./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2616212465 <...> [ 3.785348][ T99] udevd[99]: starting version 3.2.11 [ 3.814043][ T100] udevd[100]: starting eudev-3.2.11 [ 3.816624][ T99] udevd (99) used greatest stack depth: 22288 bytes left [ 7.465973][ T107] udevd (107) used greatest stack depth: 21552 bytes left [ 15.428290][ T30] kauditd_printk_skb: 50 callbacks suppressed [ 15.428302][ T30] audit: type=1400 audit(1684919440.264:61): avc: denied { transition } for pid=241 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.434383][ T30] audit: type=1400 audit(1684919440.274:62): avc: denied { noatsecure } for pid=241 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.439677][ T30] audit: type=1400 audit(1684919440.274:63): avc: denied { write } for pid=241 comm="sh" path="pipe:[267]" dev="pipefs" ino=267 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 15.446544][ T30] audit: type=1400 audit(1684919440.274:64): avc: denied { rlimitinh } for pid=241 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.461103][ T30] audit: type=1400 audit(1684919440.274:65): avc: denied { siginh } for pid=241 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.241' (ECDSA) to the list of known hosts. execve("./syz-executor2616212465", ["./syz-executor2616212465"], 0x7ffe792054c0 /* 10 vars */) = 0 brk(NULL) = 0x55555589e000 brk(0x55555589ec40) = 0x55555589ec40 arch_prctl(ARCH_SET_FS, 0x55555589e300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x55555589e5d0) = 297 set_robust_list(0x55555589e5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f3c0cb4a520, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f3c0cb4abf0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f3c0cb4a5c0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3c0cb4abf0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2616212465", 4096) = 28 brk(0x5555558bfc40) = 0x5555558bfc40 brk(0x5555558c0000) = 0x5555558c0000 mprotect(0x7f3c0cc0c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555589e5d0) = 298 ./strace-static-x86_64: Process 298 attached [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] set_robust_list(0x55555589e5e0, 24./strace-static-x86_64: Process 299 attached [pid 297] <... clone resumed>, child_tidptr=0x55555589e5d0) = 299 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] set_robust_list(0x55555589e5e0, 24 [pid 298] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 300 attached [pid 297] <... clone resumed>, child_tidptr=0x55555589e5d0) = 300 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] set_robust_list(0x55555589e5e0, 24 [pid 299] <... set_robust_list resumed>) = 0 [pid 298] getpid(./strace-static-x86_64: Process 301 attached [pid 299] getpid( [pid 298] <... getpid resumed>) = 298 [pid 297] <... clone resumed>, child_tidptr=0x55555589e5d0) = 301 [pid 298] mkdir("./syzkaller.iUXvEJ", 0700 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] set_robust_list(0x55555589e5e0, 24 [pid 300] <... set_robust_list resumed>) = 0 [pid 299] <... getpid resumed>) = 299 [pid 298] <... mkdir resumed>) = 0 [pid 298] chmod("./syzkaller.iUXvEJ", 0777) = 0 [pid 298] chdir("./syzkaller.iUXvEJ") = 0 [pid 298] mkdir("./0", 0777 [pid 297] <... clone resumed>, child_tidptr=0x55555589e5d0) = 302 [pid 298] <... mkdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 302 attached [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] <... set_robust_list resumed>) = 0 [pid 300] getpid( [pid 299] mkdir("./syzkaller.RmIcRO", 0700 [pid 298] <... openat resumed>) = 3 [pid 302] set_robust_list(0x55555589e5e0, 24 [pid 301] getpid( [pid 300] <... getpid resumed>) = 300 [pid 299] <... mkdir resumed>) = 0 [pid 297] <... clone resumed>, child_tidptr=0x55555589e5d0) = 303 [pid 302] <... set_robust_list resumed>) = 0 [pid 301] <... getpid resumed>) = 301 [pid 300] mkdir("./syzkaller.HeKiwU", 0700 [pid 298] ioctl(3, LOOP_CLR_FD [pid 302] getpid( [pid 301] mkdir("./syzkaller.xspvsY", 0700 [pid 300] <... mkdir resumed>) = 0 [pid 299] chmod("./syzkaller.RmIcRO", 0777 [pid 302] <... getpid resumed>) = 302 [pid 301] <... mkdir resumed>) = 0 [pid 300] chmod("./syzkaller.HeKiwU", 0777 [pid 299] <... chmod resumed>) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 302] mkdir("./syzkaller.XlkTr1", 0700 [pid 301] chmod("./syzkaller.xspvsY", 0777 [pid 300] <... chmod resumed>) = 0 [pid 299] chdir("./syzkaller.RmIcRO" [pid 302] <... mkdir resumed>) = 0 [pid 301] <... chmod resumed>) = 0 [pid 300] chdir("./syzkaller.HeKiwU" [pid 299] <... chdir resumed>) = 0 [pid 298] close(3 [pid 302] chmod("./syzkaller.XlkTr1", 0777 [pid 301] chdir("./syzkaller.xspvsY" [pid 300] <... chdir resumed>) = 0 [pid 299] mkdir("./0", 0777 [pid 302] <... chmod resumed>) = 0 [pid 301] <... chdir resumed>) = 0 [pid 300] mkdir("./0", 0777 [pid 299] <... mkdir resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 302] chdir("./syzkaller.XlkTr1" [pid 301] mkdir("./0", 0777 [pid 300] <... mkdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 302] <... chdir resumed>) = 0 [pid 301] <... mkdir resumed>) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 299] <... openat resumed>) = 3 [ 25.154004][ T30] audit: type=1400 audit(1684919449.994:66): avc: denied { execmem } for pid=297 comm="syz-executor261" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 25.178771][ T30] audit: type=1400 audit(1684919450.014:67): avc: denied { read write } for pid=298 comm="syz-executor261" name="loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 302] mkdir("./0", 0777 [pid 301] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 300] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 303 attached [pid 302] <... mkdir resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 303] set_robust_list(0x55555589e5e0, 24) = 0 [pid 303] getpid() = 303 [pid 303] mkdir("./syzkaller.ocl8L5", 0700) = 0 [pid 303] chmod("./syzkaller.ocl8L5", 0777) = 0 [pid 303] chdir("./syzkaller.ocl8L5") = 0 [pid 303] mkdir("./0", 0777) = 0 [pid 303] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 303] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 303] close(3) = 0 [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555589e5d0) = 307 ./strace-static-x86_64: Process 304 attached [pid 304] set_robust_list(0x55555589e5e0, 24) = 0 [pid 304] chdir("./0") = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 304] setpgid(0, 0) = 0 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 300] ioctl(3, LOOP_CLR_FD [pid 302] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 301] ioctl(3, LOOP_CLR_FD [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] <... clone resumed>, child_tidptr=0x55555589e5d0) = 304 [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 302] <... openat resumed>) = 3 [pid 301] close(3 [pid 300] close(3 [pid 299] close(3./strace-static-x86_64: Process 307 attached [pid 302] ioctl(3, LOOP_CLR_FD [pid 301] <... close resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 307] set_robust_list(0x55555589e5e0, 24 [pid 302] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 307] <... set_robust_list resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 302] close(3 [pid 304] <... openat resumed>) = 3 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3) = 0 [pid 304] symlink("/dev/binderfs", "./binderfs") = 0 [pid 304] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c0cb19000 [pid 304] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 304] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[308], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 308 [pid 304] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 308 attached [pid 308] set_robust_list(0x7f3c0cb399e0, 24) = 0 [pid 308] memfd_create("syzkaller", 0) = 3 [pid 308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 [pid 308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 308] munmap(0x7f3c04719000, 262144) = 0 [pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 25.203211][ T30] audit: type=1400 audit(1684919450.014:68): avc: denied { open } for pid=298 comm="syz-executor261" path="/dev/loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 25.228319][ T30] audit: type=1400 audit(1684919450.024:69): avc: denied { ioctl } for pid=298 comm="syz-executor261" path="/dev/loop0" dev="devtmpfs" ino=112 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 308] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 311 attached [pid 307] chdir("./0" [pid 302] <... close resumed>) = 0 [pid 311] set_robust_list(0x55555589e5e0, 24 [pid 307] <... chdir resumed>) = 0 [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] <... clone resumed>, child_tidptr=0x55555589e5d0) = 311 [pid 311] <... set_robust_list resumed>) = 0 [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] <... clone resumed>, child_tidptr=0x55555589e5d0) = 309 [pid 299] <... clone resumed>, child_tidptr=0x55555589e5d0) = 310 [pid 311] chdir("./0" [pid 307] <... prctl resumed>) = 0 [pid 311] <... chdir resumed>) = 0 [pid 307] setpgid(0, 0 [pid 302] <... clone resumed>, child_tidptr=0x55555589e5d0) = 312 [pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 307] <... setpgid resumed>) = 0 [pid 311] <... prctl resumed>) = 0 [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 311] setpgid(0, 0) = 0 [pid 307] <... openat resumed>) = 3 [pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 307] write(3, "1000", 4 [pid 311] <... openat resumed>) = 3 [pid 307] <... write resumed>) = 4 [pid 311] write(3, "1000", 4 [pid 307] close(3 [pid 311] <... write resumed>) = 4 [pid 307] <... close resumed>) = 0 [pid 311] close(3 [pid 307] symlink("/dev/binderfs", "./binderfs" [pid 311] <... close resumed>) = 0 [pid 307] <... symlink resumed>) = 0 [pid 311] symlink("/dev/binderfs", "./binderfs" [pid 307] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... symlink resumed>) = 0 [pid 307] <... futex resumed>) = 0 [pid 311] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 307] <... mmap resumed>) = 0x7f3c0cb19000 [pid 311] <... mmap resumed>) = 0x7f3c0cb19000 [pid 307] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE [pid 311] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE [pid 307] <... mprotect resumed>) = 0 [pid 311] <... mprotect resumed>) = 0 [pid 307] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 311] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 309 attached ./strace-static-x86_64: Process 312 attached [pid 307] <... clone resumed>, parent_tid=[315], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 315 [pid 311] <... clone resumed>, parent_tid=[316], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 316 [pid 307] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] <... futex resumed>) = 0 [pid 311] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 307] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 312] set_robust_list(0x55555589e5e0, 24 [pid 309] set_robust_list(0x55555589e5e0, 24 [pid 312] <... set_robust_list resumed>) = 0 [pid 312] chdir("./0" [pid 309] <... set_robust_list resumed>) = 0 [pid 309] chdir("./0" [pid 312] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 310 attached [pid 309] <... chdir resumed>) = 0 [pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 316 attached [pid 316] set_robust_list(0x7f3c0cb399e0, 24) = 0 [pid 316] memfd_create("syzkaller", 0) = 3 [pid 310] set_robust_list(0x55555589e5e0, 24 [pid 312] <... prctl resumed>) = 0 [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 315 attached [pid 316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 [pid 315] set_robust_list(0x7f3c0cb399e0, 24 [pid 312] setpgid(0, 0 [pid 309] setpgid(0, 0 [pid 312] <... setpgid resumed>) = 0 [pid 309] <... setpgid resumed>) = 0 [pid 310] <... set_robust_list resumed>) = 0 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 315] <... set_robust_list resumed>) = 0 [pid 310] chdir("./0" [pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 315] memfd_create("syzkaller", 0) = 3 [pid 310] <... chdir resumed>) = 0 [pid 315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 [pid 309] <... openat resumed>) = 3 [pid 310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 310] setpgid(0, 0 [pid 312] <... openat resumed>) = 3 [pid 310] <... setpgid resumed>) = 0 [pid 310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 312] write(3, "1000", 4 [pid 309] write(3, "1000", 4 [pid 316] <... write resumed>) = 262144 [pid 312] <... write resumed>) = 4 [pid 310] <... openat resumed>) = 3 [pid 309] <... write resumed>) = 4 [pid 312] close(3 [pid 310] write(3, "1000", 4 [pid 309] close(3 [pid 316] munmap(0x7f3c04719000, 262144 [pid 315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 316] <... munmap resumed>) = 0 [pid 312] <... close resumed>) = 0 [pid 310] <... write resumed>) = 4 [pid 309] <... close resumed>) = 0 [pid 316] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 312] symlink("/dev/binderfs", "./binderfs" [pid 310] close(3 [pid 312] <... symlink resumed>) = 0 [pid 310] <... close resumed>) = 0 [pid 309] symlink("/dev/binderfs", "./binderfs" [pid 316] <... openat resumed>) = 4 [pid 315] <... write resumed>) = 262144 [pid 312] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] symlink("/dev/binderfs", "./binderfs" [pid 309] <... symlink resumed>) = 0 [pid 308] <... ioctl resumed>) = 0 [pid 316] ioctl(4, LOOP_SET_FD, 3 [pid 315] munmap(0x7f3c04719000, 262144 [pid 312] <... futex resumed>) = 0 [pid 310] <... symlink resumed>) = 0 [pid 309] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] close(3 [pid 312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 310] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = 0 [pid 312] <... mmap resumed>) = 0x7f3c0cb19000 [pid 310] <... futex resumed>) = 0 [pid 309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 312] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE [pid 310] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 309] <... mmap resumed>) = 0x7f3c0cb19000 [pid 312] <... mprotect resumed>) = 0 [pid 310] <... mmap resumed>) = 0x7f3c0cb19000 [pid 309] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE [pid 312] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 310] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE [pid 309] <... mprotect resumed>) = 0 [pid 310] <... mprotect resumed>) = 0 [pid 309] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 312] <... clone resumed>, parent_tid=[317], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 317 [pid 310] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 312] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... clone resumed>, parent_tid=[318], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 318 [pid 312] <... futex resumed>) = 0 [pid 310] <... clone resumed>, parent_tid=[319], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 319 [pid 309] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 310] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = 0 [pid 310] <... futex resumed>) = 0 [pid 309] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 310] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 318 attached [pid 318] set_robust_list(0x7f3c0cb399e0, 24) = 0 [pid 318] memfd_create("syzkaller", 0) = 3 [pid 318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 [pid 315] <... munmap resumed>) = 0 [pid 315] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 308] <... close resumed>) = 0 [pid 315] <... openat resumed>) = 4 [pid 308] mkdir("./file0", 0777 [pid 315] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 319 attached [pid 319] set_robust_list(0x7f3c0cb399e0, 24) = 0 [pid 319] memfd_create("syzkaller", 0) = 3 [pid 319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 ./strace-static-x86_64: Process 317 attached [pid 317] set_robust_list(0x7f3c0cb399e0, 24) = 0 [pid 317] memfd_create("syzkaller", 0) = 3 [pid 317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 [pid 318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 317] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 308] <... mkdir resumed>) = 0 [pid 316] <... ioctl resumed>) = 0 [pid 308] mount("/dev/loop0", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 318] <... write resumed>) = 262144 [ 25.252553][ T308] loop0: detected capacity change from 0 to 512 [ 25.285988][ T316] loop3: detected capacity change from 0 to 512 [ 25.293690][ T315] loop5: detected capacity change from 0 to 512 [pid 318] munmap(0x7f3c04719000, 262144) = 0 [pid 318] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 318] ioctl(4, LOOP_SET_FD, 3 [pid 319] <... write resumed>) = 262144 [pid 317] <... write resumed>) = 262144 [pid 316] close(3) = 0 [pid 316] mkdir("./file0", 0777 [pid 319] munmap(0x7f3c04719000, 262144 [pid 318] <... ioctl resumed>) = 0 [pid 317] munmap(0x7f3c04719000, 262144 [pid 316] <... mkdir resumed>) = 0 [pid 315] <... ioctl resumed>) = 0 [pid 319] <... munmap resumed>) = 0 [pid 317] <... munmap resumed>) = 0 [pid 316] mount("/dev/loop3", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 315] close(3 [pid 319] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 318] close(3 [pid 317] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 319] <... openat resumed>) = 4 [pid 318] <... close resumed>) = 0 [pid 317] <... openat resumed>) = 4 [pid 315] <... close resumed>) = 0 [pid 319] ioctl(4, LOOP_SET_FD, 3 [pid 318] mkdir("./file0", 0777 [pid 317] ioctl(4, LOOP_SET_FD, 3 [pid 315] mkdir("./file0", 0777 [pid 318] <... mkdir resumed>) = 0 [pid 318] mount("/dev/loop2", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 319] <... ioctl resumed>) = 0 [pid 315] <... mkdir resumed>) = 0 [pid 315] mount("/dev/loop5", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 319] close(3) = 0 [pid 319] mkdir("./file0", 0777) = 0 [pid 317] <... ioctl resumed>) = 0 [pid 317] close(3 [pid 319] mount("/dev/loop1", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 317] <... close resumed>) = 0 [pid 317] mkdir("./file0", 0777) = 0 [ 25.302954][ T30] audit: type=1400 audit(1684919450.144:70): avc: denied { mounton } for pid=304 comm="syz-executor261" path="/root/syzkaller.iUXvEJ/0/file0" dev="sda1" ino=1945 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 25.306801][ T318] loop2: detected capacity change from 0 to 512 [ 25.338478][ T319] loop1: detected capacity change from 0 to 512 [ 25.340042][ T317] loop4: detected capacity change from 0 to 512 [ 25.353643][ T308] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 25.355898][ T316] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 25.369934][ T316] System zones: 0-2, 18-18, 34-34 [ 25.370872][ T308] System zones: 0-2, 18-18, 34-34 [ 25.376130][ T315] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 25.381688][ T318] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 25.388860][ T315] System zones: 0-2, 18-18, 34-34 [ 25.397024][ T316] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 25.402102][ T318] System zones: 0-2, 18-18, 34-34 [ 25.416031][ T317] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 25.422750][ T308] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 25.427933][ T317] System zones: 0-2, 18-18, 34-34 [ 25.441920][ T315] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 25.448043][ T317] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 25.461507][ T316] Quota error (device loop3): write_blk: dquota write failed [ 25.474665][ T319] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 25.481719][ T315] Quota error (device loop5): write_blk: dquota write failed [ 25.489734][ T308] Quota error (device loop0): write_blk: dquota write failed [ 25.496627][ T315] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 25.504430][ T318] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 25.527546][ T319] System zones: 0-2, 18-18, 34-34 [ 25.527883][ T317] Quota error (device loop4): write_blk: dquota write failed [ 25.541070][ T308] EXT4-fs (loop0): 1 truncate cleaned up [ 25.541421][ T315] EXT4-fs (loop5): 1 truncate cleaned up [ 25.546533][ T308] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 25.553314][ T318] EXT4-fs (loop2): 1 truncate cleaned up [ 25.562881][ T319] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 25.569134][ T317] EXT4-fs (loop4): 1 truncate cleaned up [ 25.582615][ T308] ext4 filesystem being mounted at /root/syzkaller.iUXvEJ/0/file0 supports timestamps until 2038 (0x7fffffff) [pid 317] mount("/dev/loop4", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 308] <... mount resumed>) = 0 [ 25.588487][ T315] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 25.599378][ T318] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 25.611256][ T316] EXT4-fs (loop3): 1 truncate cleaned up [ 25.621090][ T318] ext4 filesystem being mounted at /root/syzkaller.HeKiwU/0/file0 supports timestamps until 2038 (0x7fffffff) [ 25.627104][ T317] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [pid 308] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 318] <... mount resumed>) = 0 [pid 308] <... openat resumed>) = 3 [pid 318] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 315] <... mount resumed>) = 0 [pid 308] chdir("./file0" [pid 318] <... openat resumed>) = 3 [pid 317] <... mount resumed>) = 0 [pid 315] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 308] <... chdir resumed>) = 0 [pid 318] chdir("./file0" [pid 317] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 316] <... mount resumed>) = 0 [pid 315] <... openat resumed>) = 3 [pid 308] ioctl(4, LOOP_CLR_FD [pid 318] <... chdir resumed>) = 0 [pid 317] <... openat resumed>) = 3 [pid 315] chdir("./file0" [pid 308] <... ioctl resumed>) = 0 [pid 318] ioctl(4, LOOP_CLR_FD [pid 317] chdir("./file0" [pid 315] <... chdir resumed>) = 0 [pid 308] close(4 [pid 318] <... ioctl resumed>) = 0 [pid 317] <... chdir resumed>) = 0 [pid 315] ioctl(4, LOOP_CLR_FD [pid 308] <... close resumed>) = 0 [pid 318] close(4 [pid 317] ioctl(4, LOOP_CLR_FD [pid 315] <... ioctl resumed>) = 0 [pid 308] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... close resumed>) = 0 [pid 317] <... ioctl resumed>) = 0 [pid 315] close(4 [pid 308] <... futex resumed>) = 1 [pid 304] <... futex resumed>) = 0 [ 25.638306][ T315] ext4 filesystem being mounted at /root/syzkaller.ocl8L5/0/file0 supports timestamps until 2038 (0x7fffffff) [ 25.649902][ T316] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 25.670917][ T317] ext4 filesystem being mounted at /root/syzkaller.XlkTr1/0/file0 supports timestamps until 2038 (0x7fffffff) [ 25.671821][ T319] EXT4-fs (loop1): 1 truncate cleaned up [ 25.683012][ T316] ext4 filesystem being mounted at /root/syzkaller.xspvsY/0/file0 supports timestamps until 2038 (0x7fffffff) [pid 318] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] close(4 [pid 315] <... close resumed>) = 0 [pid 308] fspick(AT_FDCWD, ".", 0 [pid 304] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... futex resumed>) = 1 [pid 317] <... close resumed>) = 0 [pid 315] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = 0 [pid 308] <... fspick resumed>) = 4 [pid 304] <... futex resumed>) = 0 [pid 318] fspick(AT_FDCWD, ".", 0 [pid 317] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 1 [pid 309] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... fspick resumed>) = 4 [pid 317] <... futex resumed>) = 1 [pid 315] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 312] <... futex resumed>) = 0 [pid 309] <... futex resumed>) = 0 [pid 308] <... futex resumed>) = 0 [pid 304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 318] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 312] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... futex resumed>) = 0 [pid 317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 312] <... futex resumed>) = 0 [pid 309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 307] <... futex resumed>) = 0 [pid 304] <... futex resumed>) = 0 [pid 318] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 317] fspick(AT_FDCWD, ".", 0 [pid 312] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 304] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 317] <... fspick resumed>) = 4 [pid 309] <... futex resumed>) = 0 [pid 308] <... socket resumed>) = 5 [pid 318] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 317] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... socket resumed>) = 5 [pid 317] <... futex resumed>) = 1 [pid 312] <... futex resumed>) = 0 [pid 308] <... futex resumed>) = 1 [pid 304] <... futex resumed>) = 0 [pid 318] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 312] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... futex resumed>) = 1 [pid 317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 312] <... futex resumed>) = 0 [pid 309] <... futex resumed>) = 0 [pid 308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 304] <... futex resumed>) = 0 [pid 318] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 317] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 312] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] sendmsg(5, NULL, 0 [pid 304] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 317] <... socket resumed>) = 5 [pid 309] <... futex resumed>) = 0 [pid 308] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 307] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... mount resumed>) = 0 [pid 318] sendmsg(5, NULL, 0 [pid 317] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 315] <... futex resumed>) = 0 [pid 309] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = 1 [pid 319] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 318] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 317] <... futex resumed>) = 1 [pid 316] <... openat resumed>) = 3 [pid 315] fspick(AT_FDCWD, ".", 0 [pid 312] <... futex resumed>) = 0 [pid 308] <... futex resumed>) = 1 [pid 307] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... futex resumed>) = 0 [pid 319] <... openat resumed>) = 3 [pid 318] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 316] chdir("./file0" [pid 315] <... fspick resumed>) = 4 [pid 312] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] chdir("./file0" [pid 318] <... futex resumed>) = 1 [pid 317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 316] <... chdir resumed>) = 0 [pid 315] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... futex resumed>) = 0 [pid 309] <... futex resumed>) = 0 [pid 308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 304] <... futex resumed>) = 0 [pid 319] <... chdir resumed>) = 0 [pid 318] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 317] sendmsg(5, NULL, 0 [pid 316] ioctl(4, LOOP_CLR_FD [pid 315] <... futex resumed>) = 1 [pid 312] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 307] <... futex resumed>) = 0 [pid 304] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] ioctl(4, LOOP_CLR_FD [pid 318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 317] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 316] <... ioctl resumed>) = 0 [pid 315] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] <... futex resumed>) = 0 [pid 308] <... fsconfig resumed>) = 0 [pid 307] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... ioctl resumed>) = 0 [pid 318] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 317] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] close(4 [pid 315] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = 0 [pid 319] close(4 [pid 318] <... fsconfig resumed>) = 0 [pid 317] <... futex resumed>) = 1 [pid 316] <... close resumed>) = 0 [pid 315] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 312] <... futex resumed>) = 0 [pid 308] <... futex resumed>) = 1 [pid 307] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... futex resumed>) = 0 [pid 319] <... close resumed>) = 0 [pid 318] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 316] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... socket resumed>) = 5 [pid 312] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... futex resumed>) = 1 [pid 317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 316] <... futex resumed>) = 1 [pid 315] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... futex resumed>) = 0 [pid 311] <... futex resumed>) = 0 [pid 309] <... futex resumed>) = 0 [pid 308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 304] <... futex resumed>) = 0 [pid 319] <... futex resumed>) = 1 [pid 318] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 317] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 316] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 315] <... futex resumed>) = 1 [pid 312] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] <... futex resumed>) = 0 [pid 309] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 307] <... futex resumed>) = 0 [pid 304] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 317] <... fsconfig resumed>) = 0 [pid 316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 315] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 311] <... futex resumed>) = 0 [pid 310] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = 0 [pid 307] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 318] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 317] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 310] <... futex resumed>) = 0 [pid 309] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] <... futex resumed>) = 1 [pid 315] sendmsg(5, NULL, 0 [pid 312] <... futex resumed>) = 0 [pid 310] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 315] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 312] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 315] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... futex resumed>) = 0 [pid 317] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 315] <... futex resumed>) = 0 [pid 312] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 316] fspick(AT_FDCWD, ".", 0 [pid 319] fspick(AT_FDCWD, ".", 0 [pid 316] <... fspick resumed>) = 4 [pid 315] <... futex resumed>) = 0 [pid 311] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] <... futex resumed>) = 1 [pid 319] <... fspick resumed>) = 4 [pid 316] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 307] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] <... futex resumed>) = 0 [pid 311] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 316] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 316] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 25.688722][ T319] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 25.711402][ T319] ext4 filesystem being mounted at /root/syzkaller.RmIcRO/0/file0 supports timestamps until 2038 (0x7fffffff) [ 25.741818][ T308] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback. [pid 316] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 311] <... futex resumed>) = 1 [pid 307] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 319] <... futex resumed>) = 1 [pid 310] <... futex resumed>) = 0 [pid 310] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 319] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 310] <... futex resumed>) = 0 [pid 319] sendmsg(5, NULL, 0 [pid 310] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 310] <... futex resumed>) = 0 [pid 319] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] <... futex resumed>) = 0 [pid 310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 319] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 310] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... fsconfig resumed>) = 0 [pid 310] <... futex resumed>) = 0 [pid 319] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] <... futex resumed>) = 0 [pid 310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 319] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 310] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 311] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 310] <... futex resumed>) = 0 [pid 307] <... futex resumed>) = 1 [pid 311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 307] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 311] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] <... fsconfig resumed>) = 0 [pid 308] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 308] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 315] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 316] <... futex resumed>) = 0 [pid 315] <... fsconfig resumed>) = 0 [pid 316] sendmsg(5, NULL, 0 [pid 304] <... futex resumed>) = 0 [pid 310] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 315] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 316] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 1 [pid 304] <... futex resumed>) = 1 [pid 316] <... futex resumed>) = 1 [pid 315] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 311] <... futex resumed>) = 0 [pid 307] <... futex resumed>) = 0 [pid 311] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... futex resumed>) = 0 [pid 307] <... futex resumed>) = 1 [pid 311] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] <... futex resumed>) = 0 [pid 308] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 319] <... fsconfig resumed>) = 0 [pid 318] <... fsconfig resumed>) = 0 [pid 316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 315] <... futex resumed>) = 0 [pid 316] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 315] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 316] <... fsconfig resumed>) = 0 [pid 316] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 316] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 318] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = 0 [pid 309] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 309] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... futex resumed>) = 1 [pid 318] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 319] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] <... fsconfig resumed>) = 0 [pid 312] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 311] <... futex resumed>) = 0 [pid 312] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c04738000 [pid 312] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 312] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[334], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 334 [pid 312] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 25.752268][ T318] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback. [ 25.760209][ T317] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback. [ 25.773816][ T319] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback. [ 25.774475][ T308] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 25.787036][ T318] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [pid 312] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 334 attached [pid 319] <... futex resumed>) = 1 [pid 317] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] <... futex resumed>) = 0 [pid 319] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 317] <... futex resumed>) = 0 [pid 311] <... futex resumed>) = 1 [pid 310] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 317] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 311] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 310] <... futex resumed>) = 0 [pid 319] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 310] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 307] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 334] set_robust_list(0x7f3c047589e0, 24 [pid 307] <... mmap resumed>) = 0x7f3c04738000 [pid 334] <... set_robust_list resumed>) = 0 [pid 307] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE [pid 334] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 307] <... mprotect resumed>) = 0 [pid 316] <... futex resumed>) = 0 [pid 309] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 307] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 304] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) ./strace-static-x86_64: Process 335 attached [pid 316] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 304] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... clone resumed>, parent_tid=[335], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 335 [pid 304] <... futex resumed>) = 0 [pid 304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c04738000 [pid 304] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE [pid 309] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... mprotect resumed>) = 0 [pid 309] <... futex resumed>) = 0 [pid 304] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c04738000 [pid 304] <... clone resumed>, parent_tid=[336], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 336 [pid 309] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE [pid 304] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... mprotect resumed>) = 0 [pid 304] <... futex resumed>) = 0 [pid 309] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 304] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... clone resumed>, parent_tid=[337], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 337 [pid 309] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 309] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 336 attached [pid 336] set_robust_list(0x7f3c047589e0, 24) = 0 [pid 336] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000./strace-static-x86_64: Process 337 attached [pid 337] set_robust_list(0x7f3c047589e0, 24) = 0 [pid 337] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 336] <... openat resumed>) = 6 [pid 337] <... openat resumed>) = 6 [pid 337] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = 0 [pid 309] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 309] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 337] <... futex resumed>) = 1 [ 25.791848][ T308] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 25.803981][ T318] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 25.810135][ T319] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 25.815942][ T315] EXT4-fs (loop5): re-mounted. Opts: (null). Quota mode: writeback. [ 25.825790][ T334] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 25.842616][ T319] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [pid 307] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 307] <... futex resumed>) = 0 [pid 312] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] <... futex resumed>) = 0 [pid 312] <... futex resumed>) = 1 [pid 317] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 312] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 317] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 312] <... futex resumed>) = 0 [pid 317] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 312] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 312] <... futex resumed>) = 0 [pid 317] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] <... futex resumed>) = 0 [pid 312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 317] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 337] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 336] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 304] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 336] <... futex resumed>) = 1 [pid 336] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 336] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 337] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] <... futex resumed>) = 1 [pid 336] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] <... futex resumed>) = 0 [pid 337] <... futex resumed>) = 1 [pid 337] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 335] set_robust_list(0x7f3c047589e0, 24 [pid 315] <... fsconfig resumed>) = 0 [pid 311] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 307] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] <... set_robust_list resumed>) = 0 [pid 315] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 315] <... futex resumed>) = 0 [pid 311] <... futex resumed>) = 0 [pid 315] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 318] <... fsconfig resumed>) = 0 [pid 318] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 318] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 311] <... mmap resumed>) = 0x7f3c04738000 [pid 311] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 309] exit_group(0 [pid 337] <... futex resumed>) = ? [pid 311] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 309] <... exit_group resumed>) = ? [pid 337] +++ exited with 0 +++ [pid 311] <... clone resumed>, parent_tid=[340], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 340 [pid 311] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... futex resumed>) = ? [pid 318] +++ exited with 0 +++ [pid 309] +++ exited with 0 +++ [pid 316] <... fsconfig resumed>) = 0 [pid 310] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 316] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 316] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 340 attached [pid 340] set_robust_list(0x7f3c047589e0, 24) = 0 [ 25.851237][ T316] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback. [ 25.851283][ T334] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 25.866058][ T318] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback. [ 25.868951][ T335] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 25.880508][ T318] syz-executor261 (318) used greatest stack depth: 21128 bytes left [ 25.885194][ T308] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback. [pid 340] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 310] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=18} --- [pid 319] <... fsconfig resumed>) = 0 [pid 310] <... futex resumed>) = 0 [pid 308] <... fsconfig resumed>) = 0 [pid 300] restart_syscall(<... resuming interrupted clone ...