[pid  5829] <... set_robust_list resumed>) = 0
[pid  5828] <... chdir resumed>)        = 0
[pid  5827] <... chdir resumed>)        = 0
[pid  5826] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5829] mkdir("./syzkaller.nPYzuS", 0700 <unfinished ...>
[pid  5828] mkdir("./0", 0777 <unfinished ...>
[pid  5827] mkdir("./0", 0777./strace-static-x86_64: Process 5830 attached
 <unfinished ...>
[pid  5830] set_robust_list(0x555563b56660, 24 <unfinished ...>
[pid  5826] <... clone resumed>, child_tidptr=0x555563b56650) = 5830
[pid  5829] <... mkdir resumed>)        = 0
[pid  5828] <... mkdir resumed>)        = 0
[pid  5827] <... mkdir resumed>)        = 0
[pid  5826] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5830] <... set_robust_list resumed>) = 0
[pid  5829] chmod("./syzkaller.nPYzuS", 0777) = 0
[pid  5828] openat(AT_FDCWD, "/dev/loop1", O_RDWR <unfinished ...>
[pid  5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR <unfinished ...>
[pid  5830] mkdir("./syzkaller.f9N00h", 0700 <unfinished ...>
[pid  5827] <... openat resumed>)       = 3
[pid  5829] chdir("./syzkaller.nPYzuS"./strace-static-x86_64: Process 5831 attached
) = 0
[pid  5828] <... openat resumed>)       = 3
[pid  5829] mkdir("./0", 0777 <unfinished ...>
[pid  5827] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid  5826] <... clone resumed>, child_tidptr=0x555563b56650) = 5831
[pid  5831] set_robust_list(0x555563b56660, 24 <unfinished ...>
[pid  5830] <... mkdir resumed>)        = 0
[pid  5828] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid  5827] <... ioctl resumed>)        = -1 ENXIO (No such device or address)
[pid  5829] <... mkdir resumed>)        = 0
[pid  5828] <... ioctl resumed>)        = -1 ENXIO (No such device or address)
[pid  5828] close(3 <unfinished ...>
[pid  5831] <... set_robust_list resumed>) = 0
[pid  5830] chmod("./syzkaller.f9N00h", 0777 <unfinished ...>
[pid  5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR <unfinished ...>
[pid  5827] close(3 <unfinished ...>
[pid  5831] mkdir("./syzkaller.XR47zj", 0700 <unfinished ...>
[pid  5830] <... chmod resumed>)        = 0
[pid  5829] <... openat resumed>)       = 3
[pid  5828] <... close resumed>)        = 0
[pid  5827] <... close resumed>)        = 0
[pid  5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5832 attached
 <unfinished ...>
[pid  5831] <... mkdir resumed>)        = 0
[pid  5830] chdir("./syzkaller.f9N00h" <unfinished ...>
[pid  5829] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid  5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5830] <... chdir resumed>)        = 0
[pid  5829] <... ioctl resumed>)        = -1 ENXIO (No such device or address)
./strace-static-x86_64: Process 5833 attached
[pid  5830] mkdir("./0", 0777 <unfinished ...>
[pid  5829] close(3 <unfinished ...>
[pid  5832] set_robust_list(0x555563b56660, 24 <unfinished ...>
[pid  5830] <... mkdir resumed>)        = 0
[pid  5829] <... close resumed>)        = 0
[pid  5833] set_robust_list(0x555563b56660, 24 <unfinished ...>
[pid  5832] <... set_robust_list resumed>) = 0
[pid  5831] chmod("./syzkaller.XR47zj", 0777 <unfinished ...>
[pid  5828] <... clone resumed>, child_tidptr=0x555563b56650) = 5833
[pid  5833] <... set_robust_list resumed>) = 0
[pid  5833] chdir("./0" <unfinished ...>
[pid  5832] chdir("./0" <unfinished ...>
[pid  5831] <... chmod resumed>)        = 0
[pid  5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5827] <... clone resumed>, child_tidptr=0x555563b56650) = 5832
./strace-static-x86_64: Process 5834 attached
[pid  5833] <... chdir resumed>)        = 0
[pid  5832] <... chdir resumed>)        = 0
[pid  5831] chdir("./syzkaller.XR47zj" <unfinished ...>
[pid  5830] openat(AT_FDCWD, "/dev/loop3", O_RDWR <unfinished ...>
[pid  5832] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5831] <... chdir resumed>)        = 0
[pid  5830] <... openat resumed>)       = 3
[pid  5831] mkdir("./0", 0777)          = 0
[pid  5830] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid  5829] <... clone resumed>, child_tidptr=0x555563b56650) = 5834
[pid  5834] set_robust_list(0x555563b56660, 24 <unfinished ...>
[pid  5833] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5832] <... prctl resumed>)        = 0
[pid  5834] <... set_robust_list resumed>) = 0
[pid  5833] <... prctl resumed>)        = 0
[pid  5832] setpgid(0, 0 <unfinished ...>
[pid  5834] chdir("./0" <unfinished ...>
[pid  5833] setpgid(0, 0 <unfinished ...>
[pid  5832] <... setpgid resumed>)      = 0
[pid  5830] <... ioctl resumed>)        = -1 ENXIO (No such device or address)
[pid  5834] <... chdir resumed>)        = 0
[pid  5833] <... setpgid resumed>)      = 0
[pid  5832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5831] openat(AT_FDCWD, "/dev/loop4", O_RDWR <unfinished ...>
[pid  5830] close(3 <unfinished ...>
[pid  5834] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5832] <... openat resumed>)       = 3
[pid  5831] <... openat resumed>)       = 3
[pid  5830] <... close resumed>)        = 0
[pid  5834] <... prctl resumed>)        = 0
[pid  5834] setpgid(0, 0 <unfinished ...>
[pid  5833] <... openat resumed>)       = 3
[pid  5832] write(3, "1000", 4 <unfinished ...>
[pid  5834] <... setpgid resumed>)      = 0
[pid  5833] write(3, "1000", 4 <unfinished ...>
[pid  5832] <... write resumed>)        = 4
[pid  5834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5833] <... write resumed>)        = 4
[pid  5832] close(3 <unfinished ...>
[pid  5831] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid  5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5834] <... openat resumed>)       = 3
[pid  5833] close(3 <unfinished ...>
[pid  5832] <... close resumed>)        = 0
[pid  5831] <... ioctl resumed>)        = -1 ENXIO (No such device or address)
[pid  5832] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 5835 attached
 <unfinished ...>
[pid  5831] close(3)                    = 0
[pid  5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5835] set_robust_list(0x555563b56660, 24 <unfinished ...>
[pid  5834] write(3, "1000", 4 <unfinished ...>
[pid  5833] <... close resumed>)        = 0
[pid  5832] <... symlink resumed>)      = 0
./strace-static-x86_64: Process 5836 attached
[pid  5835] <... set_robust_list resumed>) = 0
[pid  5834] <... write resumed>)        = 4
[pid  5833] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid  5830] <... clone resumed>, child_tidptr=0x555563b56650) = 5835
[pid  5834] close(3)                    = 0
[pid  5833] <... symlink resumed>)      = 0
[pid  5836] set_robust_list(0x555563b56660, 24 <unfinished ...>
[pid  5834] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid  5835] chdir("./0" <unfinished ...>
[pid  5831] <... clone resumed>, child_tidptr=0x555563b56650) = 5836
[pid  5834] <... symlink resumed>)      = 0
[pid  5832] write(1, "executing program\n", 18 <unfinished ...>
[pid  5833] write(1, "executing program\n", 18executing program
) = 18
[pid  5833] memfd_create("syzkaller", 0executing program
executing program
) = 3
[pid  5836] <... set_robust_list resumed>) = 0
[pid  5835] <... chdir resumed>)        = 0
[pid  5834] write(1, "executing program\n", 18 <unfinished ...>
[pid  5832] <... write resumed>)        = 18
[pid  5833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5836] chdir("./0" <unfinished ...>
[pid  5832] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5835] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5834] <... write resumed>)        = 18
[pid  5836] <... chdir resumed>)        = 0
[pid  5836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5836] setpgid(0, 0)               = 0
[pid  5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5833] <... mmap resumed>)         = 0x7f1b27200000
[pid  5835] <... prctl resumed>)        = 0
[pid  5834] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5832] <... memfd_create resumed>) = 3
executing program
[pid  5836] <... openat resumed>)       = 3
[pid  5835] setpgid(0, 0 <unfinished ...>
[pid  5834] <... memfd_create resumed>) = 3
[pid  5832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5836] write(3, "1000", 4 <unfinished ...>
[pid  5832] <... mmap resumed>)         = 0x7f1b27200000
[pid  5834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5836] <... write resumed>)        = 4
[pid  5836] close(3)                    = 0
[pid  5836] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5836] write(1, "executing program\n", 18) = 18
[pid  5836] memfd_create("syzkaller", 0) = 3
[pid  5836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b27200000
[pid  5835] <... setpgid resumed>)      = 0
[pid  5834] <... mmap resumed>)         = 0x7f1b27200000
[pid  5835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5835] write(3, "1000", 4)         = 4
[pid  5835] close(3)                    = 0
[pid  5835] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5835] write(1, "executing program\n", 18executing program
) = 18
[pid  5835] memfd_create("syzkaller", 0) = 3
[pid  5835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b27200000
[pid  5833] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 <unfinished ...>
[pid  5834] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 <unfinished ...>
[pid  5832] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 <unfinished ...>
[pid  5836] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 <unfinished ...>
[pid  5835] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 <unfinished ...>
[pid  5834] <... write resumed>)        = 16777216
[pid  5834] munmap(0x7f1b27200000, 138412032 <unfinished ...>
[pid  5833] <... write resumed>)        = 16777216
[pid  5835] <... write resumed>)        = 16777216
[pid  5833] munmap(0x7f1b27200000, 138412032 <unfinished ...>
[pid  5836] <... write resumed>)        = 16777216
[pid  5835] munmap(0x7f1b27200000, 138412032 <unfinished ...>
[pid  5832] <... write resumed>)        = 16777216
[pid  5836] munmap(0x7f1b27200000, 138412032 <unfinished ...>
[pid  5834] <... munmap resumed>)       = 0
[pid  5833] <... munmap resumed>)       = 0
[pid  5832] munmap(0x7f1b27200000, 138412032 <unfinished ...>
[pid  5834] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4
[pid  5834] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5836] <... munmap resumed>)       = 0
[pid  5835] <... munmap resumed>)       = 0
[pid  5833] openat(AT_FDCWD, "/dev/loop1", O_RDWR <unfinished ...>
[pid  5832] <... munmap resumed>)       = 0
[pid  5836] openat(AT_FDCWD, "/dev/loop4", O_RDWR <unfinished ...>
[pid  5835] openat(AT_FDCWD, "/dev/loop3", O_RDWR <unfinished ...>
[pid  5834] close(3 <unfinished ...>
[pid  5833] <... openat resumed>)       = 4
[pid  5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR <unfinished ...>
[pid  5834] <... close resumed>)        = 0
[pid  5834] close(4 <unfinished ...>
[pid  5836] <... openat resumed>)       = 4
[pid  5833] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5832] <... openat resumed>)       = 4
[pid  5833] <... ioctl resumed>)        = 0
[pid  5832] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5836] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5835] <... openat resumed>)       = 4
[pid  5834] <... close resumed>)        = 0
[   60.888988][ T5834] loop2: detected capacity change from 0 to 32768
[   60.909199][ T5833] loop1: detected capacity change from 0 to 32768
[   60.926283][ T5832] loop0: detected capacity change from 0 to 32768
[   60.928617][ T5836] loop4: detected capacity change from 0 to 32768
[pid  5835] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5833] close(3 <unfinished ...>
[pid  5832] <... ioctl resumed>)        = 0
[pid  5836] <... ioctl resumed>)        = 0
[pid  5835] <... ioctl resumed>)        = 0
[pid  5834] mkdir("./bus", 0777 <unfinished ...>
[pid  5833] <... close resumed>)        = 0
[pid  5836] close(3 <unfinished ...>
[pid  5835] close(3 <unfinished ...>
[pid  5834] <... mkdir resumed>)        = 0
[pid  5833] close(4 <unfinished ...>
[   60.938329][ T5835] loop3: detected capacity change from 0 to 32768
[   60.957887][ T5834] =======================================================
[   60.957887][ T5834] WARNING: The mand mount option has been deprecated and
[   60.957887][ T5834]          and is ignored by this kernel. Remove the mand
[   60.957887][ T5834]          option from the mount to silence this warning.