> [pid 307] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 307] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 307] <... futex resumed>) = 1 [pid 315] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 307] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 310] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c04738000 [pid 310] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 310] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[343], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 343 [pid 310] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 311] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 300] <... restart_syscall resumed>) = 0 [pid 311] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 311] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] exit_group(0 [pid 300] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 336] <... futex resumed>) = ? [pid 316] <... futex resumed>) = 0 [pid 311] <... futex resumed>) = 1 [pid 308] <... futex resumed>) = ? [pid 304] <... exit_group resumed>) = ? [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 336] +++ exited with 0 +++ [pid 316] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 311] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] +++ exited with 0 +++ [pid 304] +++ exited with 0 +++ [pid 300] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 316] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 300] <... openat resumed>) = 3 [pid 316] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] fstat(3, [pid 316] <... futex resumed>) = 1 [pid 311] <... futex resumed>) = 0 [pid 300] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 316] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 311] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] getdents64(3, [pid 316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 311] <... futex resumed>) = 0 [pid 300] <... getdents64 resumed>0x55555589f620 /* 4 entries */, 32768) = 112 [pid 316] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 311] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 316] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 316] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] lstat("./0/binderfs", [pid 316] <... futex resumed>) = 1 [pid 311] <... futex resumed>) = 0 [pid 300] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 316] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] unlink("./0/binderfs") = 0 [pid 300] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 343 attached [pid 343] set_robust_list(0x7f3c047589e0, 24) = 0 [pid 343] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 315] <... openat resumed>) = 6 [pid 315] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 315] <... futex resumed>) = 1 [pid 307] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 315] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 307] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 315] <... openat resumed>) = 7 [pid 307] <... futex resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 315] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] fstat(3, [pid 315] <... futex resumed>) = 0 [pid 307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 334] <... fsconfig resumed>) = 0 [pid 315] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] getdents64(3, [pid 334] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] <... getdents64 resumed>0x55555589f620 /* 4 entries */, 32768) = 112 [pid 298] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 312] exit_group(0 [pid 298] lstat("./0/binderfs", [pid 317] <... futex resumed>) = ? [pid 312] <... exit_group resumed>) = ? [pid 317] +++ exited with 0 +++ [pid 298] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 298] unlink("./0/binderfs") = 0 [ 25.893675][ T340] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 25.900564][ T319] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback. [ 25.908905][ T335] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 25.916795][ T340] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 25.932984][ T334] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback. [pid 298] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 334] +++ exited with 0 +++ [pid 312] +++ exited with 0 +++ [pid 302] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=312, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- [pid 302] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 302] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 302] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 302] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 302] getdents64(3, 0x55555589f620 /* 4 entries */, 32768) = 112 [pid 302] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 302] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 302] unlink("./0/binderfs") = 0 [pid 302] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 343] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 343] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 310] <... futex resumed>) = 0 [pid 310] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... futex resumed>) = 0 [pid 310] <... futex resumed>) = 1 [pid 319] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 310] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... fsconfig resumed>) = 0 [pid 340] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 335] <... fsconfig resumed>) = 0 [pid 319] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 340] <... futex resumed>) = 0 [pid 340] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 335] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] exit_group(0 [pid 307] exit_group(0 [pid 340] <... futex resumed>) = ? [pid 335] <... futex resumed>) = 0 [pid 319] <... futex resumed>) = 1 [pid 316] <... futex resumed>) = ? [pid 311] <... exit_group resumed>) = ? [pid 310] <... futex resumed>) = 0 [pid 302] <... umount2 resumed>) = 0 [pid 300] <... umount2 resumed>) = 0 [pid 319] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 302] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 310] exit_group(0 [pid 302] lstat("./0/file0", [pid 300] lstat("./0/file0", [pid 343] <... futex resumed>) = ? [pid 319] <... futex resumed>) = ? [pid 316] +++ exited with 0 +++ [pid 315] <... futex resumed>) = ? [pid 310] <... exit_group resumed>) = ? [pid 307] <... exit_group resumed>) = ? [pid 302] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 300] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 343] +++ exited with 0 +++ [pid 319] +++ exited with 0 +++ [pid 315] +++ exited with 0 +++ [pid 302] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 340] +++ exited with 0 +++ [pid 311] +++ exited with 0 +++ [pid 310] +++ exited with 0 +++ [pid 302] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 335] +++ exited with 0 +++ [pid 307] +++ exited with 0 +++ [pid 302] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=311, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- [pid 300] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 302] <... openat resumed>) = 4 [pid 300] <... openat resumed>) = 4 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=310, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- [pid 298] lstat("./0/file0", [pid 303] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=22} --- [pid 302] fstat(4, [pid 300] fstat(4, [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 303] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 302] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 301] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 298] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 303] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 302] getdents64(4, [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] getdents64(4, [pid 299] <... restart_syscall resumed>) = 0 [pid 303] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 302] <... getdents64 resumed>0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 301] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] <... getdents64 resumed>0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 298] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 303] <... openat resumed>) = 3 [pid 302] getdents64(4, [pid 301] <... openat resumed>) = 3 [pid 300] getdents64(4, [pid 303] fstat(3, [pid 302] <... getdents64 resumed>0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 301] fstat(3, [pid 300] <... getdents64 resumed>0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 303] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 302] close(4 [pid 301] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 300] close(4 [pid 299] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 303] getdents64(3, [pid 302] <... close resumed>) = 0 [pid 301] getdents64(3, [pid 300] <... close resumed>) = 0 [pid 298] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 303] <... getdents64 resumed>0x55555589f620 /* 4 entries */, 32768) = 112 [pid 302] rmdir("./0/file0" [pid 301] <... getdents64 resumed>0x55555589f620 /* 4 entries */, 32768) = 112 [pid 300] rmdir("./0/file0" [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 303] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 302] <... rmdir resumed>) = 0 [pid 301] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... rmdir resumed>) = 0 [pid 298] <... openat resumed>) = 4 [pid 303] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 302] getdents64(3, [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] getdents64(3, [pid 299] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] fstat(4, [pid 303] lstat("./0/binderfs", [pid 302] <... getdents64 resumed>0x55555589f620 /* 0 entries */, 32768) = 0 [pid 301] lstat("./0/binderfs", [pid 300] <... getdents64 resumed>0x55555589f620 /* 0 entries */, 32768) = 0 [pid 298] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 303] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 302] close(3 [pid 301] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 300] close(3 [pid 299] <... openat resumed>) = 3 [pid 303] unlink("./0/binderfs" [pid 302] <... close resumed>) = 0 [pid 301] unlink("./0/binderfs" [pid 300] <... close resumed>) = 0 [pid 298] getdents64(4, [pid 303] <... unlink resumed>) = 0 [pid 300] rmdir("./0" [pid 299] fstat(3, [pid 303] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 302] rmdir("./0" [pid 301] <... unlink resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 298] <... getdents64 resumed>0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 302] <... rmdir resumed>) = 0 [pid 301] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] mkdir("./1", 0777 [pid 299] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 298] getdents64(4, [pid 302] mkdir("./1", 0777 [pid 300] <... mkdir resumed>) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 299] getdents64(3, [pid 298] <... getdents64 resumed>0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 300] <... openat resumed>) = 3 [pid 300] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 300] close(3 [pid 302] <... mkdir resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 298] close(4 [pid 302] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... getdents64 resumed>0x55555589f620 /* 4 entries */, 32768) = 112 [pid 298] <... close resumed>) = 0 [pid 300] <... clone resumed>, child_tidptr=0x55555589e5d0) = 346 [pid 302] <... openat resumed>) = 3 [pid 299] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] rmdir("./0/file0" [pid 302] ioctl(3, LOOP_CLR_FD [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 346 attached [pid 346] set_robust_list(0x55555589e5e0, 24 [pid 299] lstat("./0/binderfs", [pid 298] <... rmdir resumed>) = 0 [pid 302] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 298] getdents64(3, [pid 302] close(3 [pid 299] unlink("./0/binderfs" [pid 298] <... getdents64 resumed>0x55555589f620 /* 0 entries */, 32768) = 0 [pid 346] <... set_robust_list resumed>) = 0 [pid 346] chdir("./1" [pid 299] <... unlink resumed>) = 0 [pid 298] close(3 [pid 302] <... close resumed>) = 0 [pid 299] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... close resumed>) = 0 [pid 346] <... chdir resumed>) = 0 [pid 298] rmdir("./0" [pid 346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 346] setpgid(0, 0) = 0 [pid 346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 298] <... rmdir resumed>) = 0 [pid 346] write(3, "1000", 4) = 4 [pid 346] close(3) = 0 [pid 346] symlink("/dev/binderfs", "./binderfs") = 0 [pid 346] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] mkdir("./1", 0777 [pid 346] <... futex resumed>) = 0 [pid 346] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c0cb19000 [ 25.945309][ T343] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 25.963541][ T340] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback. [ 25.972303][ T335] EXT4-fs (loop5): re-mounted. Opts: (null). Quota mode: writeback. [pid 346] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... umount2 resumed>) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 299] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 302] <... clone resumed>, child_tidptr=0x55555589e5d0) = 347 [pid 298] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... openat resumed>) = 3 [pid 299] lstat("./0/file0", [pid 298] ioctl(3, LOOP_CLR_FD [pid 299] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] close(3 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... close resumed>) = 0 [pid 299] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... openat resumed>) = 4 [pid 299] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 298] <... clone resumed>, child_tidptr=0x55555589e5d0) = 348 [pid 299] getdents64(4, [pid 346] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 299] <... getdents64 resumed>0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./0/file0") = 0 [pid 299] getdents64(3, 0x55555589f620 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 348 attached ./strace-static-x86_64: Process 347 attached [pid 299] close(3 [pid 303] <... umount2 resumed>) = 0 [pid 301] <... umount2 resumed>) = 0 [pid 303] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... close resumed>) = 0 [pid 303] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 303] lstat("./0/file0", [pid 301] lstat("./0/file0", [pid 303] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 301] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 303] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 303] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 303] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 301] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 303] <... openat resumed>) = 4 [pid 301] <... openat resumed>) = 4 [pid 303] fstat(4, [pid 301] fstat(4, [pid 303] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 301] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 303] getdents64(4, [pid 301] getdents64(4, [pid 303] <... getdents64 resumed>0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 301] <... getdents64 resumed>0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 303] getdents64(4, [pid 301] getdents64(4, [pid 303] <... getdents64 resumed>0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 301] <... getdents64 resumed>0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 346] <... clone resumed>, parent_tid=[349], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 349 [pid 303] close(4 [pid 301] close(4 [pid 299] rmdir("./0" [pid 346] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... close resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 346] <... futex resumed>) = 0 [pid 303] rmdir("./0/file0" [pid 301] rmdir("./0/file0" [pid 346] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 303] <... rmdir resumed>) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 303] getdents64(3, [pid 301] getdents64(3, [pid 303] <... getdents64 resumed>0x55555589f620 /* 0 entries */, 32768) = 0 [pid 301] <... getdents64 resumed>0x55555589f620 /* 0 entries */, 32768) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 303] close(3 [pid 301] close(3 [pid 299] mkdir("./1", 0777 [pid 303] <... close resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 303] rmdir("./0" [pid 301] rmdir("./0" [pid 303] <... rmdir resumed>) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 303] mkdir("./1", 0777 [pid 301] mkdir("./1", 0777 [pid 299] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 303] <... mkdir resumed>) = 0 [pid 301] <... mkdir resumed>) = 0 [pid 303] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 301] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 299] <... openat resumed>) = 3 [pid 303] <... openat resumed>) = 3 [pid 301] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD [pid 303] ioctl(3, LOOP_CLR_FD [pid 301] ioctl(3, LOOP_CLR_FD [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 348] set_robust_list(0x55555589e5e0, 24 [pid 347] set_robust_list(0x55555589e5e0, 24 [pid 303] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] close(3 [pid 348] <... set_robust_list resumed>) = 0 [pid 347] <... set_robust_list resumed>) = 0 [pid 303] close(3 [pid 301] close(3 [pid 348] chdir("./1" [pid 347] chdir("./1" [pid 303] <... close resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 348] <... chdir resumed>) = 0 [pid 347] <... chdir resumed>) = 0 [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 347] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 303] <... clone resumed>, child_tidptr=0x55555589e5d0) = 351 [pid 301] <... clone resumed>, child_tidptr=0x55555589e5d0) = 352 [pid 348] <... prctl resumed>) = 0 [pid 347] <... prctl resumed>) = 0 [pid 299] <... clone resumed>, child_tidptr=0x55555589e5d0) = 353 [pid 348] setpgid(0, 0 [pid 347] setpgid(0, 0 [pid 348] <... setpgid resumed>) = 0 [pid 347] <... setpgid resumed>) = 0 [pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 348] write(3, "1000", 4) = 4 [pid 347] <... openat resumed>) = 3 ./strace-static-x86_64: Process 352 attached [pid 348] close(3 [pid 352] set_robust_list(0x55555589e5e0, 24 [pid 347] write(3, "1000", 4 [pid 348] <... close resumed>) = 0 [pid 347] <... write resumed>) = 4 [pid 348] symlink("/dev/binderfs", "./binderfs" [pid 347] close(3 [pid 348] <... symlink resumed>) = 0 [pid 347] <... close resumed>) = 0 [pid 352] <... set_robust_list resumed>) = 0 [pid 347] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 351 attached [pid 352] chdir("./1" [pid 348] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 352] <... chdir resumed>) = 0 [pid 351] set_robust_list(0x55555589e5e0, 24 [pid 348] <... futex resumed>) = 0 [pid 347] <... symlink resumed>) = 0 [pid 352] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 351] <... set_robust_list resumed>) = 0 [pid 348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 347] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 352] <... prctl resumed>) = 0 [pid 351] chdir("./1" [pid 348] <... mmap resumed>) = 0x7f3c0cb19000 [pid 347] <... futex resumed>) = 0 [pid 352] setpgid(0, 0 [pid 351] <... chdir resumed>) = 0 [pid 347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 348] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE [pid 352] <... setpgid resumed>) = 0 [pid 351] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 348] <... mprotect resumed>) = 0 [pid 347] <... mmap resumed>) = 0x7f3c0cb19000 [pid 352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 351] <... prctl resumed>) = 0 [pid 348] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 347] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 353 attached [pid 352] <... openat resumed>) = 3 [pid 351] setpgid(0, 0 [pid 347] <... mprotect resumed>) = 0 [pid 352] write(3, "1000", 4 [pid 351] <... setpgid resumed>) = 0 [pid 348] <... clone resumed>, parent_tid=[354], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 354 [pid 347] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 353] set_robust_list(0x55555589e5e0, 24 [pid 352] <... write resumed>) = 4 [pid 351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 348] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 353] <... set_robust_list resumed>) = 0 [pid 352] close(3 [pid 351] <... openat resumed>) = 3 [pid 348] <... futex resumed>) = 0 [pid 347] <... clone resumed>, parent_tid=[355], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 355 [pid 353] chdir("./1" [pid 352] <... close resumed>) = 0 [pid 351] write(3, "1000", 4 [pid 348] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 347] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 349 attached [pid 353] <... chdir resumed>) = 0 [pid 352] symlink("/dev/binderfs", "./binderfs" [pid 351] <... write resumed>) = 4 [pid 347] <... futex resumed>) = 0 [pid 352] <... symlink resumed>) = 0 [pid 351] close(3 [pid 349] set_robust_list(0x7f3c0cb399e0, 24 [pid 353] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 352] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] <... close resumed>) = 0 [pid 349] <... set_robust_list resumed>) = 0 [pid 347] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 355 attached ./strace-static-x86_64: Process 354 attached [pid 353] <... prctl resumed>) = 0 [pid 352] <... futex resumed>) = 0 [pid 351] symlink("/dev/binderfs", "./binderfs" [pid 349] memfd_create("syzkaller", 0 [pid 355] set_robust_list(0x7f3c0cb399e0, 24 [pid 354] set_robust_list(0x7f3c0cb399e0, 24 [pid 353] setpgid(0, 0 [pid 352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 351] <... symlink resumed>) = 0 [pid 349] <... memfd_create resumed>) = 3 [pid 354] <... set_robust_list resumed>) = 0 [pid 353] <... setpgid resumed>) = 0 [pid 352] <... mmap resumed>) = 0x7f3c0cb19000 [pid 351] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 352] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE [pid 351] <... futex resumed>) = 0 [pid 349] <... mmap resumed>) = 0x7f3c04719000 [pid 355] <... set_robust_list resumed>) = 0 [pid 354] memfd_create("syzkaller", 0 [pid 353] <... openat resumed>) = 3 [pid 352] <... mprotect resumed>) = 0 [pid 351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 349] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 355] memfd_create("syzkaller", 0 [pid 354] <... memfd_create resumed>) = 3 [pid 353] write(3, "1000", 4 [pid 352] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 351] <... mmap resumed>) = 0x7f3c0cb19000 [pid 349] <... write resumed>) = 262144 ./strace-static-x86_64: Process 356 attached [pid 355] <... memfd_create resumed>) = 3 [pid 354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 353] <... write resumed>) = 4 [pid 351] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE [pid 349] munmap(0x7f3c04719000, 262144 [pid 356] set_robust_list(0x7f3c0cb399e0, 24 [pid 355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 354] <... mmap resumed>) = 0x7f3c04719000 [pid 353] close(3 [pid 352] <... clone resumed>, parent_tid=[356], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 356 [pid 351] <... mprotect resumed>) = 0 [pid 349] <... munmap resumed>) = 0 [pid 353] <... close resumed>) = 0 [pid 352] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 349] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 352] <... futex resumed>) = 0 [pid 349] <... openat resumed>) = 4 [pid 352] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 351] <... clone resumed>, parent_tid=[357], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 357 [pid 349] ioctl(4, LOOP_SET_FD, 3 [pid 356] <... set_robust_list resumed>) = 0 [pid 355] <... mmap resumed>) = 0x7f3c04719000 [pid 354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 353] symlink("/dev/binderfs", "./binderfs" [pid 351] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 357 attached [pid 357] set_robust_list(0x7f3c0cb399e0, 24) = 0 [pid 353] <... symlink resumed>) = 0 [pid 357] memfd_create("syzkaller", 0) = 3 [pid 357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 [pid 355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 353] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] <... ioctl resumed>) = 0 [pid 349] close(3 [pid 354] <... write resumed>) = 262144 [pid 353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c0cb19000 [pid 349] <... close resumed>) = 0 [pid 353] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 349] mkdir("./file0", 0777 [pid 353] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 354] munmap(0x7f3c04719000, 262144 [pid 353] <... clone resumed>, parent_tid=[358], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 358 [pid 354] <... munmap resumed>) = 0 [pid 353] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 354] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 353] <... futex resumed>) = 0 [pid 353] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 354] <... openat resumed>) = 4 [pid 349] <... mkdir resumed>) = 0 [pid 349] mount("/dev/loop2", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 354] ioctl(4, LOOP_SET_FD, 3 [pid 357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 358 attached ) = 262144 [pid 356] memfd_create("syzkaller", 0 [pid 355] <... write resumed>) = 262144 [pid 354] <... ioctl resumed>) = 0 [pid 356] <... memfd_create resumed>) = 3 [pid 355] munmap(0x7f3c04719000, 262144 [pid 354] close(3 [pid 356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 355] <... munmap resumed>) = 0 [pid 354] <... close resumed>) = 0 [pid 356] <... mmap resumed>) = 0x7f3c04719000 [pid 355] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 354] mkdir("./file0", 0777 [pid 358] set_robust_list(0x7f3c0cb399e0, 24 [pid 357] munmap(0x7f3c04719000, 262144 [pid 356] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 355] <... openat resumed>) = 4 [pid 358] <... set_robust_list resumed>) = 0 [pid 356] <... write resumed>) = 262144 [pid 355] ioctl(4, LOOP_SET_FD, 3 [pid 354] <... mkdir resumed>) = 0 [pid 358] memfd_create("syzkaller", 0 [pid 357] <... munmap resumed>) = 0 [pid 356] munmap(0x7f3c04719000, 262144 [pid 358] <... memfd_create resumed>) = 3 [pid 357] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 356] <... munmap resumed>) = 0 [pid 355] <... ioctl resumed>) = 0 [pid 354] mount("/dev/loop0", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 356] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 356] ioctl(4, LOOP_SET_FD, 3 [pid 358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 [pid 358] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 357] <... openat resumed>) = 4 [ 26.066779][ T349] loop2: detected capacity change from 0 to 512 [ 26.079232][ T354] loop0: detected capacity change from 0 to 512 [ 26.092288][ T355] loop4: detected capacity change from 0 to 512 [ 26.093715][ T349] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 26.099652][ T356] loop3: detected capacity change from 0 to 512 [pid 357] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 355] close(3 [pid 357] close(3) = 0 [pid 357] mkdir("./file0", 0777 [pid 355] <... close resumed>) = 0 [pid 355] mkdir("./file0", 0777 [pid 357] <... mkdir resumed>) = 0 [pid 357] mount("/dev/loop5", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 356] <... ioctl resumed>) = 0 [pid 356] close(3) = 0 [pid 356] mkdir("./file0", 0777 [pid 355] <... mkdir resumed>) = 0 [pid 356] <... mkdir resumed>) = 0 [pid 356] mount("/dev/loop3", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 355] mount("/dev/loop4", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 358] <... write resumed>) = 262144 [pid 358] munmap(0x7f3c04719000, 262144) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 358] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 358] close(3) = 0 [pid 358] mkdir("./file0", 0777) = 0 [ 26.106653][ T349] System zones: 0-2, 18-18, 34-34 [ 26.116422][ T357] loop5: detected capacity change from 0 to 512 [ 26.118732][ T349] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 26.143124][ T349] EXT4-fs (loop2): 1 truncate cleaned up [ 26.145101][ T358] loop1: detected capacity change from 0 to 512 [ 26.149181][ T349] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [pid 358] mount("/dev/loop1", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 349] <... mount resumed>) = 0 [pid 349] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 349] chdir("./file0") = 0 [pid 349] ioctl(4, LOOP_CLR_FD) = 0 [pid 349] close(4) = 0 [pid 349] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 346] <... futex resumed>) = 0 [pid 346] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 346] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 349] <... futex resumed>) = 1 [pid 349] fspick(AT_FDCWD, ".", 0) = 4 [pid 349] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 346] <... futex resumed>) = 0 [pid 346] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 346] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 349] <... futex resumed>) = 1 [pid 349] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 349] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 346] <... futex resumed>) = 0 [pid 346] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 346] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 349] <... futex resumed>) = 1 [pid 349] sendmsg(5, NULL, 0) = -1 EFAULT (Bad address) [pid 349] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 346] <... futex resumed>) = 0 [pid 346] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 346] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 349] <... futex resumed>) = 1 [pid 349] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 349] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 346] <... futex resumed>) = 0 [pid 346] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 346] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 349] <... futex resumed>) = 1 [ 26.162064][ T356] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 26.166171][ T349] ext4 filesystem being mounted at /root/syzkaller.HeKiwU/1/file0 supports timestamps until 2038 (0x7fffffff) [ 26.174865][ T356] System zones: 0-2, 18-18, 34-34 [ 26.190709][ T354] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 26.198007][ T356] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [pid 349] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0 [pid 346] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 346] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 346] <... futex resumed>) = 0 [pid 349] <... futex resumed>) = 0 [pid 346] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 349] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 346] <... mmap resumed>) = 0x7f3c04738000 [pid 346] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 346] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[371], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 371 [pid 346] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 26.199788][ T357] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 26.212607][ T349] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback. [ 26.223267][ T354] System zones: 0-2, 18-18, 34-34 [ 26.233942][ T358] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 26.234212][ T357] System zones: [ 26.243824][ T357] 0-2 [ 26.246133][ T356] EXT4-fs (loop3): 1 truncate cleaned up [ 26.246150][ T357] , 18-18 [ 26.248544][ T356] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [pid 346] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 371 attached [pid 371] set_robust_list(0x7f3c047589e0, 24 [pid 356] <... mount resumed>) = 0 [pid 346] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 346] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] <... futex resumed>) = 0 [pid 346] <... futex resumed>) = 1 [pid 349] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 346] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] <... set_robust_list resumed>) = 0 [pid 356] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 349] <... openat resumed>) = -1 EROFS (Read-only file system) [ 26.248633][ T356] ext4 filesystem being mounted at /root/syzkaller.xspvsY/1/file0 supports timestamps until 2038 (0x7fffffff) [ 26.254809][ T358] System zones: [ 26.257493][ T355] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 26.267911][ T358] 0-2 [ 26.280172][ T354] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 26.282715][ T358] , 18-18 [ 26.290445][ T357] , 34-34 [ 26.292884][ T358] , 34-34 [ 26.310258][ T358] [pid 371] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 356] <... openat resumed>) = 3 [pid 349] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] chdir("./file0" [pid 349] <... futex resumed>) = 1 [pid 346] <... futex resumed>) = 0 [pid 356] <... chdir resumed>) = 0 [pid 349] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 346] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] ioctl(4, LOOP_CLR_FD [pid 349] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 346] <... futex resumed>) = 0 [pid 356] <... ioctl resumed>) = 0 [pid 349] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 346] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] close(4 [pid 349] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 356] <... close resumed>) = 0 [pid 349] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] <... futex resumed>) = 1 [pid 346] <... futex resumed>) = 0 [pid 356] <... futex resumed>) = 1 [pid 349] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 356] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 352] <... futex resumed>) = 0 [ 26.313137][ T354] EXT4-fs (loop0): 1 truncate cleaned up [ 26.315815][ T355] System zones: [ 26.317943][ T358] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 26.322790][ T355] 0-2 [ 26.326235][ T371] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 26.340019][ T355] , 18-18 [ 26.342333][ T354] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 26.351348][ T355] , 34-34 [pid 352] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] <... futex resumed>) = 0 [pid 352] <... futex resumed>) = 1 [pid 356] fspick(AT_FDCWD, ".", 0) = 4 [pid 356] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 26.368770][ T357] [ 26.369440][ T355] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 26.371757][ T354] ext4 filesystem being mounted at /root/syzkaller.iUXvEJ/1/file0 supports timestamps until 2038 (0x7fffffff) [ 26.396280][ T371] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 26.397219][ T357] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [pid 352] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 354] <... mount resumed>) = 0 [pid 352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 354] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 352] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] <... futex resumed>) = 0 [pid 354] <... openat resumed>) = 3 [pid 352] <... futex resumed>) = 1 [pid 356] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 356] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 354] chdir("./file0" [ 26.405980][ T358] EXT4-fs (loop1): 1 truncate cleaned up [ 26.424113][ T357] EXT4-fs (loop5): 1 truncate cleaned up [ 26.425953][ T358] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 26.429905][ T357] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 26.451433][ T357] ext4 filesystem being mounted at /root/syzkaller.ocl8L5/1/file0 supports timestamps until 2038 (0x7fffffff) [ 26.454438][ T355] EXT4-fs (loop4): 1 truncate cleaned up [pid 352] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... mount resumed>) = 0 [pid 357] <... mount resumed>) = 0 [pid 354] <... chdir resumed>) = 0 [pid 352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 354] ioctl(4, LOOP_CLR_FD [pid 352] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 354] <... ioctl resumed>) = 0 [pid 352] <... futex resumed>) = 1 [pid 354] close(4 [pid 352] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 354] <... close resumed>) = 0 [pid 357] <... openat resumed>) = 3 [pid 354] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] chdir("./file0" [pid 354] <... futex resumed>) = 1 [pid 357] <... chdir resumed>) = 0 [pid 354] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 357] ioctl(4, LOOP_CLR_FD) = 0 [pid 357] close(4) = 0 [pid 357] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 351] <... futex resumed>) = 0 [pid 357] fspick(AT_FDCWD, ".", 0 [pid 351] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... fspick resumed>) = 4 [pid 351] <... futex resumed>) = 0 [pid 357] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... futex resumed>) = 0 [pid 351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 357] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 351] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... socket resumed>) = 5 [pid 351] <... futex resumed>) = 0 [pid 357] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... futex resumed>) = 0 [pid 351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 357] sendmsg(5, NULL, 0 [pid 351] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 351] <... futex resumed>) = 0 [pid 357] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... futex resumed>) = 0 [pid 351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 357] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 351] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... fsconfig resumed>) = 0 [pid 351] <... futex resumed>) = 0 [pid 357] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... futex resumed>) = 0 [pid 351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 357] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 351] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 358] chdir("./file0") = 0 [pid 358] ioctl(4, LOOP_CLR_FD) = 0 [pid 358] close(4) = 0 [pid 358] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 358] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 356] <... futex resumed>) = 0 [pid 356] sendmsg(5, NULL, 0) = -1 EFAULT (Bad address) [pid 356] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 352] <... futex resumed>) = 0 [pid 356] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 352] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 352] <... futex resumed>) = 0 [pid 356] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 352] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] <... fsconfig resumed>) = 0 [pid 356] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 352] <... futex resumed>) = 0 [pid 356] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 352] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 352] <... futex resumed>) = 0 [pid 356] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 352] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 348] <... futex resumed>) = 0 [pid 348] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 354] <... futex resumed>) = 0 [pid 348] <... futex resumed>) = 1 [pid 354] fspick(AT_FDCWD, ".", 0 [pid 348] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 354] <... fspick resumed>) = 4 [pid 354] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 348] <... futex resumed>) = 0 [pid 354] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 348] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 353] <... futex resumed>) = 0 [pid 353] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 26.463275][ T358] ext4 filesystem being mounted at /root/syzkaller.RmIcRO/1/file0 supports timestamps until 2038 (0x7fffffff) [ 26.469832][ T355] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 26.500395][ T371] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback. [pid 371] <... fsconfig resumed>) = 0 [pid 358] <... futex resumed>) = 0 [pid 354] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 353] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 348] <... futex resumed>) = 0 [pid 371] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 355] <... mount resumed>) = 0 [pid 355] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 355] chdir("./file0") = 0 [pid 355] ioctl(4, LOOP_CLR_FD) = 0 [pid 355] close(4) = 0 [pid 355] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 347] <... futex resumed>) = 0 [pid 347] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 347] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 355] <... futex resumed>) = 1 [pid 355] fspick(AT_FDCWD, ".", 0) = 4 [pid 355] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 347] <... futex resumed>) = 0 [pid 347] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 347] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 355] <... futex resumed>) = 1 [pid 355] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 355] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 347] <... futex resumed>) = 0 [pid 347] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 347] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] fspick(AT_FDCWD, ".", 0 [pid 354] <... socket resumed>) = 5 [pid 348] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 346] exit_group(0 [pid 371] <... futex resumed>) = ? [pid 358] <... fspick resumed>) = 4 [pid 354] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] <... futex resumed>) = ? [pid 346] <... exit_group resumed>) = ? [pid 371] +++ exited with 0 +++ [pid 358] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 354] <... futex resumed>) = 1 [pid 349] +++ exited with 0 +++ [pid 348] <... futex resumed>) = 0 [pid 346] +++ exited with 0 +++ [pid 358] <... futex resumed>) = 1 [pid 354] sendmsg(5, NULL, 0 [pid 353] <... futex resumed>) = 0 [pid 348] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 354] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 353] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 348] <... futex resumed>) = 0 [pid 358] <... socket resumed>) = 5 [pid 354] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 353] <... futex resumed>) = 0 [pid 348] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 354] <... futex resumed>) = 0 [pid 353] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 348] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 358] <... futex resumed>) = 0 [pid 354] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 353] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 348] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 353] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 348] <... futex resumed>) = 0 [pid 358] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 354] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 353] <... futex resumed>) = 0 [pid 348] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] sendmsg(5, NULL, 0 [pid 354] <... fsconfig resumed>) = 0 [pid 353] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 354] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 354] <... futex resumed>) = 1 [pid 348] <... futex resumed>) = 0 [pid 358] <... futex resumed>) = 1 [pid 354] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 353] <... futex resumed>) = 0 [pid 351] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 348] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 353] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 348] <... futex resumed>) = 0 [pid 358] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 357] <... fsconfig resumed>) = 0 [pid 356] <... fsconfig resumed>) = 0 [pid 355] <... futex resumed>) = 1 [pid 354] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 353] <... futex resumed>) = 0 [pid 351] <... futex resumed>) = 0 [pid 348] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=346, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- [pid 357] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 353] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 300] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 358] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 357] <... futex resumed>) = 0 [pid 351] <... mmap resumed>) = 0x7f3c04738000 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] <... fsconfig resumed>) = 0 [pid 357] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 351] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE [pid 300] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 358] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] <... mprotect resumed>) = 0 [pid 300] <... openat resumed>) = 3 [pid 351] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 300] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 351] <... clone resumed>, parent_tid=[373], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 373 [pid 300] getdents64(3, [pid 351] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... getdents64 resumed>0x55555589f620 /* 4 entries */, 32768) = 112 [pid 351] <... futex resumed>) = 0 [pid 300] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 351] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 300] unlink("./1/binderfs") = 0 [pid 300] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 356] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 355] sendmsg(5, NULL, 0 [pid 352] <... futex resumed>) = 0 [pid 352] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 352] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 355] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 356] <... futex resumed>) = 1 [pid 356] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 355] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 373 attached [pid 358] <... futex resumed>) = 1 [pid 353] <... futex resumed>) = 0 [pid 358] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 353] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 353] <... futex resumed>) = 0 [pid 355] <... futex resumed>) = 1 [pid 355] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 358] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 353] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 347] <... futex resumed>) = 0 [pid 347] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 355] <... futex resumed>) = 0 [pid 354] <... fsconfig resumed>) = 0 [pid 347] <... futex resumed>) = 1 [pid 355] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 347] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 355] <... fsconfig resumed>) = 0 [pid 355] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 354] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 354] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] set_robust_list(0x7f3c047589e0, 24) = 0 [ 26.501180][ T355] ext4 filesystem being mounted at /root/syzkaller.XlkTr1/1/file0 supports timestamps until 2038 (0x7fffffff) [ 26.519741][ T357] EXT4-fs (loop5): re-mounted. Opts: (null). Quota mode: writeback. [ 26.529568][ T356] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback. [ 26.540776][ T354] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback. [ 26.543588][ T356] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 26.560046][ T358] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback. [pid 373] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 348] <... futex resumed>) = 0 [pid 347] <... futex resumed>) = 0 [pid 358] <... fsconfig resumed>) = 0 [pid 358] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 358] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 348] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 354] <... futex resumed>) = 0 [pid 348] <... futex resumed>) = 1 [pid 354] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 348] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 353] <... futex resumed>) = 0 [pid 352] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 347] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 352] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c04738000 [pid 352] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 352] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[374], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 374 [pid 352] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 352] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 374 attached [pid 374] set_robust_list(0x7f3c047589e0, 24) = 0 [pid 374] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 351] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 351] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... futex resumed>) = 0 [pid 351] <... futex resumed>) = 1 [pid 357] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 351] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 353] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... futex resumed>) = 0 [pid 353] <... futex resumed>) = 1 [pid 358] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 353] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 357] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 355] <... futex resumed>) = 0 [pid 347] <... futex resumed>) = 1 [pid 357] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 355] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 357] <... futex resumed>) = 1 [pid 351] <... futex resumed>) = 0 [pid 357] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 351] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 351] <... futex resumed>) = 0 [pid 357] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... futex resumed>) = 0 [pid 351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 26.560635][ T373] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 26.569204][ T356] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 26.578789][ T354] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 26.585709][ T373] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 26.599482][ T358] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 26.602674][ T354] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [pid 357] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 374] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 347] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] <... futex resumed>) = 1 [pid 352] <... futex resumed>) = 0 [pid 374] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 352] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 352] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... umount2 resumed>) = 0 [pid 300] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 300] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 300] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 300] getdents64(4, 0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 374] <... openat resumed>) = 6 [pid 300] getdents64(4, [pid 374] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... getdents64 resumed>0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 374] <... futex resumed>) = 1 [pid 352] <... futex resumed>) = 0 [pid 300] close(4 [pid 374] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] <... close resumed>) = 0 [pid 300] rmdir("./1/file0") = 0 [pid 300] getdents64(3, 0x55555589f620 /* 0 entries */, 32768) = 0 [pid 300] close(3) = 0 [pid 300] rmdir("./1") = 0 [pid 300] mkdir("./2", 0777 [pid 355] <... fsconfig resumed>) = 0 [pid 300] <... mkdir resumed>) = 0 [pid 355] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 300] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 300] close(3) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555589e5d0) = 379 [pid 347] <... futex resumed>) = 0 [pid 348] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 347] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 348] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 347] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 348] <... futex resumed>) = 0 [pid 355] <... futex resumed>) = 0 [pid 355] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0./strace-static-x86_64: Process 379 attached [pid 373] <... fsconfig resumed>) = 0 [pid 358] <... fsconfig resumed>) = 0 [pid 348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 353] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 353] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 26.615479][ T358] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 26.620120][ T355] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback. [ 26.642834][ T358] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback. [ 26.651577][ T373] EXT4-fs (loop5): re-mounted. Opts: (null). Quota mode: writeback. [ 26.653370][ T355] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [pid 353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c04738000 [pid 353] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 353] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[380], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 380 [pid 353] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 353] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 380 attached [pid 379] set_robust_list(0x55555589e5e0, 24 [pid 373] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 354] <... fsconfig resumed>) = 0 [pid 351] exit_group(0 [pid 348] <... mmap resumed>) = 0x7f3c04738000 [pid 356] <... fsconfig resumed>) = 0 [pid 356] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 380] set_robust_list(0x7f3c047589e0, 24) = 0 [pid 380] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 379] <... set_robust_list resumed>) = 0 [pid 379] chdir("./2") = 0 [pid 379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 379] setpgid(0, 0) = 0 [pid 379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 379] write(3, "1000", 4) = 4 [pid 379] close(3) = 0 [pid 379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 379] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c0cb19000 [pid 379] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 379] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[381], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 381 [pid 379] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 358] <... futex resumed>) = 0 [pid 358] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 381 attached [pid 373] <... futex resumed>) = ? [pid 357] <... futex resumed>) = ? [pid 354] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 351] <... exit_group resumed>) = ? [pid 348] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE [pid 373] +++ exited with 0 +++ [pid 357] +++ exited with 0 +++ [pid 354] <... futex resumed>) = 0 [pid 381] set_robust_list(0x7f3c0cb399e0, 24) = 0 [pid 381] memfd_create("syzkaller", 0) = 3 [pid 381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 [pid 351] +++ exited with 0 +++ [pid 380] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 354] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 348] <... mprotect resumed>) = 0 [pid 303] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=351, si_uid=0, si_status=0, si_utime=0, si_stime=18} --- [pid 381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 380] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 352] exit_group(0 [pid 348] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 303] restart_syscall(<... resuming interrupted clone ...> [pid 380] <... futex resumed>) = 1 [pid 374] <... futex resumed>) = ? [pid 353] <... futex resumed>) = 0 [pid 352] <... exit_group resumed>) = ? [pid 303] <... restart_syscall resumed>) = 0 [pid 380] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 374] +++ exited with 0 +++ [pid 353] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 348] <... clone resumed>, parent_tid=[382], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 382 [pid 358] <... futex resumed>) = 0 [pid 353] <... futex resumed>) = 1 [pid 348] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 353] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 348] <... futex resumed>) = 0 [pid 348] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 382 attached [pid 382] set_robust_list(0x7f3c047589e0, 24 [pid 358] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 303] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 358] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] <... futex resumed>) = 1 [pid 303] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 358] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 353] <... futex resumed>) = 0 [pid 303] <... openat resumed>) = 3 [pid 381] <... write resumed>) = 262144 [pid 353] exit_group(0 [pid 303] fstat(3, [pid 381] munmap(0x7f3c04719000, 262144 [pid 303] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 380] <... futex resumed>) = ? [pid 358] <... futex resumed>) = ? [pid 353] <... exit_group resumed>) = ? [pid 303] getdents64(3, [pid 381] <... munmap resumed>) = 0 [pid 358] +++ exited with 0 +++ [pid 382] <... set_robust_list resumed>) = 0 [pid 381] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 380] +++ exited with 0 +++ [pid 356] <... futex resumed>) = ? [pid 347] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 303] <... getdents64 resumed>0x55555589f620 /* 4 entries */, 32768) = 112 [pid 303] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 303] lstat("./1/binderfs", [pid 353] +++ exited with 0 +++ [pid 303] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 303] unlink("./1/binderfs") = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=353, si_uid=0, si_status=0, si_utime=0, si_stime=18} --- [pid 303] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 381] <... openat resumed>) = 4 [pid 381] ioctl(4, LOOP_SET_FD, 3 [pid 382] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 356] +++ exited with 0 +++ [pid 355] <... fsconfig resumed>) = 0 [pid 352] +++ exited with 0 +++ [pid 347] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=352, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- [pid 299] <... restart_syscall resumed>) = 0 [pid 301] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 301] <... openat resumed>) = 3 [pid 299] <... openat resumed>) = 3 [pid 301] fstat(3, [pid 299] fstat(3, [pid 301] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 299] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 301] getdents64(3, [pid 299] getdents64(3, [pid 301] <... getdents64 resumed>0x55555589f620 /* 4 entries */, 32768) = 112 [pid 299] <... getdents64 resumed>0x55555589f620 /* 4 entries */, 32768) = 112 [pid 301] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] lstat("./1/binderfs", [pid 299] lstat("./1/binderfs", [pid 301] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 299] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 301] unlink("./1/binderfs" [ 26.659908][ T354] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback. [ 26.671989][ T356] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback. [ 26.677263][ T355] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 26.698740][ T380] syz-executor261 (380) used greatest stack depth: 21032 bytes left [ 26.707723][ T355] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback. [pid 299] unlink("./1/binderfs" [pid 301] <... unlink resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 301] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 347] <... futex resumed>) = 0 [pid 347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c04738000 [pid 347] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 381] <... ioctl resumed>) = 0 [pid 355] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 347] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 355] <... futex resumed>) = 0 ./strace-static-x86_64: Process 384 attached [pid 381] close(3 [pid 355] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 381] <... close resumed>) = 0 [pid 347] <... clone resumed>, parent_tid=[384], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 384 [pid 381] mkdir("./file0", 0777 [pid 347] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... mkdir resumed>) = 0 [pid 347] <... futex resumed>) = 0 [pid 381] mount("/dev/loop2", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 347] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] set_robust_list(0x7f3c047589e0, 24) = 0 [pid 384] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 382] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 382] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 348] <... futex resumed>) = 0 [pid 348] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 354] <... futex resumed>) = 0 [pid 348] <... futex resumed>) = 1 [pid 354] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 348] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] <... futex resumed>) = 1 [pid 382] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 354] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 354] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 348] <... futex resumed>) = 0 [pid 354] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 348] exit_group(0 [pid 354] <... futex resumed>) = ? [pid 348] <... exit_group resumed>) = ? [pid 354] +++ exited with 0 +++ [pid 382] <... futex resumed>) = ? [pid 382] +++ exited with 0 +++ [pid 348] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 298] getdents64(3, 0x55555589f620 /* 4 entries */, 32768) = 112 [pid 298] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 298] unlink("./1/binderfs") = 0 [pid 298] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 384] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 384] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 384] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 347] <... futex resumed>) = 0 [pid 347] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 347] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 26.708212][ T381] loop2: detected capacity change from 0 to 512 [ 26.726756][ T382] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 26.741456][ T384] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [pid 355] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EUCLEAN (Structure needs cleaning) [pid 355] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 347] <... futex resumed>) = 0 [pid 355] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 347] exit_group(0 [pid 384] <... futex resumed>) = ? [pid 347] <... exit_group resumed>) = ? [pid 355] <... futex resumed>) = ? [pid 384] +++ exited with 0 +++ [pid 355] +++ exited with 0 +++ [pid 347] +++ exited with 0 +++ [pid 302] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=347, si_uid=0, si_status=0, si_utime=0, si_stime=23} --- [pid 302] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 302] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 302] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 302] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 302] getdents64(3, 0x55555589f620 /* 4 entries */, 32768) = 112 [pid 302] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 302] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 302] unlink("./1/binderfs") = 0 [pid 302] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 303] <... umount2 resumed>) = 0 [pid 301] <... umount2 resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 299] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 301] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] getdents64(4, [pid 303] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... getdents64 resumed>0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 299] close(4 [pid 303] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] lstat("./1/file0", [pid 299] <... close resumed>) = 0 [pid 303] lstat("./1/file0", [pid 301] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 303] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 301] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 303] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 303] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 303] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 301] <... openat resumed>) = 4 [pid 303] <... openat resumed>) = 4 [pid 301] fstat(4, [pid 303] fstat(4, [pid 301] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 303] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 301] getdents64(4, [pid 303] getdents64(4, [pid 301] <... getdents64 resumed>0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 303] <... getdents64 resumed>0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 301] getdents64(4, [pid 303] getdents64(4, [pid 301] <... getdents64 resumed>0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 303] <... getdents64 resumed>0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 301] close(4 [pid 303] close(4 [pid 301] <... close resumed>) = 0 [pid 303] <... close resumed>) = 0 [pid 301] rmdir("./1/file0" [pid 303] rmdir("./1/file0" [pid 301] <... rmdir resumed>) = 0 [pid 303] <... rmdir resumed>) = 0 [pid 301] getdents64(3, [pid 299] rmdir("./1/file0" [pid 303] getdents64(3, [pid 301] <... getdents64 resumed>0x55555589f620 /* 0 entries */, 32768) = 0 [pid 303] <... getdents64 resumed>0x55555589f620 /* 0 entries */, 32768) = 0 [pid 301] close(3 [pid 303] close(3 [pid 301] <... close resumed>) = 0 [ 26.758039][ T355] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 26.773268][ T381] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 26.782810][ T381] System zones: 0-2, 18-18, 34-34 [ 26.794622][ T381] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 26.809826][ T381] EXT4-fs (loop2): 1 truncate cleaned up [pid 303] <... close resumed>) = 0 [pid 301] rmdir("./1" [pid 303] rmdir("./1" [pid 301] <... rmdir resumed>) = 0 [pid 303] <... rmdir resumed>) = 0 [pid 301] mkdir("./2", 0777 [pid 303] mkdir("./2", 0777 [pid 301] <... mkdir resumed>) = 0 [pid 303] <... mkdir resumed>) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 303] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 301] <... openat resumed>) = 3 [pid 303] <... openat resumed>) = 3 [pid 301] ioctl(3, LOOP_CLR_FD [pid 303] ioctl(3, LOOP_CLR_FD [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 303] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 301] close(3 [pid 303] close(3 [pid 301] <... close resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 303] <... close resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] getdents64(3, [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... getdents64 resumed>0x55555589f620 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./1" [pid 301] <... clone resumed>, child_tidptr=0x55555589e5d0) = 387 [pid 299] <... rmdir resumed>) = 0 [pid 303] <... clone resumed>, child_tidptr=0x55555589e5d0) = 388 [pid 299] mkdir("./2", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555589e5d0) = 389 ./strace-static-x86_64: Process 389 attached [pid 389] set_robust_list(0x55555589e5e0, 24) = 0 [pid 389] chdir("./2") = 0 [pid 389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 389] setpgid(0, 0) = 0 [pid 389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 389] write(3, "1000", 4) = 4 [pid 389] close(3) = 0 [pid 389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 389] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c0cb19000 [pid 389] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 389] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[390], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 390 [pid 389] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 390 attached ./strace-static-x86_64: Process 388 attached ./strace-static-x86_64: Process 387 attached [pid 381] <... mount resumed>) = 0 [pid 381] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 387] set_robust_list(0x55555589e5e0, 24 [pid 381] <... openat resumed>) = 3 [pid 390] set_robust_list(0x7f3c0cb399e0, 24 [pid 389] <... futex resumed>) = 0 [pid 388] set_robust_list(0x55555589e5e0, 24 [pid 387] <... set_robust_list resumed>) = 0 [pid 381] chdir("./file0" [pid 388] <... set_robust_list resumed>) = 0 [pid 387] chdir("./2" [pid 381] <... chdir resumed>) = 0 [pid 390] <... set_robust_list resumed>) = 0 [pid 389] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 388] chdir("./2" [pid 387] <... chdir resumed>) = 0 [pid 381] ioctl(4, LOOP_CLR_FD [pid 388] <... chdir resumed>) = 0 [pid 387] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 381] <... ioctl resumed>) = 0 [pid 388] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 387] <... prctl resumed>) = 0 [pid 381] close(4 [pid 388] <... prctl resumed>) = 0 [pid 387] setpgid(0, 0 [pid 381] <... close resumed>) = 0 [pid 388] setpgid(0, 0 [pid 387] <... setpgid resumed>) = 0 [pid 381] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 388] <... setpgid resumed>) = 0 [pid 