[pid  5832] close(3 <unfinished ...>
[pid  5836] <... close resumed>)        = 0
[pid  5835] <... close resumed>)        = 0
[pid  5834] mount("/dev/loop2", "./bus", "jfs", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME|MS_POSIXACL|MS_LAZYTIME, "" <unfinished ...>
[pid  5833] <... close resumed>)        = 0
[pid  5832] <... close resumed>)        = 0
[pid  5835] close(4 <unfinished ...>
[pid  5833] mkdir("./bus", 0777 <unfinished ...>
[pid  5835] <... close resumed>)        = 0
[pid  5836] close(4 <unfinished ...>
[pid  5833] <... mkdir resumed>)        = 0
[pid  5832] close(4 <unfinished ...>
[pid  5835] mkdir("./bus", 0777 <unfinished ...>
[pid  5836] <... close resumed>)        = 0
[pid  5836] mkdir("./bus", 0777)        = 0
[pid  5836] mount("/dev/loop4", "./bus", "jfs", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME|MS_POSIXACL|MS_LAZYTIME, "" <unfinished ...>
[pid  5835] <... mkdir resumed>)        = 0
[pid  5833] mount("/dev/loop1", "./bus", "jfs", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME|MS_POSIXACL|MS_LAZYTIME, "" <unfinished ...>
[pid  5832] <... close resumed>)        = 0
[pid  5832] mkdir("./bus", 0777)        = 0
[pid  5832] mount("/dev/loop0", "./bus", "jfs", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME|MS_POSIXACL|MS_LAZYTIME, "" <unfinished ...>
[pid  5835] mount("/dev/loop3", "./bus", "jfs", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME|MS_POSIXACL|MS_LAZYTIME, "" <unfinished ...>
[pid  5836] <... mount resumed>)        = 0
[pid  5836] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5835] <... mount resumed>)        = 0
[pid  5836] chdir("./bus")              = 0
[pid  5836] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5836] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid  5835] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid  5834] <... mount resumed>)        = 0
[pid  5835] <... openat resumed>)       = 3
[pid  5835] chdir("./bus" <unfinished ...>
[pid  5834] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid  5833] <... mount resumed>)        = 0
[   60.957887][ T5834] =======================================================
[pid  5835] <... chdir resumed>)        = 0
[pid  5836] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 <unfinished ...>
[pid  5835] openat(AT_FDCWD, "/dev/loop3", O_RDWR <unfinished ...>
[pid  5834] <... openat resumed>)       = 3
[pid  5833] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid  5832] <... mount resumed>)        = 0
[pid  5835] <... openat resumed>)       = -1 EBUSY (Device or resource busy)
[pid  5834] chdir("./bus" <unfinished ...>
[pid  5833] <... openat resumed>)       = 3
[pid  5832] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid  5836] <... mmap resumed>)         = 0x20000000
[pid  5835] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 <unfinished ...>
[pid  5834] <... chdir resumed>)        = 0
[pid  5833] chdir("./bus" <unfinished ...>
[pid  5832] <... openat resumed>)       = 3
[pid  5836] ftruncate(4, 49530 <unfinished ...>
[pid  5835] <... openat resumed>)       = 4
[pid  5834] openat(AT_FDCWD, "/dev/loop2", O_RDWR <unfinished ...>
[pid  5833] <... chdir resumed>)        = 0
[pid  5832] chdir("./bus" <unfinished ...>
[pid  5835] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 <unfinished ...>
[pid  5834] <... openat resumed>)       = -1 EBUSY (Device or resource busy)
[pid  5833] openat(AT_FDCWD, "/dev/loop1", O_RDWR <unfinished ...>
[pid  5835] <... mmap resumed>)         = 0x20000000
[pid  5834] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 <unfinished ...>
[pid  5833] <... openat resumed>)       = -1 EBUSY (Device or resource busy)
[pid  5835] ftruncate(4, 49530 <unfinished ...>
[pid  5834] <... openat resumed>)       = 4
[pid  5833] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 <unfinished ...>
[pid  5835] <... ftruncate resumed>)    = 0
[pid  5833] <... openat resumed>)       = 4
[pid  5836] <... ftruncate resumed>)    = 0
[pid  5835] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5834] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 <unfinished ...>
[pid  5832] <... chdir resumed>)        = 0
[pid  5836] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5834] <... mmap resumed>)         = 0x20000000
[pid  5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5836] <... memfd_create resumed>) = 5
[pid  5833] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 <unfinished ...>
[pid  5832] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 <unfinished ...>
[pid  5834] ftruncate(4, 49530 <unfinished ...>
[pid  5833] <... mmap resumed>)         = 0x20000000
[pid  5836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5835] <... memfd_create resumed>) = 5
[pid  5834] <... ftruncate resumed>)    = 0
[pid  5832] <... openat resumed>)       = 4
[pid  5835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5833] ftruncate(4, 49530 <unfinished ...>
[pid  5835] <... mmap resumed>)         = 0x7f1b27200000
[pid  5833] <... ftruncate resumed>)    = 0
[pid  5836] <... mmap resumed>)         = 0x7f1b27200000
[pid  5834] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5832] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 <unfinished ...>
[pid  5833] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5834] <... memfd_create resumed>) = 5
[pid  5833] <... memfd_create resumed>) = 5
[pid  5834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5834] <... mmap resumed>)         = 0x7f1b27200000
[pid  5833] <... mmap resumed>)         = 0x7f1b27200000
[pid  5832] <... mmap resumed>)         = 0x20000000
[pid  5832] ftruncate(4, 49530)         = 0
[pid  5832] memfd_create("syzkaller", 0) = 5
[pid  5832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b27200000
[pid  5836] write(5, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 <unfinished ...>
[pid  5834] write(5, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 <unfinished ...>
[pid  5833] write(5, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 <unfinished ...>
[pid  5832] write(5, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 <unfinished ...>
[pid  5835] write(5, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 <unfinished ...>
[pid  5836] <... write resumed>)        = 16777216
[pid  5834] <... write resumed>)        = 16777216
[pid  5836] munmap(0x7f1b27200000, 138412032 <unfinished ...>
[pid  5834] munmap(0x7f1b27200000, 138412032 <unfinished ...>
[pid  5833] <... write resumed>)        = 16777216
[pid  5832] <... write resumed>)        = 16777216
[pid  5834] <... munmap resumed>)       = 0
[pid  5833] munmap(0x7f1b27200000, 138412032 <unfinished ...>
[pid  5832] munmap(0x7f1b27200000, 138412032 <unfinished ...>
[pid  5836] <... munmap resumed>)       = 0
[pid  5835] <... write resumed>)        = 16777216
[pid  5834] openat(AT_FDCWD, "/dev/loop2", O_RDWR <unfinished ...>
[pid  5833] <... munmap resumed>)       = 0
[pid  5832] <... munmap resumed>)       = 0
[pid  5836] openat(AT_FDCWD, "/dev/loop4", O_RDWR <unfinished ...>
[pid  5835] munmap(0x7f1b27200000, 138412032 <unfinished ...>
[pid  5834] <... openat resumed>)       = -1 EBUSY (Device or resource busy)
[pid  5833] openat(AT_FDCWD, "/dev/loop1", O_RDWR <unfinished ...>
[pid  5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR <unfinished ...>
[pid  5836] <... openat resumed>)       = -1 EBUSY (Device or resource busy)
[pid  5834] close(5 <unfinished ...>
[pid  5833] <... openat resumed>)       = -1 EBUSY (Device or resource busy)
[pid  5832] <... openat resumed>)       = -1 EBUSY (Device or resource busy)
[pid  5833] close(5 <unfinished ...>
[pid  5835] <... munmap resumed>)       = 0
[pid  5832] close(5 <unfinished ...>
[pid  5836] close(5 <unfinished ...>
[pid  5835] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5835] close(5 <unfinished ...>
[pid  5833] <... close resumed>)        = 0
[pid  5833] exit_group(0)               = ?
[pid  5834] <... close resumed>)        = 0
[pid  5834] exit_group(0 <unfinished ...>
[pid  5836] <... close resumed>)        = 0
[pid  5834] <... exit_group resumed>)   = ?
[pid  5833] +++ exited with 0 +++
[pid  5832] <... close resumed>)        = 0
[pid  5836] exit_group(0 <unfinished ...>
[pid  5834] +++ exited with 0 +++
[pid  5832] exit_group(0 <unfinished ...>
[pid  5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5833, si_uid=0, si_status=0, si_utime=18 /* 0.18 s */, si_stime=49 /* 0.49 s */} ---
[pid  5836] <... exit_group resumed>)   = ?
[pid  5832] <... exit_group resumed>)   = ?
[pid  5836] +++ exited with 0 +++
[pid  5832] +++ exited with 0 +++
[pid  5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5834, si_uid=0, si_status=0, si_utime=16 /* 0.16 s */, si_stime=51 /* 0.51 s */} ---
[pid  5829] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5827] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5832, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=56 /* 0.56 s */} ---
[pid  5829] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5827] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid  5829] <... openat resumed>)       = 3
[pid  5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5829] getdents64(3, 0x555563b576f0 /* 4 entries */, 32768) = 104
[pid  5829] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5828] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5829] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5829] unlink("./0/binderfs")      = 0
[pid  5828] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5829] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5828] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5836, si_uid=0, si_status=0, si_utime=16 /* 0.16 s */, si_stime=51 /* 0.51 s */} ---
[pid  5835] <... close resumed>)        = 0
[pid  5831] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid  5828] <... openat resumed>)       = 3
[pid  5831] <... restart_syscall resumed>) = 0
[pid  5828] newfstatat(3, "",  <unfinished ...>
[pid  5835] exit_group(0 <unfinished ...>
[pid  5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5827] <... restart_syscall resumed>) = 0
[pid  5835] <... exit_group resumed>)   = ?