387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 381] <... futex resumed>) = 1 [pid 379] <... futex resumed>) = 0 [pid 388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 387] <... openat resumed>) = 3 [pid 381] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 388] <... openat resumed>) = 3 [pid 387] write(3, "1000", 4 [pid 381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 379] <... futex resumed>) = 0 [pid 388] write(3, "1000", 4 [pid 387] <... write resumed>) = 4 [pid 381] fspick(AT_FDCWD, ".", 0 [pid 379] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... write resumed>) = 4 [pid 387] close(3 [pid 381] <... fspick resumed>) = 4 [pid 388] close(3 [pid 387] <... close resumed>) = 0 [pid 381] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 388] <... close resumed>) = 0 [pid 387] symlink("/dev/binderfs", "./binderfs" [pid 381] <... futex resumed>) = 1 [pid 379] <... futex resumed>) = 0 [pid 388] symlink("/dev/binderfs", "./binderfs" [pid 387] <... symlink resumed>) = 0 [pid 381] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 388] <... symlink resumed>) = 0 [pid 387] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 379] <... futex resumed>) = 0 [pid 388] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] <... futex resumed>) = 0 [pid 381] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 379] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... futex resumed>) = 0 [pid 387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 381] <... socket resumed>) = 5 [pid 388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 387] <... mmap resumed>) = 0x7f3c0cb19000 [pid 381] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 388] <... mmap resumed>) = 0x7f3c0cb19000 [pid 387] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE [pid 381] <... futex resumed>) = 1 [pid 379] <... futex resumed>) = 0 [pid 388] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE [pid 387] <... mprotect resumed>) = 0 [pid 381] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 388] <... mprotect resumed>) = 0 [pid 387] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 379] <... futex resumed>) = 0 [pid 388] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 381] sendmsg(5, NULL, 0 [pid 379] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 387] <... clone resumed>, parent_tid=[391], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 391 [pid 381] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 388] <... clone resumed>, parent_tid=[392], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 392 [pid 387] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 388] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] <... futex resumed>) = 0 [pid 381] <... futex resumed>) = 1 [pid 379] <... futex resumed>) = 0 [pid 388] <... futex resumed>) = 0 [pid 387] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 381] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 388] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 379] <... futex resumed>) = 0 [pid 381] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 379] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] <... fsconfig resumed>) = 0 [pid 381] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 381] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 379] <... futex resumed>) = 0 [pid 381] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 379] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] memfd_create("syzkaller", 0) = 3 [pid 390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 ./strace-static-x86_64: Process 391 attached ./strace-static-x86_64: Process 392 attached [pid 391] set_robust_list(0x7f3c0cb399e0, 24 [pid 392] set_robust_list(0x7f3c0cb399e0, 24 [pid 391] <... set_robust_list resumed>) = 0 [pid 391] memfd_create("syzkaller", 0 [pid 392] <... set_robust_list resumed>) = 0 [pid 392] memfd_create("syzkaller", 0) = 3 [pid 391] <... memfd_create resumed>) = 3 [pid 391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 391] <... mmap resumed>) = 0x7f3c04719000 [pid 392] <... mmap resumed>) = 0x7f3c04719000 [pid 391] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 381] <... fsconfig resumed>) = 0 [pid 392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 390] <... write resumed>) = 262144 [pid 381] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] munmap(0x7f3c04719000, 262144 [pid 381] <... futex resumed>) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... munmap resumed>) = 0 [pid 381] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 390] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 392] <... write resumed>) = 262144 [pid 392] munmap(0x7f3c04719000, 262144) = 0 [pid 392] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 26.816052][ T381] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 26.829703][ T381] ext4 filesystem being mounted at /root/syzkaller.HeKiwU/2/file0 supports timestamps until 2038 (0x7fffffff) [ 26.851172][ T381] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback. [pid 392] ioctl(4, LOOP_SET_FD, 3 [pid 391] <... write resumed>) = 262144 [pid 390] <... openat resumed>) = 4 [pid 391] munmap(0x7f3c04719000, 262144 [pid 390] ioctl(4, LOOP_SET_FD, 3 [pid 392] <... ioctl resumed>) = 0 [pid 391] <... munmap resumed>) = 0 [pid 390] <... ioctl resumed>) = 0 [pid 302] <... umount2 resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 391] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 391] ioctl(4, LOOP_SET_FD, 3 [pid 392] close(3 [pid 390] close(3 [pid 302] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 302] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 302] lstat("./1/file0", [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 302] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 298] lstat("./1/file0", [pid 302] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 302] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 302] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 302] <... openat resumed>) = 4 [pid 298] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 302] fstat(4, [pid 298] <... openat resumed>) = 4 [pid 302] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 298] fstat(4, [pid 302] getdents64(4, [pid 298] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 302] <... getdents64 resumed>0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, [pid 302] getdents64(4, [pid 298] <... getdents64 resumed>0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 302] <... getdents64 resumed>0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 298] getdents64(4, [pid 302] close(4 [pid 298] <... getdents64 resumed>0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 302] <... close resumed>) = 0 [pid 298] close(4 [pid 302] rmdir("./1/file0" [pid 392] <... close resumed>) = 0 [pid 391] <... ioctl resumed>) = 0 [pid 390] <... close resumed>) = 0 [pid 302] <... rmdir resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 390] mkdir("./file0", 0777 [pid 392] mkdir("./file0", 0777 [pid 391] close(3 [pid 302] getdents64(3, [pid 298] rmdir("./1/file0" [pid 390] <... mkdir resumed>) = 0 [pid 302] <... getdents64 resumed>0x55555589f620 /* 0 entries */, 32768) = 0 [pid 392] <... mkdir resumed>) = 0 [pid 391] <... close resumed>) = 0 [pid 390] mount("/dev/loop1", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 302] close(3 [pid 298] <... rmdir resumed>) = 0 [pid 302] <... close resumed>) = 0 [pid 298] getdents64(3, [pid 302] rmdir("./1" [pid 298] <... getdents64 resumed>0x55555589f620 /* 0 entries */, 32768) = 0 [pid 302] <... rmdir resumed>) = 0 [pid 298] close(3 [pid 302] mkdir("./2", 0777 [pid 298] <... close resumed>) = 0 [pid 302] <... mkdir resumed>) = 0 [pid 298] rmdir("./1" [pid 302] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] <... rmdir resumed>) = 0 [pid 302] <... openat resumed>) = 3 [pid 298] mkdir("./2", 0777 [pid 302] ioctl(3, LOOP_CLR_FD [pid 298] <... mkdir resumed>) = 0 [pid 302] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 302] close(3 [pid 298] <... openat resumed>) = 3 [pid 392] mount("/dev/loop5", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 302] <... close resumed>) = 0 [pid 298] ioctl(3, LOOP_CLR_FD [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 381] <... fsconfig resumed>) = 0 [pid 298] close(3 [pid 391] mkdir("./file0", 0777) = 0 [pid 391] mount("/dev/loop3", "./file0", "ext4", MS_NODEV, ",errors=continue"./strace-static-x86_64: Process 394 attached [pid 394] set_robust_list(0x55555589e5e0, 24) = 0 [pid 394] chdir("./2") = 0 [pid 394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 394] setpgid(0, 0) = 0 [pid 394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 394] write(3, "1000", 4) = 4 [pid 394] close(3) = 0 [pid 394] symlink("/dev/binderfs", "./binderfs") = 0 [pid 394] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c0cb19000 [pid 302] <... clone resumed>, child_tidptr=0x55555589e5d0) = 394 [pid 394] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 394] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 379] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 298] <... close resumed>) = 0 [pid 379] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 394] <... clone resumed>, parent_tid=[395], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 395 [pid 394] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 395 attached [pid 395] set_robust_list(0x7f3c0cb399e0, 24) = 0 [pid 379] <... futex resumed>) = 0 [pid 395] memfd_create("syzkaller", 0) = 3 [pid 379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] <... clone resumed>, child_tidptr=0x55555589e5d0) = 396 [pid 395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 [pid 379] <... mmap resumed>) = 0x7f3c04738000 [pid 379] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 379] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[397], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 397 [pid 379] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 395] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 396 attached [pid 396] set_robust_list(0x55555589e5e0, 24) = 0 [pid 396] chdir("./2") = 0 [pid 396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 396] setpgid(0, 0) = 0 [pid 396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 395] <... write resumed>) = 262144 [pid 396] write(3, "1000", 4) = 4 [pid 396] close(3) = 0 [pid 396] symlink("/dev/binderfs", "./binderfs") = 0 [pid 381] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c0cb19000 [pid 396] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 397 attached [pid 381] <... futex resumed>) = 0 [pid 397] set_robust_list(0x7f3c047589e0, 24 [pid 381] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 397] <... set_robust_list resumed>) = 0 [pid 396] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 395] munmap(0x7f3c04719000, 262144 [pid 397] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 395] <... munmap resumed>) = 0 [ 26.862027][ T381] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 26.865700][ T392] loop5: detected capacity change from 0 to 512 [ 26.872452][ T390] loop1: detected capacity change from 0 to 512 [ 26.883582][ T381] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 26.887036][ T391] loop3: detected capacity change from 0 to 512 [ 26.901837][ T381] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback. [pid 395] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 395] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 395] close(3) = 0 [pid 395] mkdir("./file0", 0777) = 0 [pid 395] mount("/dev/loop4", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 379] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 379] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = 0 [pid 379] <... futex resumed>) = 1 [pid 381] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 26.926712][ T392] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 26.928640][ T395] loop4: detected capacity change from 0 to 512 [ 26.935298][ T397] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 26.943432][ T392] System zones: 0-2, 18-18, 34-34 [ 26.956108][ T391] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 26.967989][ T391] System zones: 0-2, 18-18, 34-34 [pid 379] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 404 attached [pid 397] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 397] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] <... clone resumed>, parent_tid=[404], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 404 [pid 397] <... futex resumed>) = 0 [pid 396] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 396] <... futex resumed>) = 0 [pid 396] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 404] set_robust_list(0x7f3c0cb399e0, 24) = 0 [pid 404] memfd_create("syzkaller", 0) = 3 [pid 404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 [pid 404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 404] munmap(0x7f3c04719000, 262144) = 0 [pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 381] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 381] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 381] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] exit_group(0 [pid 397] <... futex resumed>) = ? [pid 381] <... futex resumed>) = ? [pid 379] <... exit_group resumed>) = ? [pid 397] +++ exited with 0 +++ [pid 381] +++ exited with 0 +++ [pid 379] +++ exited with 0 +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=379, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- [pid 300] restart_syscall(<... resuming interrupted clone ...> [pid 404] <... openat resumed>) = 4 [pid 404] ioctl(4, LOOP_SET_FD, 3 [pid 300] <... restart_syscall resumed>) = 0 [pid 404] <... ioctl resumed>) = 0 [pid 404] close(3) = 0 [pid 404] mkdir("./file0", 0777) = 0 [ 26.971502][ T392] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 26.973518][ T390] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 26.997620][ T391] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 26.998985][ T404] loop0: detected capacity change from 0 to 512 [ 27.012509][ T395] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [pid 404] mount("/dev/loop0", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 300] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 300] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 300] getdents64(3, 0x55555589f620 /* 4 entries */, 32768) = 112 [pid 300] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 27.019654][ T390] System zones: 0-2, 18-18, 34-34 [ 27.033050][ T390] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 27.033426][ T392] EXT4-fs (loop5): 1 truncate cleaned up [ 27.047613][ T395] System zones: 0-2, 18-18, 34-34 [ 27.058823][ T390] EXT4-fs (loop1): 1 truncate cleaned up [ 27.059179][ T391] EXT4-fs (loop3): 1 truncate cleaned up [pid 300] unlink("./2/binderfs") = 0 [pid 300] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 390] <... mount resumed>) = 0 [ 27.064629][ T390] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 27.080940][ T390] ext4 filesystem being mounted at /root/syzkaller.RmIcRO/2/file0 supports timestamps until 2038 (0x7fffffff) [ 27.082824][ T392] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 27.092837][ T391] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 27.104887][ T404] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [pid 390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 391] <... mount resumed>) = 0 [pid 390] chdir("./file0" [pid 391] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 390] <... chdir resumed>) = 0 [pid 391] chdir("./file0" [pid 390] ioctl(4, LOOP_CLR_FD [pid 391] <... chdir resumed>) = 0 [pid 390] <... ioctl resumed>) = 0 [pid 391] ioctl(4, LOOP_CLR_FD [pid 390] close(4 [pid 391] <... ioctl resumed>) = 0 [pid 391] close(4 [pid 390] <... close resumed>) = 0 [pid 391] <... close resumed>) = 0 [pid 390] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = 1 [pid 389] <... futex resumed>) = 0 [pid 391] <... futex resumed>) = 1 [pid 390] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 389] <... futex resumed>) = 0 [pid 390] fspick(AT_FDCWD, ".", 0 [pid 389] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... fspick resumed>) = 4 [pid 387] <... futex resumed>) = 0 [pid 390] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 389] <... futex resumed>) = 0 [pid 387] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 389] <... futex resumed>) = 0 [pid 390] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 389] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 391] <... futex resumed>) = 0 [pid 390] <... socket resumed>) = 5 [pid 387] <... futex resumed>) = 1 [pid 391] fspick(AT_FDCWD, ".", 0 [pid 390] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... fspick resumed>) = 4 [pid 390] <... futex resumed>) = 1 [pid 389] <... futex resumed>) = 0 [pid 387] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 391] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 389] <... futex resumed>) = 0 [pid 391] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 390] sendmsg(5, NULL, 0 [pid 389] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 390] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 390] <... futex resumed>) = 1 [pid 389] <... futex resumed>) = 0 [pid 390] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 389] <... futex resumed>) = 0 [pid 390] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 389] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... fsconfig resumed>) = 0 [pid 390] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 390] <... futex resumed>) = 1 [pid 389] <... futex resumed>) = 0 [pid 387] <... futex resumed>) = 1 [pid 391] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 390] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 391] <... socket resumed>) = 5 [pid 390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 389] <... futex resumed>) = 0 [pid 391] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [ 27.114292][ T391] ext4 filesystem being mounted at /root/syzkaller.xspvsY/2/file0 supports timestamps until 2038 (0x7fffffff) [ 27.134713][ T395] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 27.139251][ T404] System zones: [ 27.162737][ T390] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback. [pid 389] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 391] <... futex resumed>) = 1 [pid 387] <... futex resumed>) = 0 [pid 387] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 391] sendmsg(5, NULL, 0 [pid 392] <... mount resumed>) = 0 [pid 391] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 392] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 391] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... openat resumed>) = 3 [pid 391] <... futex resumed>) = 1 [pid 387] <... futex resumed>) = 0 [pid 387] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] chdir("./file0" [pid 391] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 392] <... chdir resumed>) = 0 [pid 391] <... fsconfig resumed>) = 0 [pid 392] ioctl(4, LOOP_CLR_FD [pid 391] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... ioctl resumed>) = 0 [pid 392] close(4 [pid 391] <... futex resumed>) = 1 [pid 387] <... futex resumed>) = 0 [pid 300] <... umount2 resumed>) = 0 [pid 387] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 300] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 300] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 300] getdents64(4, 0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 300] getdents64(4, 0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 300] close(4) = 0 [pid 300] rmdir("./2/file0") = 0 [pid 300] getdents64(3, [pid 391] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 300] <... getdents64 resumed>0x55555589f620 /* 0 entries */, 32768) = 0 [pid 392] <... close resumed>) = 0 [pid 300] close(3) = 0 [pid 300] rmdir("./2" [pid 392] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... rmdir resumed>) = 0 [pid 392] <... futex resumed>) = 1 [pid 388] <... futex resumed>) = 0 [pid 300] mkdir("./3", 0777 [pid 392] fspick(AT_FDCWD, ".", 0 [pid 388] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... fspick resumed>) = 4 [pid 388] <... futex resumed>) = 0 [pid 300] <... mkdir resumed>) = 0 [pid 392] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 388] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 392] <... futex resumed>) = 0 [pid 388] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] <... openat resumed>) = 3 [pid 392] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 388] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] ioctl(3, LOOP_CLR_FD [pid 392] <... socket resumed>) = 5 [pid 389] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 388] <... futex resumed>) = 0 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 392] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 389] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 388] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] <... futex resumed>) = 0 [pid 389] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 388] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] close(3 [pid 388] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] <... close resumed>) = 0 [pid 388] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555589e5d0) = 411 [pid 390] <... fsconfig resumed>) = 0 [pid 390] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 411 attached [pid 411] set_robust_list(0x55555589e5e0, 24) = 0 [pid 411] chdir("./3") = 0 [pid 411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 411] setpgid(0, 0) = 0 [pid 411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 411] write(3, "1000", 4) = 4 [pid 411] close(3 [pid 392] sendmsg(5, NULL, 0 [pid 411] <... close resumed>) = 0 [pid 392] <... sendmsg resumed>) = -1 EFAULT (Bad address) [ 27.174351][ T392] ext4 filesystem being mounted at /root/syzkaller.ocl8L5/2/file0 supports timestamps until 2038 (0x7fffffff) [ 27.180695][ T404] 0-2 [ 27.189569][ T404] , 18-18, 34-34 [ 27.200539][ T391] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback. [ 27.212902][ T404] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [pid 389] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] symlink("/dev/binderfs", "./binderfs") = 0 [pid 411] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 392] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = 0 [pid 389] <... futex resumed>) = 1 [pid 392] <... futex resumed>) = 1 [pid 390] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 389] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... futex resumed>) = 0 [pid 411] <... mmap resumed>) = 0x7f3c0cb19000 [pid 392] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 388] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE [pid 392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 388] <... futex resumed>) = 0 [pid 411] <... mprotect resumed>) = 0 [pid 392] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 388] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 392] <... fsconfig resumed>) = 0 [pid 392] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 392] <... futex resumed>) = 1 [pid 388] <... futex resumed>) = 0 [pid 387] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 388] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] <... futex resumed>) = 0 [pid 392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 388] <... futex resumed>) = 0 [pid 387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 392] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 388] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 387] <... mmap resumed>) = 0x7f3c04738000 [pid 387] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 387] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[413], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 413 [pid 387] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] <... clone resumed>, parent_tid=[412], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 412 [pid 411] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 412 attached [pid 412] set_robust_list(0x7f3c0cb399e0, 24) = 0 [pid 412] memfd_create("syzkaller", 0) = 3 [pid 412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 [pid 412] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 391] <... fsconfig resumed>) = 0 [pid 391] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 412] munmap(0x7f3c04719000, 262144) = 0 ./strace-static-x86_64: Process 413 attached [pid 412] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 395] <... mount resumed>) = 0 [pid 413] set_robust_list(0x7f3c047589e0, 24 [pid 412] <... openat resumed>) = 4 [pid 395] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 392] <... fsconfig resumed>) = 0 [pid 413] <... set_robust_list resumed>) = 0 [ 27.227861][ T395] EXT4-fs (loop4): 1 truncate cleaned up [ 27.230864][ T390] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 27.233579][ T395] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 27.254073][ T395] ext4 filesystem being mounted at /root/syzkaller.XlkTr1/2/file0 supports timestamps until 2038 (0x7fffffff) [ 27.266617][ T392] EXT4-fs (loop5): re-mounted. Opts: (null). Quota mode: writeback. [pid 412] ioctl(4, LOOP_SET_FD, 3 [pid 395] <... openat resumed>) = 3 [pid 392] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 413] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 395] chdir("./file0" [pid 392] <... futex resumed>) = 1 [pid 412] <... ioctl resumed>) = 0 [pid 395] <... chdir resumed>) = 0 [pid 392] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 388] <... futex resumed>) = 0 [pid 412] close(3 [pid 395] ioctl(4, LOOP_CLR_FD [pid 412] <... close resumed>) = 0 [pid 395] <... ioctl resumed>) = 0 [pid 412] mkdir("./file0", 0777 [pid 395] close(4 [pid 412] <... mkdir resumed>) = 0 [pid 395] <... close resumed>) = 0 [pid 412] mount("/dev/loop2", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 395] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 394] <... futex resumed>) = 0 [pid 395] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 394] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 394] <... futex resumed>) = 0 [pid 395] fspick(AT_FDCWD, ".", 0 [pid 394] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 395] <... fspick resumed>) = 4 [pid 395] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 394] <... futex resumed>) = 0 [pid 395] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 394] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 394] <... futex resumed>) = 0 [pid 395] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 394] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 395] <... socket resumed>) = 5 [pid 395] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 394] <... futex resumed>) = 0 [pid 395] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 394] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 394] <... futex resumed>) = 0 [pid 395] sendmsg(5, NULL, 0 [pid 394] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 395] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 395] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 394] <... futex resumed>) = 0 [pid 395] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 394] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 394] <... futex resumed>) = 0 [pid 395] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 394] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 395] <... fsconfig resumed>) = 0 [pid 395] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 394] <... futex resumed>) = 0 [pid 395] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 394] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 394] <... futex resumed>) = 0 [pid 395] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 394] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 389] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c04738000 [pid 389] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 389] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[415], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 415 [pid 389] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 27.266654][ T390] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 27.284025][ T412] loop2: detected capacity change from 0 to 512 [ 27.284226][ T404] EXT4-fs (loop0): 1 truncate cleaned up [ 27.290364][ T413] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 27.296134][ T404] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 27.311058][ T392] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [pid 389] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... futex resumed>) = 0 [pid 388] <... futex resumed>) = 1 [pid 392] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 388] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 387] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) ./strace-static-x86_64: Process 415 attached [pid 404] <... mount resumed>) = 0 [pid 390] <... fsconfig resumed>) = 0 [pid 387] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] set_robust_list(0x7f3c047589e0, 24 [pid 404] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 391] <... futex resumed>) = 0 [pid 390] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] <... futex resumed>) = 1 [pid 415] <... set_robust_list resumed>) = 0 [pid 404] <... openat resumed>) = 3 [pid 391] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 390] <... futex resumed>) = 0 [pid 387] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 404] chdir("./file0" [pid 391] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 390] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 415] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 404] <... chdir resumed>) = 0 [pid 391] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] ioctl(4, LOOP_CLR_FD [pid 391] <... futex resumed>) = 1 [pid 387] <... futex resumed>) = 0 [pid 415] <... futex resumed>) = 1 [pid 404] <... ioctl resumed>) = 0 [pid 394] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 391] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] <... futex resumed>) = 0 [pid 387] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 404] close(4 [pid 391] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 387] <... futex resumed>) = 0 [pid 404] <... close resumed>) = 0 [pid 395] <... fsconfig resumed>) = 0 [pid 394] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 389] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 388] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 387] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 394] <... futex resumed>) = 0 [pid 391] <... openat resumed>) = 6 [pid 388] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... futex resumed>) = 1 [pid 396] <... futex resumed>) = 0 [pid 395] <... futex resumed>) = 0 [pid 394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 391] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = 0 [pid 389] <... futex resumed>) = 1 [pid 388] <... futex resumed>) = 0 [pid 404] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 396] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 394] <... mmap resumed>) = 0x7f3c04738000 [pid 391] <... futex resumed>) = 1 [pid 390] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 389] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 387] <... futex resumed>) = 0 [pid 404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 396] <... futex resumed>) = 0 [pid 394] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE [pid 391] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 390] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 388] <... mmap resumed>) = 0x7f3c04738000 [pid 404] fspick(AT_FDCWD, ".", 0 [pid 396] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] <... mprotect resumed>) = 0 [pid 390] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 388] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE [pid 404] <... fspick resumed>) = 4 [pid 394] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 390] <... futex resumed>) = 1 [ 27.320124][ T390] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback. [ 27.332824][ T404] ext4 filesystem being mounted at /root/syzkaller.iUXvEJ/2/file0 supports timestamps until 2038 (0x7fffffff) [ 27.332988][ T413] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 27.344735][ T392] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 27.352398][ T395] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback. [pid 389] <... futex resumed>) = 0 [pid 388] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 419 attached [pid 404] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] exit_group(0 [pid 419] set_robust_list(0x7f3c047589e0, 24 [pid 394] <... clone resumed>, parent_tid=[419], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 419 [pid 389] <... exit_group resumed>) = ? [pid 419] <... set_robust_list resumed>) = 0 [pid 394] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 419] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 394] <... futex resumed>) = 0 [pid 394] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 404] <... futex resumed>) = 1 [pid 390] <... futex resumed>) = ? [pid 396] <... futex resumed>) = 0 [pid 415] <... futex resumed>) = ? [pid 404] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 396] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] +++ exited with 0 +++ [pid 396] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 421 attached [pid 421] set_robust_list(0x7f3c047589e0, 24 [pid 415] +++ exited with 0 +++ [pid 389] +++ exited with 0 +++ [pid 404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 404] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=389, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 404] <... socket resumed>) = 5 [pid 404] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... fsconfig resumed>) = 0 [pid 388] <... clone resumed>, parent_tid=[421], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 421 [pid 299] <... restart_syscall resumed>) = 0 [pid 421] <... set_robust_list resumed>) = 0 [pid 421] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 404] <... futex resumed>) = 1 [pid 396] <... futex resumed>) = 0 [pid 392] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [ 27.379947][ T412] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 27.380750][ T419] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 27.387810][ T412] System zones: [ 27.399113][ T392] EXT4-fs (loop5): re-mounted. Opts: (null). Quota mode: writeback. [ 27.399160][ T419] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 27.402644][ T412] 0-2 [pid 388] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... futex resumed>) = 0 [pid 404] sendmsg(5, NULL, 0 [pid 396] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... futex resumed>) = 0 [pid 388] <... futex resumed>) = 1 [pid 413] <... fsconfig resumed>) = 0 [pid 413] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 413] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 387] exit_group(0) = ? [pid 413] <... futex resumed>) = ? [pid 413] +++ exited with 0 +++ [pid 421] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EUCLEAN (Structure needs cleaning) [pid 421] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 404] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 404] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 396] <... futex resumed>) = 1 [pid 404] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 396] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 396] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... futex resumed>) = 0 [pid 396] <... futex resumed>) = 1 [pid 404] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 396] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... fsconfig resumed>) = 0 [pid 404] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 396] <... futex resumed>) = 0 [pid 404] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 396] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 388] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 388] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... futex resumed>) = 0 [pid 388] <... futex resumed>) = 1 [pid 392] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 388] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 392] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 391] <... futex resumed>) = ? [pid 299] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 394] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] <... futex resumed>) = 0 [pid 394] <... futex resumed>) = 1 [pid 395] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 394] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] <... futex resumed>) = 1 [pid 388] <... futex resumed>) = 0 [pid 392] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 388] exit_group(0 [pid 421] <... futex resumed>) = ? [pid 392] <... futex resumed>) = ? [pid 388] <... exit_group resumed>) = ? [pid 421] +++ exited with 0 +++ [pid 392] +++ exited with 0 +++ [pid 388] +++ exited with 0 +++ [pid 303] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=388, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- [pid 303] restart_syscall(<... resuming interrupted clone ...> [pid 391] +++ exited with 0 +++ [pid 387] +++ exited with 0 +++ [pid 303] <... restart_syscall resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=387, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- [pid 303] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] restart_syscall(<... resuming interrupted clone ...> [pid 303] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... restart_syscall resumed>) = 0 [ 27.412679][ T413] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 27.418271][ T412] , 18-18 [ 27.421959][ T413] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback. [ 27.434869][ T412] , 34-34 [ 27.445652][ T404] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback. [ 27.449479][ T412] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 27.470828][ T419] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback. [pid 303] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 303] fstat(3, [pid 301] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 303] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 303] getdents64(3, [pid 301] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 303] <... getdents64 resumed>0x55555589f620 /* 4 entries */, 32768) = 112 [pid 301] <... openat resumed>) = 3 [pid 303] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] fstat(3, [pid 303] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 303] lstat("./2/binderfs", [pid 301] getdents64(3, [pid 303] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 301] <... getdents64 resumed>0x55555589f620 /* 4 entries */, 32768) = 112 [pid 303] unlink("./2/binderfs" [pid 301] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 303] <... unlink resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 303] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 396] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 394] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 301] unlink("./2/binderfs" [pid 299] fstat(3, [pid 396] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 394] futex(0x7f3c0cc127cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] <... futex resumed>) = 0 [pid 394] <... futex resumed>) = 0 [pid 301] <... unlink resumed>) = 0 [pid 396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 396] <... mmap resumed>) = 0x7f3c04738000 [pid 394] <... mmap resumed>) = 0x7f3c04717000 [pid 301] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 396] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE [pid 394] mprotect(0x7f3c04718000, 131072, PROT_READ|PROT_WRITE [pid 396] <... mprotect resumed>) = 0 [pid 394] <... mprotect resumed>) = 0 [pid 396] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 394] clone(child_stack=0x7f3c047373f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 396] <... clone resumed>, parent_tid=[423], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 423 [pid 394] <... clone resumed>, parent_tid=[424], tls=0x7f3c04737700, child_tidptr=0x7f3c047379d0) = 424 [pid 396] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 394] futex(0x7f3c0cc127c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] <... futex resumed>) = 0 [pid 394] <... futex resumed>) = 0 [pid 396] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 394] futex(0x7f3c0cc127cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... fsconfig resumed>) = 0 [pid 404] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 419] <... fsconfig resumed>) = 0 [pid 419] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 419] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 395] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 395] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 299] getdents64(3, 0x55555589f620 /* 4 entries */, 32768) = 112 [pid 299] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 299] unlink("./2/binderfs") = 0 [pid 299] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 423 attached [pid 423] set_robust_list(0x7f3c047589e0, 24) = 0 [ 27.479220][ T412] EXT4-fs (loop2): 1 truncate cleaned up [ 27.484951][ T412] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 27.485004][ T395] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 27.495848][ T412] ext4 filesystem being mounted at /root/syzkaller.HeKiwU/3/file0 supports timestamps until 2038 (0x7fffffff) [pid 423] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0./strace-static-x86_64: Process 424 attached [pid 412] <... mount resumed>) = 0 [pid 424] set_robust_list(0x7f3c047379e0, 24) = 0 [pid 424] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EUCLEAN (Structure needs cleaning) [pid 424] futex(0x7f3c0cc127cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 394] <... futex resumed>) = 0 [pid 394] exit_group(0 [pid 419] <... futex resumed>) = ? [pid 394] <... exit_group resumed>) = ? [pid 419] +++ exited with 0 +++ [pid 424] +++ exited with 0 +++ [pid 412] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 412] chdir("./file0") = 0 [pid 412] ioctl(4, LOOP_CLR_FD) = 0 [pid 412] close(4) = 0 [pid 395] <... futex resumed>) = ? [pid 395] +++ exited with 0 +++ [pid 394] +++ exited with 0 +++ [pid 302] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=394, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- [pid 302] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 302] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 302] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 302] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 302] getdents64(3, 0x55555589f620 /* 4 entries */, 32768) = 112 [pid 302] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 302] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 302] unlink("./2/binderfs") = 0 [pid 302] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 412] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... futex resumed>) = 0 [pid 412] <... futex resumed>) = 1 [pid 411] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 412] fspick(AT_FDCWD, ".", 0) = 4 [pid 412] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... futex resumed>) = 0 [pid 411] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 412] <... futex resumed>) = 1 [pid 412] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 412] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... futex resumed>) = 0 [pid 411] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 412] <... futex resumed>) = 1 [pid 412] sendmsg(5, NULL, 0) = -1 EFAULT (Bad address) [pid 412] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... futex resumed>) = 0 [pid 411] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 412] <... futex resumed>) = 1 [pid 412] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 412] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... futex resumed>) = 0 [pid 411] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 412] <... futex resumed>) = 1 [pid 412] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 303] <... umount2 resumed>) = 0 [pid 303] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 423] <... fsconfig resumed>) = 0 [pid 303] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 303] lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 303] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 303] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 303] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 303] getdents64(4, 0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 303] getdents64(4, 0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 303] close(4) = 0 [pid 303] rmdir("./2/file0") = 0 [pid 303] getdents64(3, 0x55555589f620 /* 0 entries */, 32768) = 0 [pid 303] close(3) = 0 [pid 303] rmdir("./2") = 0 [pid 303] mkdir("./3", 0777) = 0 [pid 303] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 396] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 396] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... openat resumed>) = 3 [pid 404] <... futex resumed>) = 0 [pid 396] <... futex resumed>) = 1 [pid 404] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 396] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 303] close(3) = 0 [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555589e5d0) = 426 [pid 423] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 426 attached [pid 299] <... umount2 resumed>) = 0 [pid 404] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 302] <... umount2 resumed>) = 0 [pid 301] <... umount2 resumed>) = 0 [pid 299] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 404] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 404] <... futex resumed>) = 1 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 404] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] lstat("./2/file0", [pid 301] lstat("./2/file0", [pid 299] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 301] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 299] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 301] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 396] <... futex resumed>) = 0 [pid 302] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... openat resumed>) = 4 [pid 299] <... openat resumed>) = 4 [pid 396] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 396] <... futex resumed>) = 1 [pid 302] lstat("./2/file0", [pid 404] <... futex resumed>) = 0 [pid 301] fstat(4, [pid 299] fstat(4, [pid 404] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 396] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 301] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 299] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 302] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 404] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 302] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] getdents64(4, [pid 299] getdents64(4, [pid 302] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 404] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... openat resumed>) = 4 [pid 301] <... getdents64 resumed>0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 299] <... getdents64 resumed>0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 302] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 302] getdents64(4, 0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 302] getdents64(4, 0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 301] getdents64(4, [pid 404] <... futex resumed>) = 1 [pid 396] <... futex resumed>) = 0 [pid 302] close(4 [pid 301] <... getdents64 resumed>0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 299] getdents64(4, [pid 412] <... fsconfig resumed>) = 0 [pid 404] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 396] exit_group(0 [pid 423] <... futex resumed>) = ? [pid 396] <... exit_group resumed>) = ? [pid 302] <... close resumed>) = 0 [pid 423] +++ exited with 0 +++ [pid 302] rmdir("./2/file0" [pid 412] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... futex resumed>) = ? [pid 302] <... rmdir resumed>) = 0 [pid 301] close(4 [pid 299] <... getdents64 resumed>0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 302] getdents64(3, [pid 301] <... close resumed>) = 0 [pid 299] close(4 [pid 302] <... getdents64 resumed>0x55555589f620 /* 0 entries */, 32768) = 0 [pid 404] +++ exited with 0 +++ [pid 396] +++ exited with 0 +++ [pid 412] <... futex resumed>) = 1 [pid 411] <... futex resumed>) = 0 [pid 302] close(3 [pid 301] rmdir("./2/file0" [pid 299] <... close resumed>) = 0 [pid 412] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 411] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... close resumed>) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 299] rmdir("./2/file0" [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=396, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- [pid 411] <... futex resumed>) = 0 [ 27.523100][ T423] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 27.535941][ T423] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 27.551604][ T423] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback. [ 27.556419][ T412] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback. [pid 302] rmdir("./2" [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 411] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] <... rmdir resumed>) = 0 [pid 298] <... restart_syscall resumed>) = 0 [pid 302] mkdir("./3", 0777) = 0 [pid 302] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 302] <... openat resumed>) = 3 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 302] ioctl(3, LOOP_CLR_FD [pid 298] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 302] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] <... openat resumed>) = 3 [pid 302] close(3 [pid 298] fstat(3, [pid 302] <... close resumed>) = 0 [pid 298] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] getdents64(3, 0x55555589f620 /* 4 entries */, 32768) = 112 [pid 302] <... clone resumed>, child_tidptr=0x55555589e5d0) = 427 [pid 298] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 298] unlink("./2/binderfs") = 0 [pid 298] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 427 attached [pid 427] set_robust_list(0x55555589e5e0, 24) = 0 [pid 427] chdir("./3") = 0 [pid 427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 301] getdents64(3, [pid 299] getdents64(3, [pid 426] set_robust_list(0x55555589e5e0, 24 [pid 301] <... getdents64 resumed>0x55555589f620 /* 0 entries */, 32768) = 0 [pid 426] <... set_robust_list resumed>) = 0 [pid 301] close(3 [pid 299] <... getdents64 resumed>0x55555589f620 /* 0 entries */, 32768) = 0 [pid 426] chdir("./3" [pid 427] setpgid(0, 0) = 0 [pid 427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 301] <... close resumed>) = 0 [pid 426] <... chdir resumed>) = 0 [pid 299] close(3 [pid 426] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 301] rmdir("./2" [pid 299] <... close resumed>) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 426] <... prctl resumed>) = 0 [pid 301] mkdir("./3", 0777 [pid 299] rmdir("./2" [pid 427] <... openat resumed>) = 3 [pid 427] write(3, "1000", 4) = 4 [pid 427] close(3) = 0 [pid 427] symlink("/dev/binderfs", "./binderfs") = 0 [pid 427] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c0cb19000 [pid 427] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 427] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[428], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 428 [pid 427] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 428 attached [pid 428] set_robust_list(0x7f3c0cb399e0, 24) = 0 [pid 428] memfd_create("syzkaller", 0) = 3 [pid 428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 299] <... rmdir resumed>) = 0 [pid 301] <... mkdir resumed>) = 0 [pid 299] mkdir("./3", 0777 [pid 428] <... mmap resumed>) = 0x7f3c04719000 [pid 428] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 428] munmap(0x7f3c04719000, 262144) = 0 [pid 428] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 428] ioctl(4, LOOP_SET_FD, 3 [pid 299] <... mkdir resumed>) = 0 [pid 426] setpgid(0, 0 [pid 301] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 299] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 426] <... setpgid resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 301] <... openat resumed>) = 3 [pid 426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 301] ioctl(3, LOOP_CLR_FD [pid 299] ioctl(3, LOOP_CLR_FD [pid 426] <... openat resumed>) = 3 [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 428] <... ioctl resumed>) = 0 [pid 426] write(3, "1000", 4 [pid 301] close(3 [pid 299] close(3 [pid 428] close(3 [pid 426] <... write resumed>) = 4 [pid 301] <... close resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 428] <... close resumed>) = 0 [pid 428] mkdir("./file0", 0777) = 0 [pid 428] mount("/dev/loop4", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 426] close(3) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 426] symlink("/dev/binderfs", "./binderfs") = 0 [pid 301] <... clone resumed>, child_tidptr=0x55555589e5d0) = 430 [pid 426] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... clone resumed>, child_tidptr=0x55555589e5d0) = 431 [pid 426] <... futex resumed>) = 0 [pid 426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c0cb19000 [pid 426] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 426] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[432], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 432 [pid 426] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 432 attached [pid 432] set_robust_list(0x7f3c0cb399e0, 24) = 0 [pid 432] memfd_create("syzkaller", 0) = 3 [pid 432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 ./strace-static-x86_64: Process 431 attached ./strace-static-x86_64: Process 430 attached [ 27.587908][ T412] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 27.602047][ T412] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 27.619158][ T428] loop4: detected capacity change from 0 to 512 [pid 431] set_robust_list(0x55555589e5e0, 24 [pid 411] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 411] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 431] <... set_robust_list resumed>) = 0 [pid 430] set_robust_list(0x55555589e5e0, 24 [pid 411] <... futex resumed>) = 0 [pid 431] chdir("./3" [pid 430] <... set_robust_list resumed>) = 0 [pid 412] <... fsconfig resumed>) = 0 [pid 431] <... chdir resumed>) = 0 [pid 431] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 430] chdir("./3" [pid 412] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 431] <... prctl resumed>) = 0 [pid 430] <... chdir resumed>) = 0 [pid 412] <... futex resumed>) = 0 [pid 431] setpgid(0, 0 [pid 430] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 412] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 431] <... setpgid resumed>) = 0 [pid 430] <... prctl resumed>) = 0 [pid 432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 430] setpgid(0, 0 [pid 411] <... mmap resumed>) = 0x7f3c04738000 [pid 431] <... openat resumed>) = 3 [pid 430] <... setpgid resumed>) = 0 [pid 431] write(3, "1000", 4) = 4 [pid 430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 411] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE [pid 431] close(3) = 0 [pid 430] <... openat resumed>) = 3 [pid 411] <... mprotect resumed>) = 0 [pid 431] symlink("/dev/binderfs", "./binderfs" [pid 430] write(3, "1000", 4 [pid 431] <... symlink resumed>) = 0 [pid 430] <... write resumed>) = 4 [pid 411] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 431] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] close(3 [pid 431] <... futex resumed>) = 0 [pid 430] <... close resumed>) = 0 [pid 431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 430] symlink("/dev/binderfs", "./binderfs" [pid 431] <... mmap resumed>) = 0x7f3c0cb19000 [pid 431] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE [pid 430] <... symlink resumed>) = 0 ./strace-static-x86_64: Process 435 attached [pid 432] <... write resumed>) = 262144 [pid 431] <... mprotect resumed>) = 0 [pid 430] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... clone resumed>, parent_tid=[435], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 435 [pid 431] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 430] <... futex resumed>) = 0 [pid 411] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 411] <... futex resumed>) = 0 [pid 411] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 436 attached [pid 436] set_robust_list(0x7f3c0cb399e0, 24) = 0 [pid 436] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 435] set_robust_list(0x7f3c047589e0, 24) = 0 [pid 435] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EUCLEAN (Structure needs cleaning) [pid 435] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... futex resumed>) = 0 [pid 411] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 411] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] <... futex resumed>) = 1 [pid 435] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 432] munmap(0x7f3c04719000, 262144) = 0 [pid 432] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 432] ioctl(4, LOOP_SET_FD, 3 [pid 431] <... clone resumed>, parent_tid=[436], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 436 [pid 430] <... mmap resumed>) = 0x7f3c0cb19000 [pid 432] <... ioctl resumed>) = 0 [pid 431] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE [pid 412] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 432] close(3) = 0 [pid 432] mkdir("./file0", 0777) = 0 [pid 432] mount("/dev/loop5", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 431] <... futex resumed>) = 1 [pid 430] <... mprotect resumed>) = 0 [pid 412] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 298] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 436] <... futex resumed>) = 0 [pid 436] memfd_create("syzkaller", 0) = 3 [pid 436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 [pid 431] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 430] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 412] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 412] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 437 attached [pid 436] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 430] <... clone resumed>, parent_tid=[437], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 437 [pid 412] <... futex resumed>) = 1 [pid 411] <... futex resumed>) = 0 [pid 298] lstat("./2/file0", [pid 430] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 412] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 411] exit_group(0 [pid 298] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 437] set_robust_list(0x7f3c0cb399e0, 24 [pid 436] <... write resumed>) = 262144 [pid 435] <... futex resumed>) = ? [ 27.637064][ T412] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback. [ 27.649372][ T428] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 27.658309][ T432] loop5: detected capacity change from 0 to 512 [ 27.664722][ T428] System zones: 0-2, 18-18, 34-34 [ 27.670880][ T428] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [pid 430] <... futex resumed>) = 0 [pid 411] <... exit_group resumed>) = ? [pid 435] +++ exited with 0 +++ [pid 436] munmap(0x7f3c04719000, 262144 [pid 430] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 412] <... futex resumed>) = ? [pid 298] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 436] <... munmap resumed>) = 0 [pid 412] +++ exited with 0 +++ [pid 411] +++ exited with 0 +++ [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 437] <... set_robust_list resumed>) = 0 [pid 436] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=411, si_uid=0, si_status=0, si_utime=0, si_stime=18} --- [pid 298] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 437] memfd_create("syzkaller", 0 [pid 436] <... openat resumed>) = 4 [pid 298] <... openat resumed>) = 4 [pid 437] <... memfd_create resumed>) = 3 [pid 436] ioctl(4, LOOP_SET_FD, 3 [pid 298] fstat(4, [pid 437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 300] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 437] <... mmap resumed>) = 0x7f3c04719000 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] getdents64(4, [pid 437] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 300] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... getdents64 resumed>0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 300] <... openat resumed>) = 3 [pid 298] getdents64(4, [pid 300] fstat(3, [pid 298] <... getdents64 resumed>0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 300] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 298] close(4 [pid 300] getdents64(3, [pid 298] <... close resumed>) = 0 [pid 300] <... getdents64 resumed>0x55555589f620 /* 4 entries */, 32768) = 112 [pid 298] rmdir("./2/file0" [pid 300] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... rmdir resumed>) = 0 [pid 437] <... write resumed>) = 262144 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] getdents64(3, [pid 300] lstat("./3/binderfs", [pid 298] <... getdents64 resumed>0x55555589f620 /* 0 entries */, 32768) = 0 [pid 300] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 298] close(3 [pid 300] unlink("./3/binderfs" [pid 298] <... close resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 298] rmdir("./2" [pid 437] munmap(0x7f3c04719000, 262144 [pid 436] <... ioctl resumed>) = 0 [pid 428] <... mount resumed>) = 0 [pid 300] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 436] close(3 [pid 428] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 436] <... close resumed>) = 0 [pid 428] <... openat resumed>) = 3 [pid 436] mkdir("./file0", 0777 [pid 428] chdir("./file0" [pid 298] <... rmdir resumed>) = 0 [pid 436] <... mkdir resumed>) = 0 [pid 428] <... chdir resumed>) = 0 [pid 436] mount("/dev/loop1", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 428] ioctl(4, LOOP_CLR_FD) = 0 [pid 428] close(4) = 0 [pid 428] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 437] <... munmap resumed>) = 0 [pid 437] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 437] ioctl(4, LOOP_SET_FD, 3 [pid 427] <... futex resumed>) = 0 [pid 298] mkdir("./3", 0777 [pid 427] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 437] <... ioctl resumed>) = 0 [pid 298] <... mkdir resumed>) = 0 [ 27.687534][ T428] EXT4-fs (loop4): 1 truncate cleaned up [ 27.693157][ T428] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 27.696568][ T436] loop1: detected capacity change from 0 to 512 [ 27.704475][ T428] ext4 filesystem being mounted at /root/syzkaller.XlkTr1/3/file0 supports timestamps until 2038 (0x7fffffff) [ 27.722851][ T432] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 27.728267][ T437] loop3: detected capacity change from 0 to 512 [pid 428] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = 1 [pid 298] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 427] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... openat resumed>) = 3 [pid 428] fspick(AT_FDCWD, ".", 0) = 4 [pid 428] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 437] close(3) = 0 [pid 437] mkdir("./file0", 0777) = 0 [pid 437] mount("/dev/loop3", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555589e5d0) = 440 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = 1 [pid 428] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 427] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] <... socket resumed>) = 5 [pid 428] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 428] sendmsg(5, NULL, 0 [pid 427] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 427] <... futex resumed>) = 0 [pid 428] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 428] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 427] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] <... fsconfig resumed>) = 0 [pid 427] <... futex resumed>) = 0 [pid 428] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 428] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 427] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 440 attached [pid 427] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] set_robust_list(0x55555589e5e0, 24) = 0 [pid 440] chdir("./3") = 0 [pid 440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 440] setpgid(0, 0) = 0 [pid 440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 428] <... fsconfig resumed>) = 0 [pid 440] <... openat resumed>) = 3 [pid 440] write(3, "1000", 4 [pid 428] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... write resumed>) = 4 [pid 428] <... futex resumed>) = 1 [pid 427] <... futex resumed>) = 0 [pid 440] close(3 [pid 428] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 427] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... close resumed>) = 0 [pid 428] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 427] <... futex resumed>) = 0 [pid 440] symlink("/dev/binderfs", "./binderfs" [pid 428] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 427] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... symlink resumed>) = 0 [ 27.737741][ T432] System zones: 0-2, 18-18, 34-34 [ 27.746014][ T428] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback. [ 27.755361][ T437] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 27.756132][ T428] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 27.763801][ T432] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [pid 440] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... umount2 resumed>) = 0 [pid 300] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 300] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 440] <... futex resumed>) = 0 [pid 300] <... openat resumed>) = 4 [pid 440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 300] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 300] getdents64(4, 0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 300] getdents64(4, [pid 440] <... mmap resumed>) = 0x7f3c0cb19000 [pid 300] <... getdents64 resumed>0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 440] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE [pid 300] close(4 [pid 440] <... mprotect resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 300] rmdir("./3/file0") = 0 [pid 300] getdents64(3, [pid 440] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 300] <... getdents64 resumed>0x55555589f620 /* 0 entries */, 32768) = 0 [pid 300] close(3 [pid 440] <... clone resumed>, parent_tid=[445], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 445 [pid 300] <... close resumed>) = 0 [pid 440] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] rmdir("./3" [pid 440] <... futex resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 440] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 300] mkdir("./4", 0777) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 300] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 300] close(3) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 445 attached , child_tidptr=0x55555589e5d0) = 446 [ 27.772654][ T436] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 27.787661][ T437] System zones: [ 27.794325][ T436] System zones: 0-2, 18-18, 34-34 [ 27.802895][ T437] 0-2, 18-18, 34-34 [ 27.807676][ T436] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 27.821712][ T428] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] ./strace-static-x86_64: Process 446 attached [pid 445] set_robust_list(0x7f3c0cb399e0, 24 [pid 446] set_robust_list(0x55555589e5e0, 24 [pid 427] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 446] <... set_robust_list resumed>) = 0 [pid 445] <... set_robust_list resumed>) = 0 [pid 427] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] chdir("./4" [pid 445] memfd_create("syzkaller", 0 [pid 427] <... futex resumed>) = 0 [pid 446] <... chdir resumed>) = 0 [pid 445] <... memfd_create resumed>) = 3 [pid 427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 446] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 427] <... mmap resumed>) = 0x7f3c04738000 [pid 446] <... prctl resumed>) = 0 [pid 445] <... mmap resumed>) = 0x7f3c04719000 [pid 427] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE [pid 446] setpgid(0, 0 [pid 445] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 427] <... mprotect resumed>) = 0 [pid 446] <... setpgid resumed>) = 0 [pid 445] <... write resumed>) = 262144 [pid 427] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 445] munmap(0x7f3c04719000, 262144 [pid 446] <... openat resumed>) = 3 [pid 445] <... munmap resumed>) = 0 [pid 427] <... clone resumed>, parent_tid=[447], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 447 [pid 446] write(3, "1000", 4 [pid 445] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 427] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] <... write resumed>) = 4 [pid 445] <... openat resumed>) = 4 [pid 427] <... futex resumed>) = 0 [pid 446] close(3 [ 27.825217][ T437] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 27.844405][ T436] EXT4-fs (loop1): 1 truncate cleaned up [ 27.849961][ T436] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 27.850044][ T436] ext4 filesystem being mounted at /root/syzkaller.RmIcRO/3/file0 supports timestamps until 2038 (0x7fffffff) [ 27.861855][ T432] EXT4-fs (loop5): 1 truncate cleaned up [ 27.877312][ T445] loop0: detected capacity change from 0 to 512 [pid 445] ioctl(4, LOOP_SET_FD, 3 [pid 427] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... close resumed>) = 0 [pid 446] symlink("/dev/binderfs", "./binderfs") = 0 [pid 446] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c0cb19000 [pid 446] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 446] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[449], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 449 [pid 446] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 445] <... ioctl resumed>) = 0 [pid 445] close(3) = 0 [pid 445] mkdir("./file0", 0777) = 0 [pid 445] mount("/dev/loop0", "./file0", "ext4", MS_NODEV, ",errors=continue"./strace-static-x86_64: Process 449 attached ./strace-static-x86_64: Process 447 attached [pid 436] <... mount resumed>) = 0 [pid 432] <... mount resumed>) = 0 [pid 428] <... fsconfig resumed>) = 0 [pid 447] set_robust_list(0x7f3c047589e0, 24 [pid 436] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 432] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 447] <... set_robust_list resumed>) = 0 [pid 436] <... openat resumed>) = 3 [pid 432] <... openat resumed>) = 3 [pid 447] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 436] chdir("./file0" [pid 432] chdir("./file0" [pid 436] <... chdir resumed>) = 0 [pid 432] <... chdir resumed>) = 0 [pid 436] ioctl(4, LOOP_CLR_FD [pid 432] ioctl(4, LOOP_CLR_FD [pid 436] <... ioctl resumed>) = 0 [pid 432] <... ioctl resumed>) = 0 [pid 436] close(4 [pid 432] close(4 [pid 436] <... close resumed>) = 0 [pid 432] <... close resumed>) = 0 [pid 428] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] <... futex resumed>) = 0 [pid 436] <... futex resumed>) = 1 [pid 432] <... futex resumed>) = 1 [pid 431] <... futex resumed>) = 0 [pid 428] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 436] fspick(AT_FDCWD, ".", 0 [pid 432] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 431] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] <... fspick resumed>) = 4 [pid 431] <... futex resumed>) = 0 [pid 436] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 431] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] <... futex resumed>) = 0 [pid 431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 436] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 431] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 431] <... futex resumed>) = 0 [pid 436] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 431] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 426] <... futex resumed>) = 0 [pid 436] <... socket resumed>) = 5 [pid 426] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 426] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 449] set_robust_list(0x7f3c0cb399e0, 24) = 0 [pid 449] memfd_create("syzkaller", 0) = 3 [pid 449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 [pid 449] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 27.878507][ T428] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback. [ 27.886306][ T432] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 27.902437][ T432] ext4 filesystem being mounted at /root/syzkaller.ocl8L5/3/file0 supports timestamps until 2038 (0x7fffffff) [ 27.903176][ T437] EXT4-fs (loop3): 1 truncate cleaned up [ 27.920957][ T447] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [pid 436] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 449] munmap(0x7f3c04719000, 262144) = 0 [pid 449] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 449] ioctl(4, LOOP_SET_FD, 3 [pid 447] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 436] <... futex resumed>) = 1 [pid 432] fspick(AT_FDCWD, ".", 0 [pid 431] <... futex resumed>) = 0 [pid 427] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 449] <... ioctl resumed>) = 0 [pid 449] close(3) = 0 [pid 449] mkdir("./file0", 0777) = 