[pid  5828] getdents64(3,  <unfinished ...>
[pid  5835] +++ exited with 0 +++
[pid  5831] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5828] <... getdents64 resumed>0x555563b576f0 /* 4 entries */, 32768) = 104
[pid  5831] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5828] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5831] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5828] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5831] <... openat resumed>)       = 3
[pid  5828] newfstatat(AT_FDCWD, "./0/binderfs",  <unfinished ...>
[pid  5831] newfstatat(3, "",  <unfinished ...>
[pid  5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5828] unlink("./0/binderfs" <unfinished ...>
[pid  5831] getdents64(3,  <unfinished ...>
[pid  5828] <... unlink resumed>)       = 0
[pid  5831] <... getdents64 resumed>0x555563b576f0 /* 4 entries */, 32768) = 104
[pid  5828] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5831] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5835, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=50 /* 0.50 s */} ---
[pid  5831] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5831] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5831] unlink("./0/binderfs")      = 0
[pid  5831] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5827] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[   62.041541][ T3468] ERROR: (device loop2): dbAlloc: the hint is outside the map
[   62.041541][ T3468] 
[   62.052597][ T3468] ERROR: (device loop2): remounting filesystem as read-only
[   62.061216][ T3468] kworker/u8:7: attempt to access beyond end of device
[   62.061216][ T3468] loop2: rw=1, sector=2621792, nr_sectors = 16 limit=32768
[   62.077186][ T3468] ERROR: (device loop2): dbAlloc: the hint is outside the map
[   62.077186][ T3468] 
[pid  5830] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5827] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[   62.077466][ T1143] ERROR: (device loop1): dbAlloc: the hint is outside the map
[   62.077466][ T1143] 
[   62.089477][ T3468] ERROR: (device loop2): dbAlloc: the hint is outside the map
[   62.089477][ T3468] 
[   62.096621][  T112] blkno = 5002c, nblocks = 1
[   62.106599][ T3468] kworker/u8:7: attempt to access beyond end of device
[   62.106599][ T3468] loop2: rw=2049, sector=2621808, nr_sectors = 8 limit=32768
[   62.126622][ T1143] ERROR: (device loop1): remounting filesystem as read-only
[   62.127040][   T52] ERROR: (device loop4): dbAlloc: the hint is outside the map
[pid  5830] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5827] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5830] <... openat resumed>)       = 3
[pid  5827] <... openat resumed>)       = 3
[pid  5830] newfstatat(3, "",  <unfinished ...>
[   62.127040][   T52] 
[   62.134504][ T1143] kworker/u8:6: attempt to access beyond end of device
[   62.134504][ T1143] loop1: rw=1, sector=2621792, nr_sectors = 16 limit=32768
[   62.157637][ T3468] ERROR: (device loop2): dbAlloc: the hint is outside the map
[   62.157637][ T3468] 
[   62.157754][ T3468] kworker/u8:7: attempt to access beyond end of device
[   62.157754][ T3468] loop2: rw=2049, sector=2621816, nr_sectors = 8 limit=32768
[   62.168192][  T112] ERROR: (device loop2): dbUpdatePMap: blocks are outside the map
[   62.168192][  T112] 
[pid  5827] newfstatat(3, "",  <unfinished ...>
[pid  5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5827] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5830] getdents64(3,  <unfinished ...>
[   62.191879][ T3468] Buffer I/O error on dev loop2, logical block 327727, lost async page write
[   62.193125][  T112] blkno = 5002d, nblocks = 1
[   62.203593][ T1143] ERROR: (device loop1): dbAlloc: the hint is outside the map
[   62.203593][ T1143] 
[   62.205717][   T52] ERROR: (device loop4): remounting filesystem as read-only
[   62.216294][  T113] blkno = 5002c, nblocks = 1
[   62.223589][   T52] kworker/u8:3: attempt to access beyond end of device
[   62.223589][   T52] loop4: rw=1, sector=2621792, nr_sectors = 16 limit=32768
[pid  5827] getdents64(3,  <unfinished ...>
[pid  5830] <... getdents64 resumed>0x555563b576f0 /* 4 entries */, 32768) = 104
[pid  5827] <... getdents64 resumed>0x555563b576f0 /* 4 entries */, 32768) = 104
[pid  5830] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[   62.227771][  T113] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map
[   62.227771][  T113] 
[   62.241473][  T112] ERROR: (device loop2): dbUpdatePMap: blocks are outside the map
[   62.241473][  T112] 
[   62.251541][  T113] blkno = 5002d, nblocks = 1
[   62.263845][   T52] ERROR: (device loop4): dbAlloc: the hint is outside the map
[   62.263845][   T52] 
[   62.265857][   T12] ERROR: (device loop1): dbAlloc: the hint is outside the map
[   62.265857][   T12] 
[   62.275616][  T112] blkno = 5002e, nblocks = 1
[pid  5827] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5830] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5830] newfstatat(AT_FDCWD, "./0/binderfs",  <unfinished ...>
[   62.285159][   T12] kworker/u8:1: attempt to access beyond end of device
[   62.285159][   T12] loop1: rw=2049, sector=2621808, nr_sectors = 8 limit=32768
[   62.291076][  T112] ERROR: (device loop2): dbUpdatePMap: blocks are outside the map
[   62.291076][  T112] 
[   62.314370][ T1143] ERROR: (device loop4): dbAlloc: the hint is outside the map
[   62.314370][ T1143] 
[   62.314784][  T112] blkno = 5002f, nblocks = 1
[   62.324394][ T1143] kworker/u8:6: attempt to access beyond end of device
[   62.324394][ T1143] loop4: rw=2049, sector=2621808, nr_sectors = 8 limit=32768
[pid  5827] newfstatat(AT_FDCWD, "./0/binderfs",  <unfinished ...>
[pid  5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5827] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5830] unlink("./0/binderfs" <unfinished ...>
[pid  5827] unlink("./0/binderfs" <unfinished ...>
[pid  5830] <... unlink resumed>)       = 0
[pid  5827] <... unlink resumed>)       = 0
[   62.329949][  T112] ERROR: (device loop2): dbUpdatePMap: blocks are outside the map
[   62.329949][  T112] 
[   62.344013][   T12] ERROR: (device loop1): dbAlloc: the hint is outside the map
[   62.344013][   T12] 
[   62.354153][  T113] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map
[   62.354153][  T113] 
[   62.363261][ T1143] ERROR: (device loop4): dbAlloc: the hint is outside the map
[   62.363261][ T1143] 
[   62.374612][  T112] blkno = 5002c, nblocks = 1
[pid  5829] <... umount2 resumed>)      = 0
[pid  5830] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5827] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5829] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5829] newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5829] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5829] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5829] getdents64(4, 0x555563b5f730 /* 2 entries */, 32768) = 48
[pid  5829] getdents64(4, 0x555563b5f730 /* 0 entries */, 32768) = 0
[pid  5829] close(4)                    = 0
[pid  5829] rmdir("./0/bus")            = 0
[pid  5829] getdents64(3, 0x555563b576f0 /* 0 entries */, 32768) = 0
[pid  5829] close(3)                    = 0
[pid  5829] rmdir("./0")                = 0
[pid  5829] mkdir("./1", 0777)          = 0
[pid  5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3
[pid  5829] ioctl(3, LOOP_CLR_FD)       = 0
[   62.383951][   T12] kworker/u8:1: attempt to access beyond end of device
[   62.383951][   T12] loop1: rw=2049, sector=2621816, nr_sectors = 8 limit=32768
[   62.401781][ T1143] kworker/u8:6: attempt to access beyond end of device
[   62.401781][ T1143] loop4: rw=2049, sector=2621816, nr_sectors = 8 limit=32768
[   62.417596][   T12] Buffer I/O error on dev loop1, logical block 327727, lost async page write
[   62.424275][  T112] ERROR: (device loop4): dbUpdatePMap: blocks are outside the map
[   62.424275][  T112] 
[   62.446651][ T1143] Buffer I/O error on dev loop4, logical block 327727, lost async page write
[   62.448101][  T113] blkno = 5002e, nblocks = 1
[   62.455917][ T3468] ERROR: (device loop0): dbAlloc: the hint is outside the map
[   62.455917][ T3468] 
[   62.471639][   T52] ERROR: (device loop3): dbAlloc: the hint is outside the map
[   62.471639][   T52] 
[   62.476979][  T112] blkno = 5002d, nblocks = 1
[   62.481349][ T3468] ERROR: (device loop0): remounting filesystem as read-only
[   62.486101][  T113] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map
[   62.486101][  T113] 
[   62.493499][ T3468] kworker/u8:7: attempt to access beyond end of device
[   62.493499][ T3468] loop0: rw=1, sector=2621792, nr_sectors = 16 limit=32768
[   62.506750][  T112] ERROR: (device loop4): dbUpdatePMap: blocks are outside the map
[   62.506750][  T112] 
[   62.517485][   T52] ERROR: (device loop3): remounting filesystem as read-only
[   62.517596][   T52] ERROR: (device loop3): dbAlloc: the hint is outside the map
[   62.517596][   T52] 
[   62.555609][ T3468] ERROR: (device loop0): dbAlloc: the hint is outside the map
[   62.555609][ T3468] 
[   62.556834][  T113] blkno = 5002f, nblocks = 1
[   62.570667][  T112] blkno = 5002e, nblocks = 1
[   62.575433][  T112] ERROR: (device loop4): dbUpdatePMap: blocks are outside the map
[   62.575433][  T112] 
[   62.577956][   T52] ERROR: (device loop3): dbAlloc: the hint is outside the map
[   62.577956][   T52] 
[   62.595272][  T113] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map
[   62.595272][  T113] 
[   62.596136][ T3468] ERROR: (device loop0): dbAlloc: the hint is outside the map
[   62.596136][ T3468] 
[   62.615799][   T52] ERROR: (device loop3): dbAlloc: the hint is outside the map
[   62.615799][   T52] 
[   62.616961][  T112] blkno = 5002f, nblocks = 1
[   62.626246][ T3468] ERROR: (device loop0): dbAlloc: the hint is outside the map
[   62.626246][ T3468] 
[   62.630637][  T113] blkno = 5002c, nblocks = 1
[   62.640385][   T52] Buffer I/O error on dev loop3, logical block 327727, lost async page write
[pid  5829] close(3)                    = 0
[pid  5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD <unfinished ...>
[pid  5831] <... umount2 resumed>)      = 0
[pid  5829] <... clone resumed>, child_tidptr=0x555563b56650) = 5840
./strace-static-x86_64: Process 5840 attached
[pid  5828] <... umount2 resumed>)      = 0
[   62.653769][ T3468] Buffer I/O error on dev loop0, logical block 327727, lost async page write
[   62.662894][  T112] ERROR: (device loop4): dbUpdatePMap: blocks are outside the map
[   62.662894][  T112] 
[   62.664245][  T113] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map
[   62.664245][  T113] 
[   62.683448][  T113] blkno = 5002d, nblocks = 1
[   62.685065][  T112] blkno = 5002c, nblocks = 1
[   62.691882][  T113] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map
[   62.691882][  T113] 
[pid  5828] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5828] newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5828] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5828] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5828] newfstatat(4, "",  <unfinished ...>
[pid  5840] set_robust_list(0x555563b56660, 24 <unfinished ...>
[pid  5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5840] <... set_robust_list resumed>) = 0
[pid  5828] getdents64(4,  <unfinished ...>
[pid  5840] chdir("./1" <unfinished ...>
[pid  5831] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5828] <... getdents64 resumed>0x555563b5f730 /* 2 entries */, 32768) = 48
[pid  5831] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5840] <... chdir resumed>)        = 0
[pid  5828] getdents64(4,  <unfinished ...>
[pid  5840] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5828] <... getdents64 resumed>0x555563b5f730 /* 0 entries */, 32768) = 0
[pid  5840] <... prctl resumed>)        = 0
[pid  5828] close(4 <unfinished ...>
[pid  5840] setpgid(0, 0 <unfinished ...>
[pid  5828] <... close resumed>)        = 0
[pid  5840] <... setpgid resumed>)      = 0
[pid  5828] rmdir("./0/bus" <unfinished ...>
[pid  5840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5828] <... rmdir resumed>)        = 0
[pid  5840] <... openat resumed>)       = 3
[pid  5828] getdents64(3, 0x555563b576f0 /* 0 entries */, 32768) = 0
[pid  5828] close(3 <unfinished ...>
[pid  5840] write(3, "1000", 4 <unfinished ...>
[pid  5828] <... close resumed>)        = 0
[pid  5840] <... write resumed>)        = 4
[pid  5828] rmdir("./0" <unfinished ...>
[pid  5840] close(3 <unfinished ...>
[pid  5828] <... rmdir resumed>)        = 0
[pid  5840] <... close resumed>)        = 0
[pid  5828] mkdir("./1", 0777 <unfinished ...>
[pid  5840] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid  5828] <... mkdir resumed>)        = 0
executing program
[pid  5840] <... symlink resumed>)      = 0
[pid  5840] write(1, "executing program\n", 18 <unfinished ...>
[pid  5828] openat(AT_FDCWD, "/dev/loop1", O_RDWR <unfinished ...>
[pid  5840] <... write resumed>)        = 18
[pid  5828] <... openat resumed>)       = 3
[pid  5840] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5828] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid  5831] newfstatat(AT_FDCWD, "./0/bus",  <unfinished ...>
[pid  5828] <... ioctl resumed>)        = 0
[pid  5840] <... memfd_create resumed>) = 3
[pid  5828] close(3 <unfinished ...>
[pid  5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5831] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5831] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b27200000
[pid  5831] <... openat resumed>)       = 4
[   62.705692][  T113] blkno = 5002e, nblocks = 1
[   62.711380][  T113] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map
[   62.711380][  T113] 
[   62.722140][  T113] blkno = 5002f, nblocks = 1
[   62.727140][  T112] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[   62.727140][  T112] 
[pid  5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5831] getdents64(4, 0x555563b5f730 /* 2 entries */, 32768) = 48
[pid  5831] getdents64(4, 0x555563b5f730 /* 0 entries */, 32768) = 0
[   62.750977][  T113] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map
[   62.750977][  T113] 
[   62.761358][  T112] blkno = 5002d, nblocks = 1
[   62.765973][  T112] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[   62.765973][  T112] 
[   62.791671][  T112] blkno = 5002e, nblocks = 1
[pid  5831] close(4)                    = 0
[pid  5831] rmdir("./0/bus")            = 0
[pid  5831] getdents64(3, 0x555563b576f0 /* 0 entries */, 32768) = 0
[pid  5831] close(3)                    = 0
[pid  5831] rmdir("./0")                = 0
[pid  5831] mkdir("./1", 0777)          = 0
[pid  5831] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3
[pid  5831] ioctl(3, LOOP_CLR_FD)       = 0
[   62.806757][  T112] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[   62.806757][  T112] 
[   62.837218][  T112] blkno = 5002f, nblocks = 1
[   62.841849][  T112] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[   62.841849][  T112] 
[pid  5831] close(3 <unfinished ...>
[pid  5827] <... umount2 resumed>)      = 0
[pid  5827] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5827] newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5827] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5827] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5827] getdents64(4, 0x555563b5f730 /* 2 entries */, 32768) = 48
[pid  5827] getdents64(4, 0x555563b5f730 /* 0 entries */, 32768) = 0
[pid  5827] close(4)                    = 0
[pid  5827] rmdir("./0/bus")            = 0
[pid  5827] getdents64(3, 0x555563b576f0 /* 0 entries */, 32768) = 0
[pid  5827] close(3)                    = 0
[pid  5827] rmdir("./0")                = 0
[pid  5827] mkdir("./1", 0777)          = 0
[pid  5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5827] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5827] close(3 <unfinished ...>
[pid  5828] <... close resumed>)        = 0
[pid  5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5841 attached
, child_tidptr=0x555563b56650) = 5841
executing program
[pid  5841] set_robust_list(0x555563b56660, 24) = 0
[pid  5841] chdir("./1")                = 0
[pid  5841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5841] setpgid(0, 0)               = 0
[pid  5841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5841] write(3, "1000", 4)         = 4
[pid  5841] close(3)                    = 0
[pid  5841] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5841] write(1, "executing program\n", 18) = 18
[pid  5841] memfd_create("syzkaller", 0) = 3
[pid  5841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b27200000
[pid  5831] <... close resumed>)        = 0
[pid  5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5842 attached
, child_tidptr=0x555563b56650) = 5842
[pid  5842] set_robust_list(0x555563b56660, 24) = 0
[pid  5842] chdir("./1")                = 0
[pid  5842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5842] setpgid(0, 0)               = 0
[pid  5830] <... umount2 resumed>)      = 0
[pid  5830] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5830] newfstatat(AT_FDCWD, "./0/bus",  <unfinished ...>
[pid  5842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5830] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5830] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5842] <... openat resumed>)       = 3
[pid  5830] <... openat resumed>)       = 4
[pid  5830] newfstatat(4, "",  <unfinished ...>
[pid  5842] write(3, "1000", 4 <unfinished ...>
[pid  5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5842] <... write resumed>)        = 4
[pid  5830] getdents64(4,  <unfinished ...>
[pid  5842] close(3 <unfinished ...>
[pid  5830] <... getdents64 resumed>0x555563b5f730 /* 2 entries */, 32768) = 48
[pid  5842] <... close resumed>)        = 0
[pid  5830] getdents64(4,  <unfinished ...>
[pid  5842] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid  5830] <... getdents64 resumed>0x555563b5f730 /* 0 entries */, 32768) = 0
[pid  5842] <... symlink resumed>)      = 0
[pid  5830] close(4executing program
)                    = 0
[pid  5842] write(1, "executing program\n", 18 <unfinished ...>
[pid  5830] rmdir("./0/bus" <unfinished ...>
[pid  5842] <... write resumed>)        = 18
[pid  5842] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5830] <... rmdir resumed>)        = 0
[pid  5830] getdents64(3, 0x555563b576f0 /* 0 entries */, 32768) = 0
[pid  5842] <... memfd_create resumed>) = 3
[pid  5830] close(3 <unfinished ...>
[pid  5842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5830] <... close resumed>)        = 0
[pid  5842] <... mmap resumed>)         = 0x7f1b27200000
[pid  5830] rmdir("./0")                = 0
[pid  5830] mkdir("./1", 0777)          = 0
[pid  5830] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3
[pid  5830] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5830] close(3 <unfinished ...>
[pid  5827] <... close resumed>)        = 0
[pid  5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555563b56650) = 5843
./strace-static-x86_64: Process 5843 attached
[pid  5843] set_robust_list(0x555563b56660, 24) = 0
[pid  5843] chdir("./1")                = 0
[pid  5843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5843] setpgid(0, 0)               = 0
[pid  5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5843] write(3, "1000", 4)         = 4
[pid  5843] close(3)                    = 0
[pid  5843] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5843] write(1, "executing program\n", 18executing program
) = 18
[pid  5843] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5840] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 <unfinished ...>
[pid  5843] <... memfd_create resumed>) = 3
[pid  5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b27200000
[pid  5830] <... close resumed>)        = 0
[pid  5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555563b56650) = 5844
./strace-static-x86_64: Process 5844 attached
[pid  5844] set_robust_list(0x555563b56660, 24) = 0
[pid  5844] chdir("./1")                = 0
[pid  5844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5844] setpgid(0, 0)               = 0
[pid  5844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5844] write(3, "1000", 4)         = 4
[pid  5844] close(3)                    = 0
[pid  5844] symlink("/dev/binderfs", "./binderfs"executing program
) = 0
[pid  5844] write(1, "executing program\n", 18) = 18
[pid  5844] memfd_create("syzkaller", 0) = 3
[pid  5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b27200000
[pid  5841] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 <unfinished ...>
[pid  5842] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 <unfinished ...>
[pid  5840] <... write resumed>)        = 16777216
[pid  5840] munmap(0x7f1b27200000, 138412032 <unfinished ...>
[pid  5843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 <unfinished ...>
[pid  5840] <... munmap resumed>)       = 0
[pid  5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4
[pid  5840] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5840] close(3)                    = 0
[pid  5840] close(4)                    = 0
[pid  5840] mkdir("./bus", 0777)        = 0
[   63.478298][ T5840] loop2: detected capacity change from 0 to 32768
[pid  5840] mount("/dev/loop2", "./bus", "jfs", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME|MS_POSIXACL|MS_LAZYTIME, "") = 0
[pid  5840] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5840] chdir("./bus")              = 0
[pid  5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5840] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid  5840] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid  5840] ftruncate(4, 49530)         = 0
[pid  5840] memfd_create("syzkaller", 0) = 5
[pid  5840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b27200000
[pid  5844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 <unfinished ...>
[pid  5841] <... write resumed>)        = 16777216
[pid  5841] munmap(0x7f1b27200000, 138412032) = 0
[pid  5841] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4
[pid  5841] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5841] close(3)                    = 0
[pid  5841] close(4)                    = 0
[pid  5841] mkdir("./bus", 0777)        = 0
[pid  5841] mount("/dev/loop1", "./bus", "jfs", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME|MS_POSIXACL|MS_LAZYTIME, "") = 0
[pid  5841] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5842] <... write resumed>)        = 16777216
[pid  5841] chdir("./bus" <unfinished ...>
[pid  5842] munmap(0x7f1b27200000, 138412032 <unfinished ...>
[pid  5841] <... chdir resumed>)        = 0