0 [pid 449] mount("/dev/loop2", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 431] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = 1 [pid 428] <... futex resumed>) = 0 [pid 427] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 437] <... mount resumed>) = 0 [pid 428] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 437] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 447] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 437] <... openat resumed>) = 3 [pid 436] sendmsg(5, NULL, 0 [pid 432] <... fspick resumed>) = 4 [pid 431] <... futex resumed>) = 0 [pid 437] chdir("./file0") = 0 [pid 437] ioctl(4, LOOP_CLR_FD) = 0 [pid 437] close(4) = 0 [pid 437] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 437] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 431] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 428] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = 0 [pid 427] exit_group(0) = ? [pid 428] <... futex resumed>) = ? [pid 428] +++ exited with 0 +++ [pid 447] <... futex resumed>) = ? [pid 447] +++ exited with 0 +++ [pid 427] +++ exited with 0 +++ [pid 302] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=427, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- [pid 302] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 302] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 302] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 302] getdents64(3, 0x55555589f620 /* 4 entries */, 32768) = 112 [pid 302] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 302] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 302] unlink("./3/binderfs") = 0 [pid 302] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 436] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 432] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] <... futex resumed>) = 0 [pid 426] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 27.935273][ T437] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 27.939217][ T449] loop2: detected capacity change from 0 to 512 [ 27.946682][ T437] ext4 filesystem being mounted at /root/syzkaller.xspvsY/3/file0 supports timestamps until 2038 (0x7fffffff) [ 27.964003][ T428] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 27.964858][ T445] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [pid 436] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] <... futex resumed>) = 0 [pid 430] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 426] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] <... futex resumed>) = 1 [pid 432] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 431] <... futex resumed>) = 0 [pid 430] <... futex resumed>) = 1 [pid 426] <... futex resumed>) = 0 [pid 437] <... futex resumed>) = 0 [pid 436] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 431] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 437] fspick(AT_FDCWD, ".", 0 [pid 436] <... fsconfig resumed>) = 0 [pid 431] <... futex resumed>) = 0 [pid 430] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 426] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 432] <... socket resumed>) = 5 [pid 437] <... fspick resumed>) = 4 [pid 436] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 431] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 432] <... futex resumed>) = 1 [pid 426] <... futex resumed>) = 0 [pid 437] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] <... futex resumed>) = 0 [pid 432] sendmsg(5, NULL, 0 [pid 431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 426] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 437] <... futex resumed>) = 1 [pid 436] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 432] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 431] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] <... futex resumed>) = 0 [pid 426] <... futex resumed>) = 0 [pid 432] <... futex resumed>) = 0 [pid 430] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 430] <... futex resumed>) = 0 [pid 426] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 430] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 437] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 431] <... futex resumed>) = 0 [pid 426] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] <... futex resumed>) = 0 [pid 426] <... futex resumed>) = 1 [pid 437] <... socket resumed>) = 5 [pid 432] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 431] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 426] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 437] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 437] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 432] <... fsconfig resumed>) = 0 [pid 430] <... futex resumed>) = 0 [pid 432] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 437] <... futex resumed>) = 0 [pid 432] <... futex resumed>) = 1 [pid 430] <... futex resumed>) = 1 [pid 426] <... futex resumed>) = 0 [pid 437] sendmsg(5, NULL, 0) = -1 EFAULT (Bad address) [pid 437] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 437] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 432] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 430] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 430] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 437] <... futex resumed>) = 0 [pid 430] <... futex resumed>) = 1 [pid 437] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 430] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 437] <... fsconfig resumed>) = 0 [pid 437] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 430] <... futex resumed>) = 0 [pid 437] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 430] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 437] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 430] <... futex resumed>) = 0 [pid 437] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 430] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 426] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] <... futex resumed>) = 0 [pid 426] <... futex resumed>) = 1 [pid 432] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [ 27.987913][ T445] System zones: 0-2, 18-18, 34-34 [ 27.998473][ T436] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback. [ 27.999761][ T445] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 28.020756][ T449] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 28.029134][ T432] EXT4-fs (loop5): re-mounted. Opts: (null). Quota mode: writeback. [pid 426] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] <... fsconfig resumed>) = 0 [pid 302] <... umount2 resumed>) = 0 [pid 437] <... fsconfig resumed>) = 0 [pid 437] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] <... futex resumed>) = 0 [pid 430] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 430] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 437] <... futex resumed>) = 1 [pid 437] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 431] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 431] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 431] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 432] <... fsconfig resumed>) = 0 [pid 431] <... futex resumed>) = 0 [pid 302] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 28.029175][ T437] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback. [ 28.037006][ T449] System zones: 0-2, 18-18, 34-34 [ 28.050498][ T445] EXT4-fs (loop0): 1 truncate cleaned up [ 28.057262][ T449] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 28.073585][ T437] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [pid 436] <... futex resumed>) = 1 [pid 432] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 431] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=16000000} [pid 426] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 302] lstat("./3/file0", [pid 430] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 430] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c04738000 [pid 430] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 430] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[455], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 455 [pid 430] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 430] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 455 attached [pid 436] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 432] <... futex resumed>) = 0 [pid 426] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 455] set_robust_list(0x7f3c047589e0, 24 [pid 445] <... mount resumed>) = 0 [pid 432] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 431] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 426] <... futex resumed>) = 0 [pid 302] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 431] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c04738000 [pid 431] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 431] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[457], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 457 [pid 431] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 431] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 457 attached [pid 457] set_robust_list(0x7f3c047589e0, 24) = 0 [pid 457] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 455] <... set_robust_list resumed>) = 0 [pid 455] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 445] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 445] chdir("./file0") = 0 [pid 445] ioctl(4, LOOP_CLR_FD) = 0 [pid 445] close(4) = 0 [pid 445] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 445] <... futex resumed>) = 1 [pid 445] fspick(AT_FDCWD, ".", 0) = 4 [pid 445] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 445] <... futex resumed>) = 1 [pid 445] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 445] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 445] <... futex resumed>) = 1 [pid 445] sendmsg(5, NULL, 0) = -1 EFAULT (Bad address) [pid 445] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 445] <... futex resumed>) = 1 [pid 445] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [ 28.074923][ T445] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 28.085040][ T437] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 28.102652][ T445] ext4 filesystem being mounted at /root/syzkaller.iUXvEJ/3/file0 supports timestamps until 2038 (0x7fffffff) [ 28.103596][ T436] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 28.115053][ T449] EXT4-fs (loop2): 1 truncate cleaned up [ 28.128718][ T432] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [pid 445] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 440] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 457] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 437] <... fsconfig resumed>) = 0 [pid 302] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 457] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 431] <... futex resumed>) = 0 [pid 457] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 431] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 431] <... futex resumed>) = 0 [pid 457] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 431] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 457] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 457] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 431] <... futex resumed>) = 0 [pid 457] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 445] <... futex resumed>) = 1 [pid 445] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 437] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... openat resumed>) = 4 [ 28.138669][ T455] ------------[ cut here ]------------ [ 28.138665][ T437] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback. [ 28.138699][ T449] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 28.147104][ T436] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 28.152076][ T449] ext4 filesystem being mounted at /root/syzkaller.HeKiwU/4/file0 supports timestamps until 2038 (0x7fffffff) [pid 449] <... mount resumed>) = 0 [pid 440] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 437] <... futex resumed>) = 0 [pid 430] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 426] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 302] fstat(4, [pid 440] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c04738000 [pid 440] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 440] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[458], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 458 [pid 440] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 458 attached [pid 458] set_robust_list(0x7f3c047589e0, 24) = 0 [pid 458] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 449] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 437] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 430] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 426] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 449] <... openat resumed>) = 3 [pid 437] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 430] <... futex resumed>) = 0 [pid 426] <... futex resumed>) = 0 [pid 302] getdents64(4, [pid 449] chdir("./file0" [pid 437] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 430] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 449] <... chdir resumed>) = 0 [pid 302] <... getdents64 resumed>0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 449] ioctl(4, LOOP_CLR_FD [pid 426] <... mmap resumed>) = 0x7f3c04738000 [pid 449] <... ioctl resumed>) = 0 [pid 426] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE [pid 302] getdents64(4, [pid 449] close(4 [pid 426] <... mprotect resumed>) = 0 [pid 302] <... getdents64 resumed>0x5555558a7660 /* 0 entries */, 32768) = 0 [ 28.164496][ T455] WARNING: CPU: 0 PID: 455 at fs/ext4/xattr.c:2090 ext4_xattr_block_set+0x2fcf/0x37a0 [ 28.191631][ T432] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 28.198071][ T455] Modules linked in: [ 28.204436][ T455] CPU: 1 PID: 455 Comm: syz-executor261 Not tainted 5.15.106-syzkaller-00249-g19c0ed55a470 #0 [ 28.206078][ T445] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback. [ 28.214866][ T455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 28.224618][ T436] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback. [pid 440] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 440] futex(0x7f3c0cc127cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c04717000 [pid 440] mprotect(0x7f3c04718000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 440] clone(child_stack=0x7f3c047373f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[461], tls=0x7f3c04737700, child_tidptr=0x7f3c047379d0) = 461 [pid 440] futex(0x7f3c0cc127c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7f3c0cc127cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 449] <... close resumed>) = 0 [pid 426] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 302] close(4./strace-static-x86_64: Process 462 attached ./strace-static-x86_64: Process 461 attached [pid 449] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 302] <... close resumed>) = 0 [pid 445] <... fsconfig resumed>) = 0 [pid 445] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 436] <... fsconfig resumed>) = 0 [pid 436] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 431] exit_group(0 [pid 457] <... futex resumed>) = ? [pid 436] <... futex resumed>) = ? [pid 431] <... exit_group resumed>) = ? [pid 462] set_robust_list(0x7f3c047589e0, 24 [pid 461] set_robust_list(0x7f3c047379e0, 24 [pid 457] +++ exited with 0 +++ [pid 449] <... futex resumed>) = 1 [pid 446] <... futex resumed>) = 0 [pid 436] +++ exited with 0 +++ [pid 431] +++ exited with 0 +++ [pid 426] <... clone resumed>, parent_tid=[462], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 462 [pid 302] rmdir("./3/file0" [pid 446] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=431, si_uid=0, si_status=0, si_utime=0, si_stime=18} --- [pid 446] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 28.232691][ T455] RIP: 0010:ext4_xattr_block_set+0x2fcf/0x37a0 [ 28.254129][ T455] Code: 9f 78 ff 48 8b 7c 24 40 4c 89 e6 e8 5b dc db ff 45 31 e4 e9 61 fb ff ff e8 7e 9f 78 ff 45 31 e4 e9 54 fb ff ff e8 71 9f 78 ff <0f> 0b e9 ed f2 ff ff e8 65 9f 78 ff 0f 0b e9 f8 d7 ff ff 89 f9 80 [ 28.255014][ T458] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 28.274035][ T455] RSP: 0018:ffffc90000e86fa0 EFLAGS: 00010293 [pid 299] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 299] getdents64(3, 0x55555589f620 /* 4 entries */, 32768) = 112 [pid 299] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 299] unlink("./3/binderfs") = 0 [pid 299] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 462] <... set_robust_list resumed>) = 0 [pid 461] <... set_robust_list resumed>) = 0 [pid 449] fspick(AT_FDCWD, ".", 0 [pid 440] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 426] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... rmdir resumed>) = 0 [pid 440] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 445] <... futex resumed>) = 0 [pid 440] <... futex resumed>) = 1 [pid 445] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 440] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 445] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 445] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] <... futex resumed>) = 0 [pid 445] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 432] <... fsconfig resumed>) = 0 [pid 432] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 462] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 461] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 449] <... fspick resumed>) = 4 [pid 426] <... futex resumed>) = 0 [pid 302] getdents64(3, [pid 458] <... fsconfig resumed>) = 0 [pid 458] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 28.288856][ T432] EXT4-fs (loop5): re-mounted. Opts: (null). Quota mode: writeback. [ 28.295485][ T458] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 28.297188][ T455] RAX: ffffffff81f74c4f RBX: 1ffff920001d0e71 RCX: ffff88810c7cbb40 [ 28.311444][ T458] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback. [ 28.312735][ T455] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [pid 458] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 449] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 426] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] <... getdents64 resumed>0x55555589f620 /* 0 entries */, 32768) = 0 [pid 446] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 446] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 449] <... futex resumed>) = 1 [pid 302] close(3 [pid 449] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 446] <... futex resumed>) = 0 [pid 302] <... close resumed>) = 0 [pid 446] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=44000000} [pid 449] <... socket resumed>) = 5 [pid 302] rmdir("./3" [pid 461] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 449] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 462] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 462] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 462] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] <... rmdir resumed>) = 0 [pid 302] mkdir("./4", 0777) = 0 [pid 302] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 302] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 302] close(3) = 0 [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555589e5d0) = 464 [pid 461] futex(0x7f3c0cc127cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 461] futex(0x7f3c0cc127c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 449] <... futex resumed>) = 1 [pid 446] <... futex resumed>) = 0 [pid 449] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 446] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 449] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 446] <... futex resumed>) = 0 [pid 449] sendmsg(5, NULL, 0 [pid 446] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 449] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 449] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 446] <... futex resumed>) = 0 [pid 449] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 446] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 449] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 446] <... futex resumed>) = 0 [pid 449] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 446] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 426] <... futex resumed>) = 0 [pid 449] <... fsconfig resumed>) = 0 [pid 449] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 446] <... futex resumed>) = 0 [pid 449] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 446] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 449] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 446] <... futex resumed>) = 0 [pid 449] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 446] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 464 attached [pid 426] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] exit_group(0 [pid 432] <... futex resumed>) = 0 [pid 426] <... futex resumed>) = 1 [pid 461] <... futex resumed>) = ? [pid 458] <... futex resumed>) = ? [pid 445] <... futex resumed>) = ? [pid 440] <... exit_group resumed>) = ? [pid 432] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 426] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 461] +++ exited with 0 +++ [pid 458] +++ exited with 0 +++ [pid 445] +++ exited with 0 +++ [pid 440] +++ exited with 0 +++ [pid 432] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 432] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 426] <... futex resumed>) = 0 [pid 426] exit_group(0 [pid 462] <... futex resumed>) = ? [pid 426] <... exit_group resumed>) = ? [pid 462] +++ exited with 0 +++ [pid 432] +++ exited with 0 +++ [pid 426] +++ exited with 0 +++ [pid 464] set_robust_list(0x55555589e5e0, 24) = 0 [pid 464] chdir("./4") = 0 [pid 464] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 464] setpgid(0, 0) = 0 [pid 464] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 464] write(3, "1000", 4) = 4 [pid 464] close(3) = 0 [pid 464] symlink("/dev/binderfs", "./binderfs") = 0 [pid 464] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c0cb19000 [pid 303] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=426, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=440, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- [pid 464] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 464] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[465], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 465 [pid 464] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 465 attached [pid 465] set_robust_list(0x7f3c0cb399e0, 24) = 0 [pid 465] memfd_create("syzkaller", 0) = 3 [pid 465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 [ 28.324505][ T462] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 28.328363][ T455] RBP: ffffc90000e871d0 R08: ffffffff81d5c294 R09: ffffed10218ee3ed [ 28.350673][ T455] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 28.361651][ T455] R13: 1ffff920001d0e22 R14: 0000000000000000 R15: dffffc0000000000 [ 28.370161][ T455] FS: 00007f3c04758700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 28.370571][ T449] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback. [pid 465] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 465] munmap(0x7f3c04719000, 262144) = 0 [pid 465] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 465] ioctl(4, LOOP_SET_FD, 3 [pid 449] <... fsconfig resumed>) = 0 [pid 449] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 449] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 465] <... ioctl resumed>) = 0 [pid 465] close(3) = 0 [pid 465] mkdir("./file0", 0777) = 0 [pid 465] mount("/dev/loop4", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 303] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 303] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 303] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 303] getdents64(3, 0x55555589f620 /* 4 entries */, 32768) = 112 [pid 303] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 303] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 303] unlink("./3/binderfs") = 0 [pid 303] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 298] getdents64(3, 0x55555589f620 /* 4 entries */, 32768) = 112 [pid 446] <... futex resumed>) = 0 [pid 298] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 298] unlink("./3/binderfs") = 0 [pid 298] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 446] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 449] <... futex resumed>) = 0 [pid 446] <... futex resumed>) = 1 [pid 449] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 446] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... umount2 resumed>) = 0 [ 28.378919][ T455] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.378937][ T455] CR2: 0000000000000000 CR3: 000000010b7ea000 CR4: 00000000003506b0 [ 28.394260][ T465] loop4: detected capacity change from 0 to 512 [ 28.401732][ T455] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 28.415659][ T455] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 28.420640][ T449] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 28.423705][ T455] Call Trace: [ 28.437196][ T455] [pid 299] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] lstat("./3/file0", [pid 303] <... umount2 resumed>) = 0 [pid 303] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 303] lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 303] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 303] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 303] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 303] getdents64(4, 0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 303] getdents64(4, 0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 303] close(4) = 0 [pid 303] rmdir("./3/file0") = 0 [pid 303] getdents64(3, 0x55555589f620 /* 0 entries */, 32768) = 0 [pid 303] close(3) = 0 [pid 303] rmdir("./3") = 0 [pid 303] mkdir("./4", 0777) = 0 [pid 303] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 303] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 303] close(3) = 0 [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555589e5d0) = 468 [pid 299] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 299] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 446] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 299] <... openat resumed>) = 4 [pid 446] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c04738000 [pid 446] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 446] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[469], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 469 [pid 446] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] fstat(4, [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 298] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 298] getdents64(4, 0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 299] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 299] getdents64(4, [pid 298] rmdir("./3/file0" [pid 299] <... getdents64 resumed>0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 298] <... rmdir resumed>) = 0 [pid 298] getdents64(3, 0x55555589f620 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./3") = 0 [pid 298] mkdir("./4", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 28.440916][ T465] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 28.443938][ T449] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 28.449243][ T465] System zones: [ 28.456592][ T455] ? __ext4_journal_ensure_credits+0x470/0x470 [ 28.466810][ T465] 0-2, 18-18, 34-34 [ 28.471315][ T455] ? ext4_xattr_block_find+0x520/0x520 [ 28.476896][ T455] ? ext4_reserve_inode_write+0x30b/0x3d0 [ 28.483151][ T455] ? ext4_mark_iloc_dirty+0x3f40/0x3f40 [pid 298] close(3 [pid 299] getdents64(4, [pid 298] <... close resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555589e5d0) = 470 ./strace-static-x86_64: Process 468 attached [pid 299] <... getdents64 resumed>0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 299] close(4 [pid 468] set_robust_list(0x55555589e5e0, 24 [pid 299] <... close resumed>) = 0 [pid 468] <... set_robust_list resumed>) = 0 [pid 299] rmdir("./3/file0" [pid 468] chdir("./4" [pid 299] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 470 attached ./strace-static-x86_64: Process 469 attached [pid 468] <... chdir resumed>) = 0 [pid 446] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 446] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 446] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 446] futex(0x7f3c0cc127cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] getdents64(3, [pid 470] set_robust_list(0x55555589e5e0, 24 [pid 469] set_robust_list(0x7f3c047589e0, 24 [pid 468] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 446] <... mmap resumed>) = 0x7f3c04717000 [pid 446] mprotect(0x7f3c04718000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 446] clone(child_stack=0x7f3c047373f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[472], tls=0x7f3c04737700, child_tidptr=0x7f3c047379d0) = 472 [pid 446] futex(0x7f3c0cc127c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7f3c0cc127cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] <... set_robust_list resumed>) = 0 [pid 469] <... set_robust_list resumed>) = 0 [pid 468] <... prctl resumed>) = 0 [pid 449] <... fsconfig resumed>) = 0 [pid 299] <... getdents64 resumed>0x55555589f620 /* 0 entries */, 32768) = 0 [pid 470] chdir("./4" [pid 449] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... chdir resumed>) = 0 [pid 449] <... futex resumed>) = 0 [pid 470] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 449] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] <... prctl resumed>) = 0 [pid 470] setpgid(0, 0) = 0 [pid 470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 470] write(3, "1000", 4) = 4 [pid 470] close(3) = 0 [pid 470] symlink("/dev/binderfs", "./binderfs") = 0 [ 28.488609][ T455] ? ext4_xattr_block_find+0xda/0x520 [ 28.494024][ T455] ext4_xattr_set_handle+0xdac/0x1560 [ 28.500816][ T455] ? sidtab_sid2str_put+0x2d7/0x640 [ 28.501982][ T465] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 28.505889][ T455] ? ext4_xattr_set_entry+0x3a40/0x3a40 [ 28.525571][ T455] ? selinux_inode_init_security+0x52d/0x780 [ 28.530264][ T449] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback. [pid 470] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 472 attached ) = 0 [pid 472] set_robust_list(0x7f3c047379e0, 24 [pid 470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 472] <... set_robust_list resumed>) = 0 [pid 470] <... mmap resumed>) = 0x7f3c0cb19000 [pid 472] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 470] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 469] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 468] setpgid(0, 0 [pid 299] close(3 [pid 470] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[473], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 473 [pid 470] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 473 attached [pid 473] set_robust_list(0x7f3c0cb399e0, 24) = 0 [pid 473] memfd_create("syzkaller", 0) = 3 [pid 473] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 [pid 468] <... setpgid resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 473] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 473] munmap(0x7f3c04719000, 262144) = 0 [pid 473] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] rmdir("./3" [pid 473] <... openat resumed>) = 4 [pid 473] ioctl(4, LOOP_SET_FD, 3 [pid 468] <... openat resumed>) = 3 [pid 446] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 299] <... rmdir resumed>) = 0 [pid 473] <... ioctl resumed>) = 0 [pid 473] close(3) = 0 [pid 473] mkdir("./file0", 0777) = 0 [pid 473] mount("/dev/loop0", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 468] write(3, "1000", 4 [pid 299] mkdir("./4", 0777 [pid 468] <... write resumed>) = 4 [pid 468] close(3 [pid 299] <... mkdir resumed>) = 0 [ 28.531672][ T455] ? selinux_inode_free_security+0x210/0x210 [ 28.545370][ T455] ext4_initxattrs+0xa7/0x120 [ 28.545413][ T472] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 28.549985][ T455] security_inode_init_security+0x252/0x390 [ 28.569886][ T455] ? ext4_init_security+0x40/0x40 [ 28.575224][ T455] ? security_dentry_create_files_as+0xc0/0xc0 [ 28.576818][ T473] loop0: detected capacity change from 0 to 512 [ 28.581959][ T455] ? __ext4_set_acl+0x5e0/0x5e0 [pid 468] <... close resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 468] symlink("/dev/binderfs", "./binderfs") = 0 [pid 299] <... openat resumed>) = 3 [pid 472] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 472] futex(0x7f3c0cc127cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 472] futex(0x7f3c0cc127c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 468] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] ioctl(3, LOOP_CLR_FD [pid 469] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 468] <... futex resumed>) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 465] <... mount resumed>) = 0 [pid 465] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 465] chdir("./file0") = 0 [ 28.592669][ T455] ? prandom_u32+0x24c/0x290 [ 28.597260][ T455] ext4_init_security+0x34/0x40 [ 28.598455][ T465] EXT4-fs (loop4): 1 truncate cleaned up [ 28.602297][ T455] __ext4_new_inode+0x3373/0x4230 [ 28.610235][ T465] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 28.613251][ T455] ? ext4_has_group_desc_csum+0x1f0/0x1f0 [ 28.624453][ T465] ext4 filesystem being mounted at /root/syzkaller.XlkTr1/4/file0 supports timestamps until 2038 (0x7fffffff) [pid 465] ioctl(4, LOOP_CLR_FD) = 0 [pid 465] close(4 [pid 469] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] close(3 [pid 469] <... futex resumed>) = 0 [pid 468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] <... close resumed>) = 0 [pid 446] exit_group(0 [pid 472] <... futex resumed>) = ? [pid 449] <... futex resumed>) = ? [pid 446] <... exit_group resumed>) = ? [pid 472] +++ exited with 0 +++ [pid 449] +++ exited with 0 +++ [pid 468] <... mmap resumed>) = 0x7f3c0cb19000 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 469] +++ exited with 0 +++ [pid 468] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE [pid 446] +++ exited with 0 +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=446, si_uid=0, si_status=0, si_utime=0, si_stime=18} --- [pid 300] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 300] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 300] getdents64(3, 0x55555589f620 /* 4 entries */, 32768) = 112 [pid 300] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 300] unlink("./4/binderfs") = 0 [pid 300] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 468] <... mprotect resumed>) = 0 [pid 299] <... clone resumed>, child_tidptr=0x55555589e5d0) = 476 [pid 468] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[477], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 477 [pid 468] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 468] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 465] <... close resumed>) = 0 [pid 465] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] <... futex resumed>) = 1 [pid 465] fspick(AT_FDCWD, ".", 0) = 4 [pid 465] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] <... futex resumed>) = 1 [pid 465] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 465] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] <... futex resumed>) = 1 [pid 465] sendmsg(5, NULL, 0) = -1 EFAULT (Bad address) [pid 465] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] <... futex resumed>) = 1 [pid 465] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 465] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 465] <... futex resumed>) = 1 [pid 464] <... futex resumed>) = 0 [pid 465] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [ 28.629164][ T455] ? dquot_initialize+0x20/0x20 [ 28.645286][ T455] ? ext4_lookup+0x549/0xaa0 [ 28.650280][ T473] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 28.658125][ T473] System zones: 0-2, 18-18, 34-34 [ 28.663044][ T455] ? ext4_add_entry+0x12b0/0x12b0 [ 28.673011][ T455] ext4_create+0x275/0x550 [ 28.678927][ T455] ? ext4_lookup+0xaa0/0xaa0 [ 28.683788][ T455] ? selinux_inode_create+0x22/0x30 [pid 464] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 477 attached [pid 477] set_robust_list(0x7f3c0cb399e0, 24) = 0 [pid 477] memfd_create("syzkaller", 0) = 3 [pid 477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 ./strace-static-x86_64: Process 476 attached [pid 476] set_robust_list(0x55555589e5e0, 24) = 0 [pid 476] chdir("./4") = 0 [pid 476] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 476] setpgid(0, 0 [pid 300] <... umount2 resumed>) = 0 [pid 300] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 300] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 300] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 300] getdents64(4, 0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 300] getdents64(4, 0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 300] close(4) = 0 [pid 300] rmdir("./4/file0") = 0 [pid 300] getdents64(3, 0x55555589f620 /* 0 entries */, 32768) = 0 [pid 300] close(3) = 0 [pid 300] rmdir("./4") = 0 [pid 300] mkdir("./5", 0777 [pid 477] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 476] <... setpgid resumed>) = 0 [pid 300] <... mkdir resumed>) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 300] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 300] close(3 [pid 476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 300] <... close resumed>) = 0 [pid 430] exit_group(0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 430] <... exit_group resumed>) = ? [pid 300] <... clone resumed>, child_tidptr=0x55555589e5d0) = 478 [ 28.689103][ T455] ? security_inode_create+0xbc/0x100 [ 28.694450][ T455] ? ext4_lookup+0xaa0/0xaa0 [ 28.699221][ T455] path_openat+0x13a8/0x2f40 [ 28.699282][ T465] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback. [ 28.711606][ T455] ? do_filp_open+0x460/0x460 [ 28.716288][ T455] do_filp_open+0x21c/0x460 [ 28.720916][ T455] ? vfs_tmpfile+0x2c0/0x2c0 [ 28.725525][ T455] do_sys_openat2+0x13b/0x500 [pid 477] <... write resumed>) = 262144 [pid 476] <... openat resumed>) = 3 ./strace-static-x86_64: Process 478 attached [pid 465] <... fsconfig resumed>) = 0 [pid 478] set_robust_list(0x55555589e5e0, 24 [pid 477] munmap(0x7f3c04719000, 262144 [pid 476] write(3, "1000", 4 [pid 465] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 478] <... set_robust_list resumed>) = 0 [pid 477] <... munmap resumed>) = 0 [pid 476] <... write resumed>) = 4 [pid 465] <... futex resumed>) = 0 [pid 464] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] chdir("./5" [pid 477] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 476] close(3 [pid 465] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 464] <... futex resumed>) = 0 [pid 478] <... chdir resumed>) = 0 [pid 477] <... openat resumed>) = 4 [pid 476] <... close resumed>) = 0 [pid 464] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 477] ioctl(4, LOOP_SET_FD, 3 [pid 476] symlink("/dev/binderfs", "./binderfs" [pid 478] <... prctl resumed>) = 0 [pid 476] <... symlink resumed>) = 0 [pid 478] setpgid(0, 0 [pid 476] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] <... setpgid resumed>) = 0 [pid 476] <... futex resumed>) = 0 [pid 478] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 478] <... openat resumed>) = 3 [pid 476] <... mmap resumed>) = 0x7f3c0cb19000 [pid 478] write(3, "1000", 4 [pid 476] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE [pid 478] <... write resumed>) = 4 [pid 476] <... mprotect resumed>) = 0 [pid 478] close(3 [pid 476] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 478] <... close resumed>) = 0 [pid 478] symlink("/dev/binderfs", "./binderfs" [pid 476] <... clone resumed>, parent_tid=[479], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 479 [pid 478] <... symlink resumed>) = 0 [pid 476] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 478] <... futex resumed>) = 0 [pid 476] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 478] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c0cb19000 [pid 478] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 478] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[480], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 480 [pid 478] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 478] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 480 attached [pid 480] set_robust_list(0x7f3c0cb399e0, 24./strace-static-x86_64: Process 479 attached [pid 479] set_robust_list(0x7f3c0cb399e0, 24) = 0 [pid 479] memfd_create("syzkaller", 0) = 3 [pid 479] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 [pid 480] <... set_robust_list resumed>) = 0 [pid 479] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 477] <... ioctl resumed>) = 0 [ 28.726674][ T473] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 28.730083][ T455] ? do_sys_open+0x220/0x220 [ 28.748517][ T455] ? ptrace_notify+0x24c/0x350 [ 28.750746][ T465] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 28.753389][ T455] __x64_sys_openat+0x243/0x290 [ 28.764002][ T477] loop5: detected capacity change from 0 to 512 [ 28.767177][ T455] ? __ia32_sys_open+0x270/0x270 [ 28.778433][ T455] ? __kasan_check_read+0x11/0x20 [ 28.783537][ T455] ? syscall_enter_from_user_mode+0x70/0x1b0 [pid 480] memfd_create("syzkaller", 0 [pid 477] close(3) = 0 [pid 477] mkdir("./file0", 0777) = 0 [pid 477] mount("/dev/loop5", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 479] munmap(0x7f3c04719000, 262144) = 0 [pid 479] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 480] <... memfd_create resumed>) = 3 [pid 479] ioctl(4, LOOP_SET_FD, 3 [pid 480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 464] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 464] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c04738000 [pid 464] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 464] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[481], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 481 [pid 464] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 480] <... mmap resumed>) = 0x7f3c04719000 ./strace-static-x86_64: Process 481 attached [pid 481] set_robust_list(0x7f3c047589e0, 24) = 0 [pid 481] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EROFS (Read-only file system) [pid 481] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 481] <... futex resumed>) = 1 [pid 481] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EROFS (Read-only file system) [ 28.789767][ T455] do_syscall_64+0x3d/0xb0 [ 28.794334][ T455] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 28.800387][ T455] RIP: 0033:0x7f3c0cb8d679 [ 28.801310][ T479] loop1: detected capacity change from 0 to 512 [ 28.804834][ T455] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 28.815782][ T465] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [pid 481] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 481] <... futex resumed>) = 1 [pid 481] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 480] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 480] munmap(0x7f3c04719000, 262144 [pid 479] <... ioctl resumed>) = 0 [pid 479] close(3) = 0 [pid 480] <... munmap resumed>) = 0 [pid 479] mkdir("./file0", 0777) = 0 [pid 479] mount("/dev/loop1", "./file0", "ext4", MS_NODEV, ",errors=continue" [ 28.830642][ T455] RSP: 002b:00007f3c047582f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 28.849189][ T455] RAX: ffffffffffffffda RBX: 00007f3c0cc127b0 RCX: 00007f3c0cb8d679 [ 28.857631][ T455] RDX: 000000000000275a RSI: 0000000020000040 RDI: 00000000ffffff9c [ 28.857956][ T477] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 28.865470][ T455] RBP: 00007f3c0cbdf58c R08: 00007f3c04758700 R09: 0000000000000000 [ 28.865487][ T455] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c0cbdf0c0 [pid 480] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 480] ioctl(4, LOOP_SET_FD, 3 [pid 437] <... openat resumed>) = ? [pid 437] +++ exited with 0 +++ [pid 455] <... openat resumed>) = ? [pid 455] +++ exited with 0 +++ [pid 430] +++ exited with 0 +++ [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=430, si_uid=0, si_status=0, si_utime=0, si_stime=79} --- [pid 301] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 301] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 301] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 301] getdents64(3, 0x55555589f620 /* 4 entries */, 32768) = 112 [pid 301] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 301] unlink("./3/binderfs") = 0 [pid 301] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 480] <... ioctl resumed>) = 0 [pid 473] <... mount resumed>) = 0 [pid 480] close(3 [pid 473] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 480] <... close resumed>) = 0 [ 28.865500][ T455] R13: 0000000020000ec0 R14: 0030656c69662f2e R15: 00007f3c0cc127b8 [ 28.878075][ T473] EXT4-fs (loop0): 1 truncate cleaned up [ 28.881331][ T455] [ 28.894225][ T473] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 28.896864][ T455] ---[ end trace ae5e43b253dd7531 ]--- [ 28.913039][ T477] System zones: [ 28.916272][ T473] ext4 filesystem being mounted at /root/syzkaller.iUXvEJ/4/file0 supports timestamps until 2038 (0x7fffffff) [ 28.936520][ T480] loop2: detected capacity change from 0 to 512 [pid 473] <... openat resumed>) = 3 [pid 480] mkdir("./file0", 0777 [pid 473] chdir("./file0" [pid 480] <... mkdir resumed>) = 0 [pid 473] <... chdir resumed>) = 0 [pid 480] mount("/dev/loop2", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 473] ioctl(4, LOOP_CLR_FD) = 0 [pid 473] close(4) = 0 [pid 473] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 473] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] <... futex resumed>) = 0 [pid 470] <... futex resumed>) = 1 [pid 473] fspick(AT_FDCWD, ".", 0 [pid 470] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 473] <... fspick resumed>) = 4 [pid 473] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 473] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 470] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] <... socket resumed>) = 5 [pid 470] <... futex resumed>) = 0 [pid 473] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 473] <... futex resumed>) = 0 [pid 470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 473] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 470] <... futex resumed>) = 0 [pid 473] sendmsg(5, NULL, 0 [pid 470] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 473] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 473] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 465] <... fsconfig resumed>) = 0 [pid 465] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 473] <... futex resumed>) = 1 [pid 464] exit_group(0 [pid 473] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... exit_group resumed>) = ? [pid 481] <... futex resumed>) = ? [pid 465] <... futex resumed>) = ? [pid 465] +++ exited with 0 +++ [ 28.942946][ T477] 0-2, 18-18, 34-34 [ 28.957420][ T465] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback. [ 28.970453][ T479] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 28.978580][ T477] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [pid 481] +++ exited with 0 +++ [pid 473] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 470] <... futex resumed>) = 0 [pid 464] +++ exited with 0 +++ [pid 301] <... umount2 resumed>) = 0 [pid 473] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 470] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 473] <... fsconfig resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 473] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] lstat("./3/file0", [pid 473] <... futex resumed>) = 1 [pid 470] <... futex resumed>) = 0 [pid 301] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 473] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 470] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 470] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 470] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 301] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 301] getdents64(4, 0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 301] getdents64(4, 0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 301] close(4 [pid 302] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=464, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- [pid 301] <... close resumed>) = 0 [pid 301] rmdir("./3/file0") = 0 [pid 302] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] getdents64(3, [pid 302] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... getdents64 resumed>0x55555589f620 /* 0 entries */, 32768) = 0 [pid 302] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 301] close(3 [pid 302] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 301] <... close resumed>) = 0 [pid 302] getdents64(3, [pid 301] rmdir("./3") = 0 [pid 301] mkdir("./4", 0777) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 301] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 28.979210][ T479] System zones: 0-2, 18-18, 34-34 [ 29.003146][ T473] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback. [ 29.012897][ T479] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 29.019103][ T480] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 29.034840][ T480] System zones: 0-2, 18-18, 34-34 [pid 301] close(3 [pid 302] <... getdents64 resumed>0x55555589f620 /* 4 entries */, 32768) = 112 [pid 301] <... close resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555589e5d0) = 489 [pid 473] <... fsconfig resumed>) = 0 [pid 473] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 473] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] <... futex resumed>) = 0 [pid 302] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 470] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 470] <... futex resumed>) = 1 [pid 302] lstat("./4/binderfs", [pid 470] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 302] unlink("./4/binderfs") = 0 [ 29.035325][ T477] EXT4-fs (loop5): 1 truncate cleaned up [ 29.045959][ T479] EXT4-fs (loop1): 1 truncate cleaned up [ 29.051213][ T477] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 29.052405][ T479] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 29.062389][ T477] ext4 filesystem being mounted at /root/syzkaller.ocl8L5/4/file0 supports timestamps until 2038 (0x7fffffff) [pid 302] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 489 attached [pid 477] <... mount resumed>) = 0 [pid 473] <... futex resumed>) = 0 [pid 489] set_robust_list(0x55555589e5e0, 24 [pid 477] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 473] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 477] <... openat resumed>) = 3 [pid 489] <... set_robust_list resumed>) = 0 [pid 489] chdir("./4" [pid 477] chdir("./file0" [pid 489] <... chdir resumed>) = 0 [pid 477] <... chdir resumed>) = 0 [pid 477] ioctl(4, LOOP_CLR_FD [pid 489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 477] <... ioctl resumed>) = 0 [pid 470] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 470] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c04738000 [pid 470] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 470] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[491], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 491 [pid 470] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 491 attached [pid 491] set_robust_list(0x7f3c047589e0, 24) = 0 [pid 491] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EROFS (Read-only file system) [pid 491] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 491] <... futex resumed>) = 1 [pid 491] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EROFS (Read-only file system) [pid 491] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = 0 [pid 491] <... futex resumed>) = 1 [pid 491] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 489] setpgid(0, 0 [pid 479] <... mount resumed>) = 0 [pid 477] close(4 [pid 489] <... setpgid resumed>) = 0 [pid 477] <... close resumed>) = 0 [pid 489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 477] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... openat resumed>) = 3 [pid 477] <... futex resumed>) = 1 [pid 468] <... futex resumed>) = 0 [pid 489] write(3, "1000", 4 [pid 477] fspick(AT_FDCWD, ".", 0 [pid 468] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... write resumed>) = 4 [pid 477] <... fspick resumed>) = 4 [pid 468] <... futex resumed>) = 0 [pid 489] close(3 [pid 477] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] <... close resumed>) = 0 [pid 479] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 477] <... futex resumed>) = 0 [pid 468] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 489] symlink("/dev/binderfs", "./binderfs" [pid 479] <... openat resumed>) = 3 [pid 477] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 468] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... symlink resumed>) = 0 [pid 479] chdir("./file0" [pid 477] <... socket resumed>) = 5 [pid 468] <... futex resumed>) = 0 [pid 489] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 479] <... chdir resumed>) = 0 [pid 477] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] <... futex resumed>) = 0 [pid 479] ioctl(4, LOOP_CLR_FD [pid 477] <... futex resumed>) = 0 [pid 468] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 479] <... ioctl resumed>) = 0 [pid 477] sendmsg(5, NULL, 0 [pid 468] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... mmap resumed>) = 0x7f3c0cb19000 [pid 479] close(4 [pid 477] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 468] <... futex resumed>) = 0 [pid 489] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE [pid 479] <... close resumed>) = 0 [pid 477] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] <... mprotect resumed>) = 0 [pid 479] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 468] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 29.075625][ T480] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 29.085211][ T479] ext4 filesystem being mounted at /root/syzkaller.RmIcRO/4/file0 supports timestamps until 2038 (0x7fffffff) [ 29.110662][ T473] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 29.120668][ T473] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 29.120748][ T480] EXT4-fs (loop2): 1 truncate cleaned up [ 29.131818][ T480] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [pid 489] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 479] <... futex resumed>) = 1 [pid 477] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 476] <... futex resumed>) = 0 [pid 468] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 479] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 468] <... futex resumed>) = 0 [pid 489] <... clone resumed>, parent_tid=[492], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 492 [pid 477] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 468] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... fsconfig resumed>) = 0 [pid 489] <... futex resumed>) = 0 [pid 477] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 477] <... futex resumed>) = 1 [pid 468] <... futex resumed>) = 0 [pid 477] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 468] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 468] <... futex resumed>) = 0 [pid 477] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 468] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 492 attached [pid 492] set_robust_list(0x7f3c0cb399e0, 24) = 0 [pid 492] memfd_create("syzkaller", 0) = 3 [pid 492] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 [pid 476] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 480] <... mount resumed>) = 0 [pid 479] <... futex resumed>) = 0 [pid 476] <... futex resumed>) = 1 [pid 476] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 479] fspick(AT_FDCWD, ".", 0) = 4 [pid 479] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 479] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 480] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 480] chdir("./file0") = 0 [pid 480] ioctl(4, LOOP_CLR_FD [pid 476] <... futex resumed>) = 0 [pid 480] <... ioctl resumed>) = 0 [pid 480] close(4) = 0 [pid 480] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 480] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 492] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 492] munmap(0x7f3c04719000, 262144) = 0 [pid 492] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 478] <... futex resumed>) = 0 [pid 476] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 492] <... openat resumed>) = 4 [pid 492] ioctl(4, LOOP_SET_FD, 3 [pid 478] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 1 [pid 478] <... futex resumed>) = 1 [pid 476] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 479] <... futex resumed>) = 0 [pid 479] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 479] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 480] <... futex resumed>) = 0 [pid 479] <... futex resumed>) = 1 [pid 480] fspick(AT_FDCWD, ".", 0 [pid 479] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 480] <... fspick resumed>) = 4 [pid 480] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 480] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 478] <... futex resumed>) = 0 [pid 476] <... futex resumed>) = 0 [pid 478] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] <... fsconfig resumed>) = 0 [pid 473] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] exit_group(0 [pid 491] <... futex resumed>) = 231 [pid 470] <... exit_group resumed>) = ? [pid 478] <... futex resumed>) = 1 [pid 491] +++ exited with 0 +++ [pid 478] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] <... futex resumed>) = 1 [pid 480] <... futex resumed>) = 0 [pid 479] <... futex resumed>) = 0 [pid 476] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 480] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 479] sendmsg(5, NULL, 0 [pid 480] <... socket resumed>) = 5 [pid 479] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 480] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 479] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 480] <... futex resumed>) = 1 [pid 479] <... futex resumed>) = 1 [pid 478] <... futex resumed>) = 0 [pid 476] <... futex resumed>) = 0 [pid 302] <... umount2 resumed>) = 0 [pid 480] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 479] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 473] <... futex resumed>) = ? [pid 473] +++ exited with 0 +++ [pid 470] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=470, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- [pid 298] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 298] getdents64(3, 0x55555589f620 /* 4 entries */, 32768) = 112 [pid 298] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] lstat("./4/binderfs", [pid 478] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 478] <... futex resumed>) = 1 [pid 476] <... futex resumed>) = 1 [pid 302] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 478] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 302] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 480] <... futex resumed>) = 0 [pid 479] <... futex resumed>) = 0 [pid 298] unlink("./4/binderfs" [pid 480] sendmsg(5, NULL, 0 [pid 479] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 480] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 302] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 479] <... fsconfig resumed>) = 0 [pid 302] <... openat resumed>) = 4 [pid 480] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... unlink resumed>) = 0 [pid 480] <... futex resumed>) = 1 [pid 479] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] <... futex resumed>) = 0 [pid 302] fstat(4, [pid 298] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 492] <... ioctl resumed>) = 0 [pid 480] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 479] <... futex resumed>) = 1 [pid 478] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... fsconfig resumed>) = 0 [pid 476] <... futex resumed>) = 0 [pid 302] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 29.148349][ T480] ext4 filesystem being mounted at /root/syzkaller.HeKiwU/5/file0 supports timestamps until 2038 (0x7fffffff) [ 29.164181][ T477] EXT4-fs (loop5): re-mounted. Opts: (null). Quota mode: writeback. [ 29.173196][ T473] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback. [ 29.185036][ T492] loop3: detected capacity change from 0 to 512 [pid 480] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 479] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 478] <... futex resumed>) = 0 [pid 477] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] getdents64(4, [pid 480] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 479] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 477] <... futex resumed>) = 1 [pid 468] <... futex resumed>) = 0 [pid 480] <... fsconfig resumed>) = 0 [pid 479] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 478] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 476] <... futex resumed>) = 0 [pid 468] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... getdents64 resumed>0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 480] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 468] <... futex resumed>) = 0 [pid 480] <... futex resumed>) = 0 [pid 477] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 468] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 492] close(3 [pid 480] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 478] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 476] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] getdents64(4, [pid 478] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... getdents64 resumed>0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 478] <... futex resumed>) = 0 [pid 302] close(4 [pid 478] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] <... close resumed>) = 0 [pid 302] rmdir("./4/file0") = 0 [pid 302] getdents64(3, 0x55555589f620 /* 0 entries */, 32768) = 0 [pid 302] close(3) = 0 [pid 302] rmdir("./4") = 0 [pid 302] mkdir("./5", 0777) = 0 [pid 302] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 302] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 302] close(3 [pid 492] <... close resumed>) = 0 [pid 480] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 302] <... close resumed>) = 0 [pid 480] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 492] mkdir("./file0", 0777 [pid 479] <... fsconfig resumed>) = 0 [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 492] <... mkdir resumed>) = 0 [pid 479] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 492] mount("/dev/loop3", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 479] <... futex resumed>) = 1 [pid 476] <... futex resumed>) = 0 [pid 302] <... clone resumed>, child_tidptr=0x55555589e5d0) = 494 [pid 479] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 476] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 494 attached ) = 0 [pid 494] set_robust_list(0x55555589e5e0, 24) = 0 [pid 494] chdir("./5") = 0 [pid 494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 494] setpgid(0, 0) = 0 [pid 494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 494] write(3, "1000", 4) = 4 [pid 494] close(3) = 0 [pid 494] symlink("/dev/binderfs", "./binderfs") = 0 [pid 494] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c0cb19000 [pid 494] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 494] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[495], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 495 [pid 494] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 476] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 495 attached [pid 495] set_robust_list(0x7f3c0cb399e0, 24) = 0 [pid 298] <... umount2 resumed>) = 0 [ 29.201580][ T477] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 29.211991][ T479] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback. [ 29.212825][ T477] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 29.225895][ T479] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 29.239800][ T480] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback. [pid 495] memfd_create("syzkaller", 0 [pid 480] <... fsconfig resumed>) = 0 [pid 298] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 298] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 298] getdents64(4, 0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./4/file0" [pid 478] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 298] <... rmdir resumed>) = 0 [pid 478] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] getdents64(3, [pid 478] <... futex resumed>) = 0 [pid 298] <... getdents64 resumed>0x55555589f620 /* 0 entries */, 32768) = 0 [pid 478] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] close(3 [pid 478] <... mmap resumed>) = 0x7f3c04738000 [pid 478] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE [pid 298] <... close resumed>) = 0 [pid 478] <... mprotect resumed>) = 0 [pid 478] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 298] rmdir("./4" [pid 478] <... clone resumed>, parent_tid=[498], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 498 [pid 298] <... rmdir resumed>) = 0 [pid 478] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] mkdir("./5", 0777 [pid 478] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... mkdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555589e5d0) = 499 [pid 480] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 480] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 468] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 495] <... memfd_create resumed>) = 3 [pid 495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 [pid 468] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c04738000 [pid 468] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 468] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[500], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 500 [pid 495] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 468] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 499 attached ) = 0 [pid 468] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 500 attached ./strace-static-x86_64: Process 498 attached [pid 477] <... fsconfig resumed>) = 0 [pid 498] set_robust_list(0x7f3c047589e0, 24 [pid 477] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 500] set_robust_list(0x7f3c047589e0, 24 [pid 499] set_robust_list(0x55555589e5e0, 24) = 0 [pid 500] <... set_robust_list resumed>) = 0 [pid 499] chdir("./5" [pid 498] <... set_robust_list resumed>) = 0 [pid 477] <... futex resumed>) = 0 [pid 499] <... chdir resumed>) = 0 [pid 499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 499] setpgid(0, 0) = 0 [pid 500] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 498] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 477] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] <... openat resumed>) = 3 [pid 499] write(3, "1000", 4) = 4 [pid 499] close(3) = 0 [pid 499] symlink("/dev/binderfs", "./binderfs") = 0 [pid 499] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c0cb19000 [pid 499] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 499] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[502], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 502 [pid 499] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 502 attached [pid 500] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 495] <... write resumed>) = 262144 [pid 476] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 476] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c04738000 [pid 476] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 476] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[504], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 504 [pid 476] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 504 attached [pid 504] set_robust_list(0x7f3c047589e0, 24) = 0 [pid 504] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 504] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 504] <... futex resumed>) = 1 [pid 504] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 504] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 504] <... futex resumed>) = 1 [pid 504] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 502] set_robust_list(0x7f3c0cb399e0, 24 [pid 500] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] munmap(0x7f3c04719000, 262144 [pid 502] <... set_robust_list resumed>) = 0 [pid 500] <... futex resumed>) = 1 [pid 495] <... munmap resumed>) = 0 [pid 468] <... futex resumed>) = 0 [pid 502] memfd_create("syzkaller", 0 [pid 500] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 495] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 468] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... memfd_create resumed>) = 3 [pid 495] <... openat resumed>) = 4 [pid 477] <... futex resumed>) = 0 [pid 468] <... futex resumed>) = 1 [ 29.240146][ T479] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 29.257287][ T477] EXT4-fs (loop5): re-mounted. Opts: (null). Quota mode: writeback. [ 29.273025][ T498] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 29.275912][ T492] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 29.284522][ T498] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [pid 502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 495] ioctl(4, LOOP_SET_FD, 3 [pid 477] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 468] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] <... mmap resumed>) = 0x7f3c04719000 [pid 478] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 477] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 502] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 478] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 480] <... futex resumed>) = 0 [pid 478] <... futex resumed>) = 1 [pid 480] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 478] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 480] <... openat resumed>) = 6 [pid 480] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 478] <... futex resumed>) = 0 [pid 480] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 478] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 480] <... openat resumed>) = 7 [pid 478] <... futex resumed>) = 0 [pid 480] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 480] <... futex resumed>) = 0 [pid 478] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 480] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 495] <... ioctl resumed>) = 0 [pid 495] close(3) = 0 [pid 495] mkdir("./file0", 0777) = 0 [pid 495] mount("/dev/loop4", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 502] <... write resumed>) = 262144 [pid 502] munmap(0x7f3c04719000, 262144) = 0 [pid 502] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 477] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 468] <... futex resumed>) = 0 [pid 477] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 468] exit_group(0 [pid 500] <... futex resumed>) = ? [pid 477] <... futex resumed>) = ? [pid 468] <... exit_group resumed>) = ? [pid 502] <... openat resumed>) = 4 [pid 502] ioctl(4, LOOP_SET_FD, 3 [pid 500] +++ exited with 0 +++ [pid 479] <... fsconfig resumed>) = 0 [pid 477] +++ exited with 0 +++ [pid 468] +++ exited with 0 +++ [pid 502] <... ioctl resumed>) = 0 [ 29.293202][ T492] System zones: 0-2, 18-18, 34-34 [ 29.301485][ T495] loop4: detected capacity change from 0 to 512 [ 29.304544][ T492] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 29.309031][ T479] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 29.338136][ T479] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback. [ 29.338844][ T502] loop0: detected capacity change from 0 to 512 [pid 502] close(3) = 0 [pid 502] mkdir("./file0", 0777) = 0 [pid 502] mount("/dev/loop0", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 303] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=468, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- [pid 479] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 303] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 303] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 303] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 303] getdents64(3, 0x55555589f620 /* 4 entries */, 32768) = 112 [pid 303] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 303] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 303] unlink("./4/binderfs") = 0 [pid 303] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 476] exit_group(0 [pid 504] <... futex resumed>) = ? [pid 476] <... exit_group resumed>) = ? [pid 504] +++ exited with 0 +++ [pid 479] <... futex resumed>) = ? [pid 479] +++ exited with 0 +++ [pid 476] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=476, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- [pid 299] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 299] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 299] getdents64(3, 0x55555589f620 /* 4 entries */, 32768) = 112 [pid 299] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 299] unlink("./4/binderfs") = 0 [pid 299] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 492] <... mount resumed>) = 0 [pid 492] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 492] chdir("./file0") = 0 [pid 492] ioctl(4, LOOP_CLR_FD) = 0 [pid 492] close(4) = 0 [pid 492] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 492] <... futex resumed>) = 1 [pid 492] fspick(AT_FDCWD, ".", 0) = 4 [pid 492] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 492] <... futex resumed>) = 1 [pid 492] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 492] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 492] <... futex resumed>) = 1 [pid 492] sendmsg(5, NULL, 0) = -1 EFAULT (Bad address) [pid 492] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 492] <... futex resumed>) = 1 [pid 492] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 492] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 492] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 489] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 29.347971][ T492] EXT4-fs (loop3): 1 truncate cleaned up [ 29.357764][ T492] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 29.369255][ T492] ext4 filesystem being mounted at /root/syzkaller.xspvsY/4/file0 supports timestamps until 2038 (0x7fffffff) [ 29.384856][ T498] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [pid 489] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... umount2 resumed>) = 0 [pid 489] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 489] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 489] <... futex resumed>) = 0 [pid 489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c04738000 [pid 489] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 489] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[510], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 510 [pid 489] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 498] <... fsconfig resumed>) = 0 [pid 492] <... fsconfig resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 510 attached [pid 498] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 492] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [ 29.400190][ T495] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 29.404055][ T492] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback. [ 29.408141][ T495] System zones: [ 29.416015][ T502] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 29.416101][ T495] 0-2 [ 29.419861][ T502] System zones: [ 29.429045][ T498] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback. [ 29.436581][ T502] 0-2 [ 29.441211][ T495] , 18-18 [ 29.443068][ T502] , 18-18 [ 29.443928][ T495] , 34-34 [pid 299] lstat("./4/file0", [pid 510] set_robust_list(0x7f3c047589e0, 24 [pid 498] <... futex resumed>) = 0 [pid 492] <... futex resumed>) = 0 [pid 478] exit_group(0 [pid 299] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 510] <... set_robust_list resumed>) = 0 [pid 510] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 492] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 480] <... futex resumed>) = ? [pid 478] <... exit_group resumed>) = ? [pid 303] <... umount2 resumed>) = 0 [pid 299] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 303] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 303] lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 303] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 303] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 303] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 303] getdents64(4, 0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 303] getdents64(4, 0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 303] close(4) = 0 [pid 498] +++ exited with 0 +++ [pid 489] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 480] +++ exited with 0 +++ [pid 478] +++ exited with 0 +++ [pid 303] rmdir("./4/file0" [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=478, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- [pid 299] <... openat resumed>) = 4 [pid 300] restart_syscall(<... resuming interrupted clone ...