[pid  5841] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5841] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid  5841] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid  5841] ftruncate(4, 49530)         = 0
[   63.791019][ T5841] loop1: detected capacity change from 0 to 32768
[pid  5842] <... munmap resumed>)       = 0
[pid  5843] <... write resumed>)        = 16777216
[pid  5841] memfd_create("syzkaller", 0) = 5
[pid  5841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR <unfinished ...>
[pid  5843] munmap(0x7f1b27200000, 138412032 <unfinished ...>
[pid  5842] <... openat resumed>)       = 4
[pid  5842] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5841] <... mmap resumed>)         = 0x7f1b27200000
[pid  5842] <... ioctl resumed>)        = 0
[pid  5842] close(3)                    = 0
[pid  5842] close(4)                    = 0
[pid  5842] mkdir("./bus", 0777)        = 0
[pid  5843] <... munmap resumed>)       = 0
[pid  5842] mount("/dev/loop4", "./bus", "jfs", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME|MS_POSIXACL|MS_LAZYTIME, "" <unfinished ...>
[pid  5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   63.866959][ T5842] loop4: detected capacity change from 0 to 32768
[pid  5843] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[pid  5842] <... mount resumed>)        = 0
[pid  5842] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5842] chdir("./bus")              = 0
[pid  5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5842] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid  5842] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid  5842] ftruncate(4, 49530)         = 0
[pid  5842] memfd_create("syzkaller", 0) = 5
[pid  5842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b27200000
[pid  5843] <... ioctl resumed>)        = 0
[pid  5843] close(3)                    = 0
[pid  5843] close(4)                    = 0
[pid  5843] mkdir("./bus", 0777)        = 0
[   63.913445][ T5843] loop0: detected capacity change from 0 to 32768
[pid  5843] mount("/dev/loop0", "./bus", "jfs", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME|MS_POSIXACL|MS_LAZYTIME, "" <unfinished ...>
[pid  5840] write(5, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 <unfinished ...>
[pid  5843] <... mount resumed>)        = 0
[pid  5843] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5843] chdir("./bus")              = 0
[pid  5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5843] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid  5843] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid  5843] ftruncate(4, 49530)         = 0
[pid  5843] memfd_create("syzkaller", 0) = 5
[pid  5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b27200000
[pid  5844] <... write resumed>)        = 16777216
[pid  5844] munmap(0x7f1b27200000, 138412032) = 0
[pid  5844] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4
[pid  5844] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5844] close(3)                    = 0
[pid  5844] close(4)                    = 0
[pid  5844] mkdir("./bus", 0777)        = 0
[   64.109262][ T5844] loop3: detected capacity change from 0 to 32768
[pid  5844] mount("/dev/loop3", "./bus", "jfs", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME|MS_POSIXACL|MS_LAZYTIME, "") = 0
[pid  5844] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5844] chdir("./bus")              = 0
[pid  5844] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5844] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid  5844] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid  5844] ftruncate(4, 49530 <unfinished ...>
[pid  5841] write(5, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 <unfinished ...>
[pid  5844] <... ftruncate resumed>)    = 0
[pid  5844] memfd_create("syzkaller", 0) = 5
[pid  5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b27200000
[pid  5842] write(5, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 <unfinished ...>
[pid  5840] <... write resumed>)        = 16777216
[pid  5840] munmap(0x7f1b27200000, 138412032 <unfinished ...>
[pid  5843] write(5, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 <unfinished ...>
[pid  5840] <... munmap resumed>)       = 0
[pid  5840] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5840] close(5)                    = 0
[pid  5840] exit_group(0)               = ?
[pid  5840] +++ exited with 0 +++
[pid  5844] write(5, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 <unfinished ...>
[pid  5841] <... write resumed>)        = 16777216
[pid  5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5840, si_uid=0, si_status=0, si_utime=14 /* 0.14 s */, si_stime=48 /* 0.48 s */} ---
[pid  5829] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5829] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5841] munmap(0x7f1b27200000, 138412032 <unfinished ...>
[pid  5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5829] getdents64(3, 0x555563b576f0 /* 4 entries */, 32768) = 104
[pid  5829] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5829] newfstatat(AT_FDCWD, "./1/binderfs",  <unfinished ...>
[pid  5842] <... write resumed>)        = 16777216
[pid  5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5842] munmap(0x7f1b27200000, 138412032 <unfinished ...>
[pid  5829] unlink("./1/binderfs")      = 0
[pid  5842] <... munmap resumed>)       = 0
[pid  5841] <... munmap resumed>)       = 0
[pid  5829] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5841] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5841] close(5 <unfinished ...>
[pid  5842] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy)
[   64.626633][ T3468] ERROR: (device loop2): dbAlloc: the hint is outside the map
[   64.626633][ T3468] 
[   64.658640][ T3468] ERROR: (device loop2): remounting filesystem as read-only
[   64.666064][ T3468] ERROR: (device loop2): dbAlloc: the hint is outside the map
[   64.666064][ T3468] 
[pid  5842] close(5 <unfinished ...>
[pid  5843] <... write resumed>)        = 16777216
[   64.697865][  T113] blkno = 5002c, nblocks = 1
[   64.702540][  T113] ERROR: (device loop2): dbUpdatePMap: blocks are outside the map
[   64.702540][  T113] 
[   64.714456][   T52] ERROR: (device loop2): dbAlloc: the hint is outside the map
[   64.714456][   T52] 
[   64.733593][   T52] ERROR: (device loop2): dbAlloc: the hint is outside the map
[   64.733593][   T52] 
[pid  5843] munmap(0x7f1b27200000, 138412032) = 0
[   64.744510][  T113] blkno = 5002d, nblocks = 1
[   64.755533][  T113] ERROR: (device loop2): dbUpdatePMap: blocks are outside the map
[   64.755533][  T113] 
[   64.767533][   T52] Buffer I/O error on dev loop2, logical block 327727, lost async page write
[   64.788675][  T112] blkno = 5002e, nblocks = 1
[pid  5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5841] <... close resumed>)        = 0
[pid  5843] close(5 <unfinished ...>
[pid  5842] <... close resumed>)        = 0
[pid  5841] exit_group(0)               = ?
[pid  5841] +++ exited with 0 +++
[pid  5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5841, si_uid=0, si_status=0, si_utime=19 /* 0.19 s */, si_stime=42 /* 0.42 s */} ---
[pid  5828] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid  5842] exit_group(0 <unfinished ...>
[pid  5828] <... restart_syscall resumed>) = 0
[pid  5842] <... exit_group resumed>)   = ?
[pid  5828] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5828] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5828] newfstatat(3, "",  <unfinished ...>
[pid  5842] +++ exited with 0 +++
[pid  5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5842, si_uid=0, si_status=0, si_utime=14 /* 0.14 s */, si_stime=41 /* 0.41 s */} ---
[pid  5829] <... umount2 resumed>)      = 0
[pid  5828] getdents64(3,  <unfinished ...>
[pid  5831] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid  5829] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5828] <... getdents64 resumed>0x555563b576f0 /* 4 entries */, 32768) = 104
[pid  5829] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5828] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5829] newfstatat(AT_FDCWD, "./1/bus",  <unfinished ...>
[pid  5828] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5831] <... restart_syscall resumed>) = 0
[pid  5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5828] newfstatat(AT_FDCWD, "./1/binderfs",  <unfinished ...>
[pid  5829] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5829] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5828] unlink("./1/binderfs" <unfinished ...>
[pid  5831] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5829] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5828] <... unlink resumed>)       = 0
[pid  5831] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5829] <... openat resumed>)       = 4
[pid  5828] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5831] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5829] newfstatat(4, "",  <unfinished ...>
[pid  5831] <... openat resumed>)       = 3
[   64.793300][  T112] ERROR: (device loop2): dbUpdatePMap: blocks are outside the map
[   64.793300][  T112] 
[   64.805183][  T112] blkno = 5002f, nblocks = 1
[   64.815874][  T112] ERROR: (device loop2): dbUpdatePMap: blocks are outside the map
[   64.815874][  T112] 
[pid  5831] newfstatat(3, "",  <unfinished ...>
[pid  5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5831] getdents64(3,  <unfinished ...>
[pid  5829] getdents64(4,  <unfinished ...>
[pid  5831] <... getdents64 resumed>0x555563b576f0 /* 4 entries */, 32768) = 104
[pid  5831] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5829] <... getdents64 resumed>0x555563b5f730 /* 2 entries */, 32768) = 48
[pid  5831] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5831] newfstatat(AT_FDCWD, "./1/binderfs",  <unfinished ...>
[pid  5829] getdents64(4,  <unfinished ...>
[pid  5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5829] <... getdents64 resumed>0x555563b5f730 /* 0 entries */, 32768) = 0
[pid  5831] unlink("./1/binderfs" <unfinished ...>
[pid  5829] close(4 <unfinished ...>
[pid  5831] <... unlink resumed>)       = 0
[pid  5829] <... close resumed>)        = 0
[pid  5831] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5829] rmdir("./1/bus")            = 0
[pid  5829] getdents64(3, 0x555563b576f0 /* 0 entries */, 32768) = 0
[pid  5829] close(3)                    = 0
[pid  5829] rmdir("./1")                = 0
[pid  5829] mkdir("./2", 0777)          = 0
[pid  5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3
[pid  5829] ioctl(3, LOOP_CLR_FD)       = 0
[   64.864422][   T52] ERROR: (device loop1): dbAlloc: the hint is outside the map
[   64.864422][   T52] 
[   64.885259][ T3468] ERROR: (device loop4): dbAlloc: the hint is outside the map
[   64.885259][ T3468] 
[   64.887077][   T52] ERROR: (device loop1): remounting filesystem as read-only
[pid  5829] close(3 <unfinished ...>
[pid  5843] <... close resumed>)        = 0
[   64.918352][ T3468] ERROR: (device loop4): remounting filesystem as read-only
[   64.932987][ T3468] ERROR: (device loop4): dbAlloc: the hint is outside the map
[   64.932987][ T3468] 
[   64.954338][   T52] ERROR: (device loop1): dbAlloc: the hint is outside the map
[   64.954338][   T52] 
[pid  5843] exit_group(0 <unfinished ...>
[pid  5844] <... write resumed>)        = 16777216
[pid  5843] <... exit_group resumed>)   = ?
[pid  5843] +++ exited with 0 +++
[pid  5827] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5843, si_uid=0, si_status=0, si_utime=18 /* 0.18 s */, si_stime=49 /* 0.49 s */} ---
[   64.957390][ T3468] ERROR: (device loop4): dbAlloc: the hint is outside the map
[   64.957390][ T3468] 
[   64.973974][  T113] blkno = 5002c, nblocks = 1
[   64.979150][   T64] ERROR: (device loop1): dbAlloc: the hint is outside the map
[   64.979150][   T64] 
[   64.989078][  T112] blkno = 5002c, nblocks = 1
[   64.993691][  T112] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map
[   64.993691][  T112] 
[   65.003930][  T113] ERROR: (device loop4): dbUpdatePMap: blocks are outside the map
[   65.003930][  T113] 
[pid  5844] munmap(0x7f1b27200000, 138412032 <unfinished ...>
[pid  5827] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5827] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5827] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5827] getdents64(3, 0x555563b576f0 /* 4 entries */, 32768) = 104
[pid  5827] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5844] <... munmap resumed>)       = 0
[pid  5827] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5827] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5827] unlink("./1/binderfs")      = 0
[   65.014962][   T64] ERROR: (device loop1): dbAlloc: the hint is outside the map
[   65.014962][   T64] 
[   65.025087][  T113] blkno = 5002d, nblocks = 1
[   65.030348][  T112] blkno = 5002d, nblocks = 1
[   65.035472][  T113] ERROR: (device loop4): dbUpdatePMap: blocks are outside the map
[   65.035472][  T113] 
[   65.046439][   T64] Buffer I/O error on dev loop1, logical block 327727, lost async page write
[   65.047283][   T52] ERROR: (device loop0): dbAlloc: the hint is outside the map
[   65.047283][   T52] 
[pid  5827] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5844] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy)
[   65.055366][  T112] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map
[   65.055366][  T112] 
[   65.075119][ T3468] ERROR: (device loop4): dbAlloc: the hint is outside the map
[   65.075119][ T3468] 
[   65.086795][ T3468] Buffer I/O error on dev loop4, logical block 327727, lost async page write
[   65.096253][  T113] blkno = 5002e, nblocks = 1
[   65.100981][  T113] ERROR: (device loop4): dbUpdatePMap: blocks are outside the map
[   65.100981][  T113] 
[   65.111132][  T112] blkno = 5002e, nblocks = 1
[pid  5844] close(5 <unfinished ...>
[pid  5829] <... close resumed>)        = 0
[pid  5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555563b56650) = 5845
./strace-static-x86_64: Process 5845 attached
[pid  5845] set_robust_list(0x555563b56660, 24) = 0
[pid  5845] chdir("./2")                = 0
[pid  5845] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5845] setpgid(0, 0)               = 0
[pid  5845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5845] write(3, "1000", 4)         = 4
[pid  5845] close(3)                    = 0
[pid  5845] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5845] write(1, "executing program\n", 18) = 18
[pid  5845] memfd_create("syzkaller", 0) = 3
[pid  5845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b27200000
[   65.115737][  T112] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map
[   65.115737][  T112] 
[   65.125946][  T113] blkno = 5002f, nblocks = 1
[   65.130641][  T113] ERROR: (device loop4): dbUpdatePMap: blocks are outside the map
[   65.130641][  T113] 
[   65.140741][  T112] blkno = 5002f, nblocks = 1
[   65.146771][  T112] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map
[   65.146771][  T112] 
[   65.157685][   T52] ERROR: (device loop0): remounting filesystem as read-only
[pid  5831] <... umount2 resumed>)      = 0
[pid  5831] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5828] <... umount2 resumed>)      = 0
[pid  5831] newfstatat(AT_FDCWD, "./1/bus",  <unfinished ...>
[pid  5828] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5828] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[   65.165566][   T52] ERROR: (device loop0): dbAlloc: the hint is outside the map
[   65.165566][   T52] 
[   65.187565][  T112] blkno = 5002c, nblocks = 1
[   65.187970][   T35] ERROR: (device loop0): dbAlloc: the hint is outside the map
[   65.187970][   T35] 
[   65.192165][  T112] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[   65.192165][  T112] 
[   65.212119][   T35] ERROR: (device loop0): dbAlloc: the hint is outside the map
[pid  5831] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5828] newfstatat(AT_FDCWD, "./1/bus",  <unfinished ...>
[pid  5831] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5831] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5831] <... openat resumed>)       = 4
[pid  5828] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5831] newfstatat(4, "",  <unfinished ...>
[pid  5828] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5828] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5831] getdents64(4,  <unfinished ...>
[pid  5828] <... openat resumed>)       = 4
[pid  5831] <... getdents64 resumed>0x555563b5f730 /* 2 entries */, 32768) = 48
[pid  5828] newfstatat(4, "",  <unfinished ...>
[pid  5831] getdents64(4, 0x555563b5f730 /* 0 entries */, 32768) = 0
[pid  5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5831] close(4 <unfinished ...>
[pid  5828] getdents64(4,  <unfinished ...>
[pid  5831] <... close resumed>)        = 0
[pid  5828] <... getdents64 resumed>0x555563b5f730 /* 2 entries */, 32768) = 48
[pid  5831] rmdir("./1/bus" <unfinished ...>
[pid  5828] getdents64(4, 0x555563b5f730 /* 0 entries */, 32768) = 0
[pid  5844] <... close resumed>)        = 0
[pid  5831] <... rmdir resumed>)        = 0
[pid  5828] close(4 <unfinished ...>
[pid  5831] getdents64(3,  <unfinished ...>
[pid  5828] <... close resumed>)        = 0
[pid  5831] <... getdents64 resumed>0x555563b576f0 /* 0 entries */, 32768) = 0
[pid  5828] rmdir("./1/bus" <unfinished ...>
[pid  5831] close(3)                    = 0
[   65.212119][   T35] 
[   65.224650][  T112] blkno = 5002d, nblocks = 1
[   65.236508][  T112] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[   65.236508][  T112] 
[   65.257634][   T35] Buffer I/O error on dev loop0, logical block 327727, lost async page write
[pid  5828] <... rmdir resumed>)        = 0
[pid  5844] exit_group(0 <unfinished ...>
[pid  5831] rmdir("./1" <unfinished ...>
[pid  5828] getdents64(3,  <unfinished ...>
[pid  5844] <... exit_group resumed>)   = ?
[pid  5831] <... rmdir resumed>)        = 0
[pid  5828] <... getdents64 resumed>0x555563b576f0 /* 0 entries */, 32768) = 0
[pid  5831] mkdir("./2", 0777 <unfinished ...>
[pid  5828] close(3 <unfinished ...>
[pid  5844] +++ exited with 0 +++
[pid  5831] <... mkdir resumed>)        = 0
[pid  5828] <... close resumed>)        = 0
[pid  5831] openat(AT_FDCWD, "/dev/loop4", O_RDWR <unfinished ...>
[pid  5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5844, si_uid=0, si_status=0, si_utime=20 /* 0.20 s */, si_stime=48 /* 0.48 s */} ---
[pid  5828] rmdir("./1" <unfinished ...>
[pid  5831] <... openat resumed>)       = 3
[pid  5830] restart_syscall(<... resuming interrupted clone ...> <unfinished ...>
[pid  5828] <... rmdir resumed>)        = 0
[pid  5831] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid  5828] mkdir("./2", 0777 <unfinished ...>
[pid  5831] <... ioctl resumed>)        = 0
[pid  5828] <... mkdir resumed>)        = 0
[pid  5831] close(3 <unfinished ...>
[pid  5828] openat(AT_FDCWD, "/dev/loop1", O_RDWR <unfinished ...>
[pid  5830] <... restart_syscall resumed>) = 0
[pid  5828] <... openat resumed>)       = 3
[pid  5830] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5828] ioctl(3, LOOP_CLR_FD <unfinished ...>
[pid  5830] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5828] <... ioctl resumed>)        = 0
[   65.267907][  T113] blkno = 5002e, nblocks = 1
[   65.272528][  T113] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[   65.272528][  T113] 
[pid  5830] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5828] close(3 <unfinished ...>
[pid  5830] <... openat resumed>)       = 3
[pid  5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5830] getdents64(3, 0x555563b576f0 /* 4 entries */, 32768) = 104
[pid  5830] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5830] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5830] unlink("./1/binderfs")      = 0
[   65.337194][  T113] blkno = 5002f, nblocks = 1
[   65.341898][  T113] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[   65.341898][  T113] 
[   65.366797][ T3468] ERROR: (device loop3): dbAlloc: the hint is outside the map
[   65.366797][ T3468] 
[   65.378156][ T3468] ERROR: (device loop3): remounting filesystem as read-only
[   65.385570][ T3468] ERROR: (device loop3): dbAlloc: the hint is outside the map
[   65.385570][ T3468] 
[   65.425161][  T112] blkno = 5002c, nblocks = 1
[   65.430263][   T64] ERROR: (device loop3): dbAlloc: the hint is outside the map
[pid  5830] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[   65.430263][   T64] 
[   65.441211][  T112] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map
[   65.441211][  T112] 
[   65.455077][   T64] ERROR: (device loop3): dbAlloc: the hint is outside the map
[   65.455077][   T64] 
[   65.467429][  T112] blkno = 5002d, nblocks = 1
[   65.472052][  T112] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map
[   65.472052][  T112] 
[pid  5845] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 <unfinished ...>
[pid  5831] <... close resumed>)        = 0
[pid  5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555563b56650) = 5847
./strace-static-x86_64: Process 5847 attached
[pid  5847] set_robust_list(0x555563b56660, 24) = 0
[pid  5847] chdir("./2")                = 0
[pid  5847] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5847] setpgid(0, 0)               = 0
[   65.486959][   T64] Buffer I/O error on dev loop3, logical block 327727, lost async page write
[   65.516817][  T112] blkno = 5002e, nblocks = 1
[   65.521528][  T112] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map
[   65.521528][  T112] 
[pid  5847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5828] <... close resumed>)        = 0
[pid  5847] <... openat resumed>)       = 3
[pid  5847] write(3, "1000", 4)         = 4
[pid  5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555563b56650) = 5849
./strace-static-x86_64: Process 5849 attached
[pid  5849] set_robust_list(0x555563b56660, 24) = 0
[pid  5849] chdir("./2")                = 0
[pid  5849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5849] setpgid(0, 0)               = 0
[pid  5849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5849] write(3, "1000", 4 <unfinished ...>
[pid  5847] close(3 <unfinished ...>
[pid  5849] <... write resumed>)        = 4
[pid  5847] <... close resumed>)        = 0
[pid  5849] close(3 <unfinished ...>
executing program
executing program
[pid  5847] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid  5849] <... close resumed>)        = 0
[pid  5849] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5847] <... symlink resumed>)      = 0
[pid  5849] write(1, "executing program\n", 18 <unfinished ...>
[pid  5847] write(1, "executing program\n", 18 <unfinished ...>
[pid  5849] <... write resumed>)        = 18
[pid  5847] <... write resumed>)        = 18
[pid  5849] memfd_create("syzkaller", 0) = 3
[pid  5849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5847] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5849] <... mmap resumed>)         = 0x7f1b27200000
[pid  5847] <... memfd_create resumed>) = 3
[pid  5847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b27200000
[   65.543164][  T112] blkno = 5002f, nblocks = 1
[   65.552099][  T112] ERROR: (device loop3): dbUpdatePMap: blocks are outside the map
[   65.552099][  T112] 
[pid  5827] <... umount2 resumed>)      = 0
[pid  5827] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5827] newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5827] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5827] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5827] getdents64(4, 0x555563b5f730 /* 2 entries */, 32768) = 48
[pid  5827] getdents64(4, 0x555563b5f730 /* 0 entries */, 32768) = 0
[pid  5827] close(4)                    = 0
[pid  5827] rmdir("./1/bus")            = 0
[pid  5827] getdents64(3, 0x555563b576f0 /* 0 entries */, 32768) = 0
[pid  5827] close(3)                    = 0
[pid  5827] rmdir("./1")                = 0
[pid  5827] mkdir("./2", 0777)          = 0
[pid  5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5827] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5827] close(3 <unfinished ...>
[pid  5845] <... write resumed>)        = 16777216
[pid  5845] munmap(0x7f1b27200000, 138412032) = 0
[pid  5845] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4
[pid  5845] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5845] close(3)                    = 0
[pid  5845] close(4)                    = 0
[pid  5845] mkdir("./bus", 0777)        = 0
[pid  5845] mount("/dev/loop2", "./bus", "jfs", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME|MS_POSIXACL|MS_LAZYTIME, "") = 0
[   65.759881][ T5845] loop2: detected capacity change from 0 to 32768
[pid  5845] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY <unfinished ...>
[pid  5849] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 <unfinished ...>
[pid  5845] <... openat resumed>)       = 3
[pid  5845] chdir("./bus")              = 0
[pid  5845] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5845] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid  5845] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid  5845] ftruncate(4, 49530)         = 0
[pid  5845] memfd_create("syzkaller", 0) = 5
[pid  5845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b27200000
[pid  5830] <... umount2 resumed>)      = 0
[pid  5827] <... close resumed>)        = 0
[pid  5830] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5850 attached
 <unfinished ...>
[pid  5847] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 <unfinished ...>
[pid  5830] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5850] set_robust_list(0x555563b56660, 24 <unfinished ...>
[pid  5830] newfstatat(AT_FDCWD, "./1/bus",  <unfinished ...>
[pid  5827] <... clone resumed>, child_tidptr=0x555563b56650) = 5850
[pid  5850] <... set_robust_list resumed>) = 0
[pid  5850] chdir("./2" <unfinished ...>
[pid  5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5850] <... chdir resumed>)        = 0
[pid  5850] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5830] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5850] <... prctl resumed>)        = 0
[pid  5830] <... umount2 resumed>)      = -1 EINVAL (Invalid argument)
[pid  5830] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY <unfinished ...>
[pid  5850] setpgid(0, 0)               = 0
[pid  5830] <... openat resumed>)       = 4
[pid  5850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5830] newfstatat(4, "",  <unfinished ...>
[pid  5850] <... openat resumed>)       = 3
[pid  5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5850] write(3, "1000", 4 <unfinished ...>
[pid  5830] getdents64(4,  <unfinished ...>
[pid  5850] <... write resumed>)        = 4
[pid  5830] <... getdents64 resumed>0x555563b5f730 /* 2 entries */, 32768) = 48
[pid  5850] close(3)                    = 0
[pid  5850] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5850] write(1, "executing program\n", 18) = 18
[pid  5850] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5830] getdents64(4,  <unfinished ...>
[pid  5850] <... memfd_create resumed>) = 3
[pid  5830] <... getdents64 resumed>0x555563b5f730 /* 0 entries */, 32768) = 0
[pid  5850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5830] close(4 <unfinished ...>
[pid  5850] <... mmap resumed>)         = 0x7f1b27200000
[pid  5830] <... close resumed>)        = 0
[pid  5830] rmdir("./1/bus")            = 0
[pid  5830] getdents64(3, 0x555563b576f0 /* 0 entries */, 32768) = 0
[pid  5830] close(3)                    = 0
[pid  5830] rmdir("./1")                = 0
[pid  5830] mkdir("./2", 0777)          = 0
[pid  5830] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3
[pid  5830] ioctl(3, LOOP_CLR_FD)       = 0
[pid  5830] close(3 <unfinished ...>
[pid  5849] <... write resumed>)        = 16777216
[pid  5849] munmap(0x7f1b27200000, 138412032 <unfinished ...>
[pid  5845] write(5, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 <unfinished ...>
[pid  5849] <... munmap resumed>)       = 0
[pid  5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR <unfinished ...>
[pid  5847] <... write resumed>)        = 16777216
[pid  5847] munmap(0x7f1b27200000, 138412032 <unfinished ...>
[pid  5849] <... openat resumed>)       = 4
[pid  5849] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5830] <... close resumed>)        = 0
[pid  5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5851 attached
 <unfinished ...>
[pid  5849] close(3 <unfinished ...>
[pid  5847] <... munmap resumed>)       = 0
[pid  5849] <... close resumed>)        = 0
[pid  5847] openat(AT_FDCWD, "/dev/loop4", O_RDWR <unfinished ...>
[pid  5849] close(4)                    = 0
[pid  5847] <... openat resumed>)       = 4
[pid  5830] <... clone resumed>, child_tidptr=0x555563b56650) = 5851
[pid  5849] mkdir("./bus", 0777)        = 0
[pid  5849] mount("/dev/loop1", "./bus", "jfs", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME|MS_POSIXACL|MS_LAZYTIME, "") = 0
[pid  5849] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5849] chdir("./bus")              = 0
[pid  5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5849] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 <unfinished ...>
[pid  5851] set_robust_list(0x555563b56660, 24 <unfinished ...>
[pid  5849] <... openat resumed>)       = 4
[pid  5847] ioctl(4, LOOP_SET_FD, 3 <unfinished ...>
[   66.228949][ T5849] loop1: detected capacity change from 0 to 32768
[pid  5849] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid  5849] ftruncate(4, 49530)         = 0
[pid  5849] memfd_create("syzkaller", 0) = 5
[pid  5849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b27200000
[pid  5851] <... set_robust_list resumed>) = 0
[pid  5850] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 <unfinished ...>
[pid  5851] chdir("./2")                = 0
[pid  5851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5851] setpgid(0, 0)               = 0
[pid  5851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5851] write(3, "1000", 4)         = 4
[pid  5851] close(3)                    = 0
[pid  5847] <... ioctl resumed>)        = 0
[pid  5851] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid  5847] close(3 <unfinished ...>
[pid  5851] <... symlink resumed>)      = 0
[pid  5847] <... close resumed>)        = 0
[pid  5851] write(1, "executing program\n", 18executing program
 <unfinished ...>
[pid  5847] close(4 <unfinished ...>
[pid  5851] <... write resumed>)        = 18
[pid  5847] <... close resumed>)        = 0
[pid  5851] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5847] mkdir("./bus", 0777)        = 0
[pid  5851] <... memfd_create resumed>) = 3
[pid  5851] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  5847] mount("/dev/loop4", "./bus", "jfs", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME|MS_POSIXACL|MS_LAZYTIME, "" <unfinished ...>
[pid  5851] <... mmap resumed>)         = 0x7f1b27200000
[   66.269344][ T5847] loop4: detected capacity change from 0 to 32768
[pid  5847] <... mount resumed>)        = 0
[pid  5847] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5847] chdir("./bus")              = 0
[pid  5847] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5847] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid  5847] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid  5847] ftruncate(4, 49530)         = 0
[pid  5847] memfd_create("syzkaller", 0) = 5
[pid  5847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b27200000
[pid  5845] <... write resumed>)        = 16777216
[pid  5845] munmap(0x7f1b27200000, 138412032) = 0
[pid  5845] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5845] close(5 <unfinished ...>
[pid  5849] write(5, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 <unfinished ...>
[pid  5850] <... write resumed>)        = 16777216
[pid  5850] munmap(0x7f1b27200000, 138412032) = 0
[pid  5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5850] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5850] close(3)                    = 0
[pid  5851] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 <unfinished ...>
[pid  5847] write(5, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 <unfinished ...>
[pid  5850] close(4)                    = 0
[pid  5850] mkdir("./bus", 0777)        = 0
[pid  5845] <... close resumed>)        = 0
[   66.690708][ T5850] loop0: detected capacity change from 0 to 32768
[pid  5845] exit_group(0)               = ?
[pid  5845] +++ exited with 0 +++
[pid  5850] mount("/dev/loop0", "./bus", "jfs", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME|MS_POSIXACL|MS_LAZYTIME, "" <unfinished ...>
[pid  5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5845, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=50 /* 0.50 s */} ---
[pid  5829] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5829] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5829] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5829] getdents64(3, 0x555563b576f0 /* 4 entries */, 32768) = 104
[pid  5829] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5829] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5829] unlink("./2/binderfs")      = 0
[pid  5829] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW <unfinished ...>
[pid  5850] <... mount resumed>)        = 0
[pid  5850] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid  5850] chdir("./bus")              = 0
[pid  5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5850] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[   66.776536][ T3468] ERROR: (device loop2): dbAlloc: the hint is outside the map
[   66.776536][ T3468] 
[pid  5850] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000
[pid  5850] ftruncate(4, 49530)         = 0
[pid  5850] memfd_create("syzkaller", 0) = 5
[pid  5850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1b27200000
[   66.817585][ T3468] ERROR: (device loop2): remounting filesystem as read-only
[   66.837237][ T3468] ERROR: (device loop2): dbAlloc: the hint is outside the map
[   66.837237][ T3468] 
[   66.867985][  T113] blkno = 5002c, nblocks = 1
[   66.872619][  T113] ERROR: (device loop2): dbUpdatePMap: blocks are outside the map
[   66.872619][  T113] 
[   66.883723][   T52] ERROR: (device loop2): dbAlloc: the hint is outside the map
[   66.883723][   T52] 
[   66.903876][   T52] ERROR: (device loop2): dbAlloc: the hint is outside the map
[   66.903876][   T52] 
[   66.914220][  T113] blkno = 5002d, nblocks = 1
[   66.919266][  T113] ERROR: (device loop2): dbUpdatePMap: blocks are outside the map
[   66.919266][  T113] 
[   66.941258][  T112] blkno = 5002e, nblocks = 1
[   66.945885][  T112] ERROR: (device loop2): dbUpdatePMap: blocks are outside the map
[   66.945885][  T112] 
[   66.966601][  T112] blkno = 5002f, nblocks = 1
[   66.971806][  T112] ERROR: (device loop2): dbUpdatePMap: blocks are outside the map
[   66.971806][  T112] 
[   66.998588][  T112] ==================================================================
[   67.006676][  T112] BUG: KASAN: slab-use-after-free in jfs_lazycommit+0x7e0/0xb80
[   67.014342][  T112] Read of size 4 at addr ffff88801cad5c94 by task jfsCommit/112
[   67.021983][  T112] 
[   67.024335][  T112] CPU: 1 UID: 0 PID: 112 Comm: jfsCommit Not tainted 6.12.0-rc5-syzkaller-00181-g6c52d4da1c74 #0
[   67.034846][  T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   67.044922][  T112] Call Trace:
[   67.048208][  T112]  <TASK>
[   67.051145][  T112]  dump_stack_lvl+0x241/0x360
[   67.055849][  T112]  ? __pfx_dump_stack_lvl+0x10/0x10
[   67.061059][  T112]  ? __pfx__printk+0x10/0x10
[   67.065663][  T112]  ? _printk+0xd5/0x120
[   67.069834][  T112]  ? __virt_addr_valid+0x183/0x530
[   67.074958][  T112]  ? __virt_addr_valid+0x183/0x530
[   67.080080][  T112]  print_report+0x169/0x550
[   67.084601][  T112]  ? __virt_addr_valid+0x183/0x530
[   67.089720][  T112]  ? __virt_addr_valid+0x183/0x530
[   67.094843][  T112]  ? __virt_addr_valid+0x45f/0x530
[   67.099965][  T112]  ? __phys_addr+0xba/0x170
[   67.104474][  T112]  ? jfs_lazycommit+0x7e0/0xb80
[   67.109335][  T112]  kasan_report+0x143/0x180
[   67.113849][  T112]  ? _raw_spin_lock_irqsave+0xe1/0x120
[   67.119322][  T112]  ? jfs_lazycommit+0x7e0/0xb80
[   67.124187][  T112]  jfs_lazycommit+0x7e0/0xb80
[   67.128875][  T112]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   67.134781][  T112]  ? lockdep_hardirqs_on+0x99/0x150
[   67.139997][  T112]  ? __pfx_jfs_lazycommit+0x10/0x10
[   67.145205][  T112]  ? __pfx_default_wake_function+0x10/0x10
[   67.151021][  T112]  ? __kthread_parkme+0x169/0x1d0
[   67.156060][  T112]  ? __pfx_jfs_lazycommit+0x10/0x10
[   67.161269][  T112]  kthread+0x2f0/0x390
[   67.165348][  T112]  ? __pfx_jfs_lazycommit+0x10/0x10
[   67.170553][  T112]  ? __pfx_kthread+0x10/0x10
[   67.175147][  T112]  ret_from_fork+0x4b/0x80
[   67.179577][  T112]  ? __pfx_kthread+0x10/0x10
[   67.184174][  T112]  ret_from_fork_asm+0x1a/0x30
[   67.188956][  T112]  </TASK>
[   67.191976][  T112] 
[   67.194311][  T112] Allocated by task 5845:
[   67.198638][  T112]  kasan_save_track+0x3f/0x80
[   67.203326][  T112]  __kasan_kmalloc+0x98/0xb0
[   67.207925][  T112]  __kmalloc_cache_noprof+0x19c/0x2c0
[   67.213305][  T112]  jfs_fill_super+0xff/0xc50
[pid  5849] <... write resumed>)        = 16777216
[pid  5829] <... umount2 resumed>)      = 0
[pid  5849] munmap(0x7f1b27200000, 138412032) = 0
[pid  5849] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5849] close(5 <unfinished ...>
[pid  5847] <... write resumed>)        = 16777216
[pid  5847] munmap(0x7f1b27200000, 138412032) = 0
[pid  5847] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid  5847] close(5 <unfinished ...>
[pid  5850] write(5, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216 <unfinished ...>
[pid  5849] <... close resumed>)        = 0
[pid  5829] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5829] newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5829] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5829] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[pid  5829] getdents64(4, 0x555563b5f730 /* 2 entries */, 32768) = 48
[pid  5829] getdents64(4, 0x555563b5f730 /* 0 entries */, 32768) = 0
[pid  5829] close(4)                    = 0
[pid  5829] rmdir("./2/bus")            = 0
[pid  5829] getdents64(3, 0x555563b576f0 /* 0 entries */, 32768) = 0
[pid  5829] close(3)                    = 0
[pid  5829] rmdir("./2")                = 0
[pid  5829] mkdir("./3", 0777)          = 0
[pid  5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3
[pid  5829] ioctl(3, LOOP_CLR_FD)       = 0
[   67.217904][  T112]  mount_bdev+0x20a/0x2d0
[   67.222245][  T112]  legacy_get_tree+0xee/0x190
[   67.226936][  T112]  vfs_get_tree+0x90/0x2b0
[   67.231366][  T112]  do_new_mount+0x2be/0xb40
[   67.235890][  T112]  __se_sys_mount+0x2d6/0x3c0
[   67.240584][  T112]  do_syscall_64+0xf3/0x230
[   67.245102][  T112]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.251017][  T112] 
[   67.253343][  T112] Freed by task 5829:
[   67.257328][  T112]  kasan_save_track+0x3f/0x80
[   67.262024][  T112]  kasan_save_free_info+0x40/0x50
[   67.267063][  T112]  __kasan_slab_free+0x59/0x70
[   67.271842][  T112]  kfree+0x1a0/0x440
[   67.275756][  T112]  generic_shutdown_super+0x139/0x2d0
[   67.281161][  T112]  kill_block_super+0x44/0x90
[   67.285852][  T112]  deactivate_locked_super+0xc4/0x130
[   67.291234][  T112]  cleanup_mnt+0x41f/0x4b0
[   67.295658][  T112]  task_work_run+0x24f/0x310
[   67.300255][  T112]  ptrace_notify+0x2d2/0x380
[   67.304857][  T112]  syscall_exit_work+0xc6/0x190
[   67.309722][  T112]  syscall_exit_to_user_mode+0x279/0x370
[   67.315368][  T112]  do_syscall_64+0x100/0x230
[   67.319975][  T112]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.325884][  T112] 
[   67.328217][  T112] The buggy address belongs to the object at ffff88801cad5c00
[   67.328217][  T112]  which belongs to the cache kmalloc-256 of size 256
[   67.342281][  T112] The buggy address is located 148 bytes inside of
[   67.342281][  T112]  freed 256-byte region [ffff88801cad5c00, ffff88801cad5d00)
[   67.356092][  T112] 
[   67.358427][  T112] The buggy address belongs to the physical page:
[   67.364868][  T112] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1cad4
[   67.373653][  T112] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   67.382165][  T112] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   67.389742][  T112] page_type: f5(slab)
[   67.393741][  T112] raw: 00fff00000000040 ffff88801ac41b40 ffffea0000957800 dead000000000002
[   67.402337][  T112] raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
[   67.410934][  T112] head: 00fff00000000040 ffff88801ac41b40 ffffea0000957800 dead000000000002
[   67.419612][  T112] head: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000
[   67.428305][  T112] head: 00fff00000000001 ffffea000072b501 ffffffffffffffff 0000000000000000
[   67.436986][  T112] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000
[   67.445663][  T112] page dumped because: kasan: bad access detected
[   67.452088][  T112] page_owner tracks the page as allocated
[   67.457797][  T112] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 6043747517, free_ts 0
[   67.477411][  T112]  post_alloc_hook+0x1f3/0x230
[   67.482172][  T112]  get_page_from_freelist+0x3033/0x3180
[   67.487717][  T112]  __alloc_pages_noprof+0x292/0x710
[   67.492908][  T112]  alloc_pages_mpol_noprof+0x3e8/0x680
[   67.498360][  T112]  alloc_slab_page+0x6a/0x120
[   67.503030][  T112]  allocate_slab+0x5a/0x2f0
[   67.507533][  T112]  ___slab_alloc+0xcd1/0x14b0
[   67.512214][  T112]  __slab_alloc+0x58/0xa0
[   67.516543][  T112]  __kmalloc_cache_noprof+0x1d5/0x2c0
[   67.521909][  T112]  bus_add_driver+0x163/0x670
[   67.526585][  T112]  driver_register+0x23a/0x320
[   67.531347][  T112]  do_one_initcall+0x248/0x880
[   67.536120][  T112]  do_initcall_level+0x157/0x210
[   67.541058][  T112]  do_initcalls+0x3f/0x80
[   67.545383][  T112]  kernel_init_freeable+0x435/0x5d0
[   67.550580][  T112]  kernel_init+0x1d/0x2b0
[   67.554908][  T112] page_owner free stack trace missing
[   67.560290][  T112] 
[   67.562605][  T112] Memory state around the buggy address:
[   67.568225][  T112]  ffff88801cad5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   67.576274][  T112]  ffff88801cad5c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   67.584328][  T112] >ffff88801cad5c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   67.592378][  T112]                          ^
[   67.596959][  T112]  ffff88801cad5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   67.605009][  T112]  ffff88801cad5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   67.613055][  T112] ==================================================================
[   67.621110][  T112] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   67.628291][  T112] CPU: 1 UID: 0 PID: 112 Comm: jfsCommit Not tainted 6.12.0-rc5-syzkaller-00181-g6c52d4da1c74 #0
[   67.638778][  T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   67.648824][  T112] Call Trace:
[   67.652097][  T112]  <TASK>
[   67.655019][  T112]  dump_stack_lvl+0x241/0x360
[   67.659698][  T112]  ? __pfx_dump_stack_lvl+0x10/0x10
[   67.664889][  T112]  ? __pfx__printk+0x10/0x10
[   67.669469][  T112]  ? rcu_is_watching+0x15/0xb0
[   67.674224][  T112]  ? lock_release+0xbf/0xa30
[   67.678811][  T112]  ? vscnprintf+0x5d/0x90
[   67.683133][  T112]  panic+0x349/0x880
[   67.687021][  T112]  ? check_panic_on_warn+0x21/0xb0
[   67.692122][  T112]  ? __pfx_panic+0x10/0x10
[   67.696526][  T112]  ? do_raw_spin_unlock+0x13c/0x8b0
[   67.701729][  T112]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   67.707617][  T112]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   67.713939][  T112]  ? print_report+0x502/0x550
[   67.718615][  T112]  check_panic_on_warn+0x86/0xb0
[   67.723546][  T112]  ? jfs_lazycommit+0x7e0/0xb80
[   67.728390][  T112]  end_report+0x77/0x160
[   67.732628][  T112]  kasan_report+0x154/0x180
[   67.737126][  T112]  ? _raw_spin_lock_irqsave+0xe1/0x120
[   67.742580][  T112]  ? jfs_lazycommit+0x7e0/0xb80
[   67.747423][  T112]  jfs_lazycommit+0x7e0/0xb80
[   67.752091][  T112]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   67.757977][  T112]  ? lockdep_hardirqs_on+0x99/0x150
[   67.763169][  T112]  ? __pfx_jfs_lazycommit+0x10/0x10
[   67.768357][  T112]  ? __pfx_default_wake_function+0x10/0x10
[   67.774159][  T112]  ? __kthread_parkme+0x169/0x1d0
[   67.779177][  T112]  ? __pfx_jfs_lazycommit+0x10/0x10
[   67.784375][  T112]  kthread+0x2f0/0x390
[   67.788433][  T112]  ? __pfx_jfs_lazycommit+0x10/0x10
[   67.793624][  T112]  ? __pfx_kthread+0x10/0x10
[   67.798203][  T112]  ret_from_fork+0x4b/0x80
[   67.802614][  T112]  ? __pfx_kthread+0x10/0x10
[   67.807192][  T112]  ret_from_fork_asm+0x1a/0x30
[   67.811953][  T112]  </TASK>
[   67.815096][  T112] Kernel Offset: disabled
[   67.819408][  T112] Rebooting in 86400 seconds..