> [pid 299] fstat(4, [pid 300] <... restart_syscall resumed>) = 0 [pid 299] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 299] getdents64(4, 0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 300] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] getdents64(4, [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... getdents64 resumed>0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 300] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] close(4 [pid 300] <... openat resumed>) = 3 [pid 299] <... close resumed>) = 0 [pid 300] fstat(3, [pid 299] rmdir("./4/file0" [pid 300] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 300] getdents64(3, [pid 299] getdents64(3, [pid 300] <... getdents64 resumed>0x55555589f620 /* 4 entries */, 32768) = 112 [pid 299] <... getdents64 resumed>0x55555589f620 /* 0 entries */, 32768) = 0 [pid 489] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] close(3 [pid 303] <... rmdir resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... close resumed>) = 0 [ 29.447136][ T502] , 34-34 [ 29.449279][ T495] [ 29.452705][ T502] [ 29.456460][ T495] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 29.458410][ T510] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 29.459881][ T502] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 29.496671][ T495] EXT4-fs (loop4): 1 truncate cleaned up [pid 300] lstat("./5/binderfs", [pid 492] <... futex resumed>) = 0 [pid 489] <... futex resumed>) = 1 [pid 299] rmdir("./4" [pid 492] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 489] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] getdents64(3, [pid 300] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 492] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 300] unlink("./5/binderfs" [pid 299] mkdir("./5", 0777 [pid 492] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... unlink resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 492] <... futex resumed>) = 0 [pid 300] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 492] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555589e5d0) = 511 ./strace-static-x86_64: Process 511 attached [pid 511] set_robust_list(0x55555589e5e0, 24) = 0 [pid 511] chdir("./5") = 0 [pid 511] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 511] setpgid(0, 0) = 0 [pid 511] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 511] write(3, "1000", 4) = 4 [pid 511] close(3) = 0 [pid 511] symlink("/dev/binderfs", "./binderfs") = 0 [pid 511] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c0cb19000 [pid 511] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 489] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 303] <... getdents64 resumed>0x55555589f620 /* 0 entries */, 32768) = 0 [pid 511] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[512], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 512 [pid 511] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 512 attached [pid 512] set_robust_list(0x7f3c0cb399e0, 24) = 0 [pid 512] memfd_create("syzkaller", 0) = 3 [pid 512] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 [pid 512] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 489] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] close(3 [pid 495] <... mount resumed>) = 0 [pid 492] <... futex resumed>) = 0 [pid 489] <... futex resumed>) = 1 [pid 303] <... close resumed>) = 0 [pid 492] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 489] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] rmdir("./4" [pid 492] <... openat resumed>) = -1 EROFS (Read-only file system) [pid 303] <... rmdir resumed>) = 0 [pid 492] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] mkdir("./5", 0777 [pid 492] <... futex resumed>) = 1 [pid 489] <... futex resumed>) = 0 [pid 303] <... mkdir resumed>) = 0 [pid 492] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 303] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 303] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 303] close(3 [pid 495] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 303] <... close resumed>) = 0 [pid 512] <... write resumed>) = 262144 [pid 495] <... openat resumed>) = 3 [pid 303] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 513 attached [pid 512] munmap(0x7f3c04719000, 262144 [pid 495] chdir("./file0" [pid 512] <... munmap resumed>) = 0 [pid 495] <... chdir resumed>) = 0 [pid 303] <... clone resumed>, child_tidptr=0x55555589e5d0) = 513 [pid 512] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 495] ioctl(4, LOOP_CLR_FD [pid 512] <... openat resumed>) = 4 [pid 495] <... ioctl resumed>) = 0 [pid 512] ioctl(4, LOOP_SET_FD, 3 [pid 495] close(4) = 0 [pid 495] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 494] <... futex resumed>) = 0 [pid 495] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 494] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 494] <... futex resumed>) = 0 [pid 495] fspick(AT_FDCWD, ".", 0 [pid 494] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... fspick resumed>) = 4 [pid 495] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 494] <... futex resumed>) = 0 [pid 495] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 494] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 494] <... futex resumed>) = 0 [pid 495] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [ 29.503223][ T495] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 29.514528][ T495] ext4 filesystem being mounted at /root/syzkaller.XlkTr1/5/file0 supports timestamps until 2038 (0x7fffffff) [ 29.526555][ T510] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 29.538024][ T502] EXT4-fs (loop0): 1 truncate cleaned up [pid 494] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... socket resumed>) = 5 [pid 513] set_robust_list(0x55555589e5e0, 24) = 0 [pid 513] chdir("./5") = 0 [pid 513] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 513] setpgid(0, 0) = 0 [pid 513] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 513] write(3, "1000", 4) = 4 [pid 513] close(3) = 0 [pid 513] symlink("/dev/binderfs", "./binderfs") = 0 [pid 513] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c0cb19000 [pid 513] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 513] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[514], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 514 [pid 513] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 514 attached [pid 514] set_robust_list(0x7f3c0cb399e0, 24) = 0 [pid 514] memfd_create("syzkaller", 0 [pid 495] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 514] <... memfd_create resumed>) = 3 [pid 512] <... ioctl resumed>) = 0 [pid 502] <... mount resumed>) = 0 [pid 495] <... futex resumed>) = 1 [pid 494] <... futex resumed>) = 0 [pid 495] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 494] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 494] <... futex resumed>) = 0 [pid 495] sendmsg(5, NULL, 0 [pid 494] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 495] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 494] <... futex resumed>) = 0 [pid 495] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 494] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 494] <... futex resumed>) = 0 [pid 495] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 494] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... fsconfig resumed>) = 0 [pid 495] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 494] <... futex resumed>) = 0 [pid 495] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 494] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 494] <... futex resumed>) = 0 [pid 495] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 494] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 502] chdir("./file0") = 0 [pid 502] ioctl(4, LOOP_CLR_FD) = 0 [pid 502] close(4) = 0 [pid 502] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 502] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 512] close(3) = 0 [pid 512] mkdir("./file0", 0777) = 0 [pid 514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 [pid 514] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 512] mount("/dev/loop1", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 514] <... write resumed>) = 262144 [pid 514] munmap(0x7f3c04719000, 262144) = 0 [pid 514] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 514] ioctl(4, LOOP_SET_FD, 3 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 514] <... ioctl resumed>) = 0 [pid 514] close(3) = 0 [pid 514] mkdir("./file0", 0777) = 0 [pid 514] mount("/dev/loop5", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 510] <... fsconfig resumed>) = 0 [pid 510] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 510] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 502] <... futex resumed>) = 0 [pid 502] fspick(AT_FDCWD, ".", 0) = 4 [pid 502] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 499] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] <... futex resumed>) = 0 [pid 502] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 502] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] sendmsg(5, NULL, 0) = -1 EFAULT (Bad address) [pid 502] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 502] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 502] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 495] <... fsconfig resumed>) = 0 [pid 489] exit_group(0 [pid 300] <... umount2 resumed>) = 0 [pid 492] <... futex resumed>) = ? [pid 489] <... exit_group resumed>) = ? [pid 300] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 492] +++ exited with 0 +++ [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 29.543726][ T502] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 29.551325][ T512] loop1: detected capacity change from 0 to 512 [ 29.554985][ T502] ext4 filesystem being mounted at /root/syzkaller.iUXvEJ/5/file0 supports timestamps until 2038 (0x7fffffff) [ 29.572985][ T510] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback. [ 29.579180][ T514] loop5: detected capacity change from 0 to 512 [ 29.587498][ T495] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback. [pid 300] lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 300] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 300] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 300] getdents64(4, 0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 300] getdents64(4, 0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 300] close(4) = 0 [pid 300] rmdir("./5/file0" [pid 510] <... futex resumed>) = ? [pid 495] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... rmdir resumed>) = 0 [pid 300] getdents64(3, 0x55555589f620 /* 0 entries */, 32768) = 0 [pid 300] close(3) = 0 [pid 300] rmdir("./5") = 0 [pid 300] mkdir("./6", 0777 [pid 510] +++ exited with 0 +++ [pid 495] <... futex resumed>) = 1 [pid 494] <... futex resumed>) = 0 [pid 489] +++ exited with 0 +++ [pid 300] <... mkdir resumed>) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 495] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 494] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=489, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- [pid 502] <... fsconfig resumed>) = 0 [pid 300] <... openat resumed>) = 3 [pid 301] restart_syscall(<... resuming interrupted clone ...> [pid 300] ioctl(3, LOOP_CLR_FD [pid 301] <... restart_syscall resumed>) = 0 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 300] close(3 [pid 494] <... futex resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 301] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] <... clone resumed>, child_tidptr=0x55555589e5d0) = 519 [pid 301] <... openat resumed>) = 3 [pid 301] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 301] getdents64(3, 0x55555589f620 /* 4 entries */, 32768) = 112 [pid 301] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 301] unlink("./4/binderfs") = 0 [pid 301] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 519 attached [pid 502] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] set_robust_list(0x55555589e5e0, 24 [pid 502] <... futex resumed>) = 1 [pid 499] <... futex resumed>) = 0 [pid 519] <... set_robust_list resumed>) = 0 [pid 502] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 519] chdir("./6" [pid 502] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 499] <... futex resumed>) = 0 [pid 519] <... chdir resumed>) = 0 [pid 502] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [ 29.596462][ T502] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback. [ 29.608745][ T495] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 29.619276][ T512] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 29.619622][ T495] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 29.627365][ T512] System zones: 0-2, 18-18, 34-34 [ 29.641672][ T514] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [pid 499] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 519] setpgid(0, 0 [pid 494] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 499] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 499] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c04738000 [pid 499] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE [pid 519] <... setpgid resumed>) = 0 [pid 499] <... mprotect resumed>) = 0 [pid 494] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 499] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[522], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 522 [pid 499] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 519] write(3, "1000", 4) = 4 [pid 519] close(3) = 0 [pid 519] symlink("/dev/binderfs", "./binderfs") = 0 [pid 519] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c0cb19000 [pid 519] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 519] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[523], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 523 [pid 519] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 519] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 523 attached [pid 523] set_robust_list(0x7f3c0cb399e0, 24) = 0 [ 29.642650][ T502] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 29.649503][ T514] System zones: 0-2, 18-18, 34-34 [ 29.659898][ T512] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 29.665612][ T514] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 29.678187][ T502] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [pid 523] memfd_create("syzkaller", 0) = 3 [pid 523] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 [pid 523] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 494] <... futex resumed>) = 0 [pid 494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c04738000 [pid 494] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 522 attached [pid 523] <... write resumed>) = 262144 [pid 495] <... fsconfig resumed>) = 0 [pid 494] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 301] <... umount2 resumed>) = 0 [pid 301] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 301] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 301] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 301] getdents64(4, 0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 301] getdents64(4, 0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 301] close(4) = 0 [pid 301] rmdir("./4/file0") = 0 [pid 301] getdents64(3, 0x55555589f620 /* 0 entries */, 32768) = 0 [pid 301] close(3) = 0 [pid 301] rmdir("./4") = 0 [pid 301] mkdir("./5", 0777) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 301] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 301] close(3) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555589e5d0) = 525 [ 29.700344][ T495] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback. [ 29.709317][ T512] EXT4-fs (loop1): 1 truncate cleaned up [ 29.709325][ T514] EXT4-fs (loop5): 1 truncate cleaned up [ 29.709342][ T514] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 29.715045][ T512] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 29.721182][ T514] ext4 filesystem being mounted at /root/syzkaller.ocl8L5/5/file0 supports timestamps until 2038 (0x7fffffff) [pid 523] munmap(0x7f3c04719000, 262144 [pid 522] set_robust_list(0x7f3c047589e0, 24 [pid 499] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 495] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 523] <... munmap resumed>) = 0 [pid 522] <... set_robust_list resumed>) = 0 [pid 499] futex(0x7f3c0cc127cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... futex resumed>) = 0 [pid 494] <... clone resumed>, parent_tid=[526], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 526 [pid 523] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 522] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 499] <... futex resumed>) = 0 [pid 495] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 494] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 523] <... openat resumed>) = 4 [pid 522] <... openat resumed>) = 6 [pid 499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 494] <... futex resumed>) = 0 [pid 523] ioctl(4, LOOP_SET_FD, 3 [pid 522] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 499] <... mmap resumed>) = 0x7f3c04717000 [pid 494] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 526 attached ./strace-static-x86_64: Process 525 attached [pid 522] <... futex resumed>) = 0 [pid 514] <... mount resumed>) = 0 [pid 512] <... mount resumed>) = 0 [pid 499] mprotect(0x7f3c04718000, 131072, PROT_READ|PROT_WRITE [pid 526] set_robust_list(0x7f3c047589e0, 24 [pid 525] set_robust_list(0x55555589e5e0, 24 [pid 522] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 514] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 512] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 526] <... set_robust_list resumed>) = 0 [pid 525] <... set_robust_list resumed>) = 0 [pid 514] <... openat resumed>) = 3 [pid 512] <... openat resumed>) = 3 [pid 526] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 525] chdir("./5" [pid 514] chdir("./file0" [pid 512] chdir("./file0" [pid 525] <... chdir resumed>) = 0 [pid 514] <... chdir resumed>) = 0 [pid 512] <... chdir resumed>) = 0 [pid 525] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 514] ioctl(4, LOOP_CLR_FD [pid 512] ioctl(4, LOOP_CLR_FD [pid 525] <... prctl resumed>) = 0 [pid 514] <... ioctl resumed>) = 0 [pid 512] <... ioctl resumed>) = 0 [pid 525] setpgid(0, 0 [pid 514] close(4 [pid 512] close(4 [pid 525] <... setpgid resumed>) = 0 [pid 523] <... ioctl resumed>) = 0 [pid 514] <... close resumed>) = 0 [pid 512] <... close resumed>) = 0 [pid 499] <... mprotect resumed>) = 0 [pid 525] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 514] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 525] <... openat resumed>) = 3 [pid 514] <... futex resumed>) = 1 [pid 512] <... futex resumed>) = 1 [pid 525] write(3, "1000", 4 [pid 514] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 512] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 525] <... write resumed>) = 4 [pid 525] close(3) = 0 [pid 525] symlink("/dev/binderfs", "./binderfs") = 0 [pid 525] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c0cb19000 [pid 525] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 525] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[527], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 527 [pid 525] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 526] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 523] close(3 [pid 513] <... futex resumed>) = 0 [pid 511] <... futex resumed>) = 0 [pid 499] clone(child_stack=0x7f3c047373f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 527 attached [pid 526] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 523] <... close resumed>) = 0 [pid 513] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... fsconfig resumed>) = 0 [pid 527] set_robust_list(0x7f3c0cb399e0, 24 [pid 526] <... futex resumed>) = 1 [pid 523] mkdir("./file0", 0777 [pid 514] <... futex resumed>) = 0 [pid 513] <... futex resumed>) = 1 [pid 512] <... futex resumed>) = 0 [pid 511] <... futex resumed>) = 1 [pid 494] <... futex resumed>) = 0 [pid 527] <... set_robust_list resumed>) = 0 [pid 526] futex(0x7f3c0cc127b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 502] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 523] <... mkdir resumed>) = 0 [pid 513] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 511] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 499] <... clone resumed>, parent_tid=[528], tls=0x7f3c04737700, child_tidptr=0x7f3c047379d0) = 528 [pid 527] memfd_create("syzkaller", 0 [pid 523] mount("/dev/loop2", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 514] fspick(AT_FDCWD, ".", 0 [pid 512] fspick(AT_FDCWD, ".", 0 [pid 502] <... futex resumed>) = 0 [pid 499] futex(0x7f3c0cc127c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 527] <... memfd_create resumed>) = 3 [pid 514] <... fspick resumed>) = 4 [pid 512] <... fspick resumed>) = 4 [pid 499] <... futex resumed>) = 0 [pid 494] <... futex resumed>) = 1 [pid 514] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 499] futex(0x7f3c0cc127cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... futex resumed>) = 0 [pid 495] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 494] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 528 attached [pid 528] set_robust_list(0x7f3c047379e0, 24 [pid 495] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 514] <... futex resumed>) = 1 [pid 513] <... futex resumed>) = 0 [pid 512] <... futex resumed>) = 1 [pid 511] <... futex resumed>) = 0 [pid 495] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 514] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 513] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 511] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... futex resumed>) = 1 [pid 494] <... futex resumed>) = 0 [pid 513] <... futex resumed>) = 0 [pid 511] <... futex resumed>) = 0 [pid 514] <... socket resumed>) = 5 [pid 494] exit_group(0 [pid 511] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] <... socket resumed>) = 5 [pid 494] <... exit_group resumed>) = ? [pid 526] <... futex resumed>) = ? [pid 514] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 526] +++ exited with 0 +++ [pid 514] <... futex resumed>) = 0 [pid 513] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 528] <... set_robust_list resumed>) = 0 [ 29.740713][ T512] ext4 filesystem being mounted at /root/syzkaller.RmIcRO/5/file0 supports timestamps until 2038 (0x7fffffff) [ 29.762455][ T523] loop2: detected capacity change from 0 to 512 [ 29.771297][ T502] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 29.785923][ T502] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback. [pid 528] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 527] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 514] sendmsg(5, NULL, 0 [pid 513] <... futex resumed>) = 0 [pid 512] <... futex resumed>) = 1 [pid 511] <... futex resumed>) = 0 [pid 502] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 495] +++ exited with 0 +++ [pid 494] +++ exited with 0 +++ [pid 527] <... mmap resumed>) = 0x7f3c04719000 [pid 514] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 513] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=494, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- [pid 527] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 514] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 512] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 511] <... futex resumed>) = 0 [pid 527] <... write resumed>) = 262144 [pid 514] <... futex resumed>) = 0 [pid 513] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] sendmsg(5, NULL, 0 [pid 511] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] munmap(0x7f3c04719000, 262144 [pid 514] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 513] <... futex resumed>) = 0 [pid 512] <... sendmsg resumed>) = -1 EFAULT (Bad address) [pid 302] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 527] <... munmap resumed>) = 0 [pid 514] <... fsconfig resumed>) = 0 [pid 513] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 527] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 514] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 512] <... futex resumed>) = 1 [pid 511] <... futex resumed>) = 0 [pid 302] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 527] <... openat resumed>) = 4 [pid 514] <... futex resumed>) = 0 [pid 513] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... openat resumed>) = 3 [pid 527] ioctl(4, LOOP_SET_FD, 3 [pid 514] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 513] <... futex resumed>) = 0 [pid 512] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 511] <... futex resumed>) = 0 [pid 302] fstat(3, [pid 513] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 512] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 511] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 512] <... fsconfig resumed>) = 0 [pid 302] getdents64(3, [pid 512] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... getdents64 resumed>0x55555589f620 /* 4 entries */, 32768) = 112 [pid 512] <... futex resumed>) = 1 [pid 511] <... futex resumed>) = 0 [pid 302] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 512] futex(0x7f3c0cc127a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 512] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 511] <... futex resumed>) = 0 [pid 302] lstat("./5/binderfs", [pid 512] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 511] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 302] unlink("./5/binderfs") = 0 [pid 302] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 527] <... ioctl resumed>) = 0 [pid 527] close(3) = 0 [pid 527] mkdir("./file0", 0777) = 0 [ 29.798730][ T528] general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN [ 29.810272][ T528] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 29.816179][ T527] loop3: detected capacity change from 0 to 512 [ 29.818520][ T528] CPU: 0 PID: 528 Comm: syz-executor261 Tainted: G W 5.15.106-syzkaller-00249-g19c0ed55a470 #0 [ 29.831242][ T514] EXT4-fs (loop5): re-mounted. Opts: (null). Quota mode: writeback. [ 29.836135][ T528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 29.836149][ T528] RIP: 0010:ext4_acquire_dquot+0x22e/0x3f0 [ 29.844806][ T512] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback. [ 29.853835][ T528] Code: 9c d8 80 01 00 00 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 b0 fa ba ff 4c 8b 33 49 83 c6 28 4c 89 f0 48 c1 e8 03 <42> 80 3c 38 00 74 08 4c 89 f7 e8 93 fa ba ff bb c8 03 00 00 49 03 [ 29.853855][ T528] RSP: 0018:ffffc900012f7498 EFLAGS: 00010206 [ 29.853875][ T528] RAX: 0000000000000005 RBX: ffff8881063d9180 RCX: ffff888110b9e2c0 [pid 527] mount("/dev/loop3", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 499] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 513] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 513] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c04738000 [pid 513] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 513] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[529], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 529 [pid 513] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 513] <... futex resumed>) = 0 [pid 511] futex(0x7f3c0cc127bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 511] <... futex resumed>) = 0 [pid 511] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c04738000 [pid 511] mprotect(0x7f3c04739000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 511] clone(child_stack=0x7f3c047583f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[530], tls=0x7f3c04758700, child_tidptr=0x7f3c047589d0) = 530 [pid 511] futex(0x7f3c0cc127b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7f3c0cc127bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 529 attached [pid 529] set_robust_list(0x7f3c047589e0, 24) = 0 [pid 529] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0./strace-static-x86_64: Process 530 attached [pid 530] set_robust_list(0x7f3c047589e0, 24) = 0 [pid 530] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 513] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 513] futex(0x7f3c0cc127cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c04717000 [pid 513] mprotect(0x7f3c04718000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 513] clone(child_stack=0x7f3c047373f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 511] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 513] <... clone resumed>, parent_tid=[531], tls=0x7f3c04737700, child_tidptr=0x7f3c047379d0) = 531 [pid 511] futex(0x7f3c0cc127cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] futex(0x7f3c0cc127c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] <... futex resumed>) = 0 [pid 513] <... futex resumed>) = 0 [pid 511] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 513] futex(0x7f3c0cc127cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 511] <... mmap resumed>) = 0x7f3c04717000 [ 29.853889][ T528] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 29.908342][ T528] RBP: ffffc900012f74e8 R08: ffffffff81f637df R09: ffffed10238be5cb [ 29.916758][ T528] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000162 [ 29.924691][ T528] R13: 0000000000000049 R14: 0000000000000028 R15: dffffc0000000000 [ 29.932508][ T528] FS: 00007f3c04737700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 29.941285][ T528] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.947694][ T528] CR2: 00007ffee9b537c0 CR3: 0000000104fe3000 CR4: 00000000003506b0 [ 29.955524][ T528] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 29.963318][ T528] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 29.971124][ T528] Call Trace: [ 29.974252][ T528] [ 29.977035][ T528] dqget+0x9d4/0xde0 [ 29.980769][ T528] __dquot_initialize+0x2d9/0xe10 [ 29.985624][ T528] ? __kasan_check_write+0x14/0x20 [ 29.990575][ T528] ? lockref_get_or_lock+0x2b0/0x2b0 [ 29.995689][ T528] ? dquot_initialize+0x20/0x20 [ 30.000377][ T528] ? fsverity_file_open+0xbe/0x300 [ 30.005325][ T528] ? fsverity_get_descriptor+0x490/0x490 [ 30.010801][ T528] ? dput+0x2b5/0x320 [ 30.014702][ T528] ? generic_file_open+0x9a/0xd0 [ 30.019559][ T528] dquot_file_open+0x83/0xb0 [ 30.023991][ T528] ext4_file_open+0x2cf/0x700 [ 30.028502][ T528] ? ext4_file_mmap+0x1c0/0x1c0 [ 30.033208][ T528] ? selinux_file_receive+0x150/0x150 [ 30.038396][ T528] ? __kasan_check_read+0x11/0x20 [ 30.043249][ T528] ? fsnotify_perm+0x470/0x5d0 [ 30.047853][ T528] ? ext4_file_mmap+0x1c0/0x1c0 [pid 511] mprotect(0x7f3c04718000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 511] clone(child_stack=0x7f3c047373f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[532], tls=0x7f3c04737700, child_tidptr=0x7f3c047379d0) = 532 [pid 511] futex(0x7f3c0cc127c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7f3c0cc127cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 531 attached [pid 531] set_robust_list(0x7f3c047379e0, 24) = 0 [pid 531] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EROFS (Read-only file system) [pid 531] futex(0x7f3c0cc127cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7f3c0cc127c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7f3c0cc127cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 531] <... futex resumed>) = 1 [pid 531] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EROFS (Read-only file system) [pid 531] futex(0x7f3c0cc127cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 531] <... futex resumed>) = 1 [pid 531] futex(0x7f3c0cc127c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 532 attached [pid 532] set_robust_list(0x7f3c047379e0, 24) = 0 [pid 532] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EROFS (Read-only file system) [pid 532] futex(0x7f3c0cc127cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] <... futex resumed>) = 0 [pid 511] futex(0x7f3c0cc127c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7f3c0cc127cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] <... futex resumed>) = 1 [pid 532] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EROFS (Read-only file system) [pid 532] futex(0x7f3c0cc127cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] <... futex resumed>) = 0 [pid 532] <... futex resumed>) = 1 [pid 532] futex(0x7f3c0cc127c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] exit_group(0 [pid 502] <... futex resumed>) = ? [pid 499] <... exit_group resumed>) = ? [pid 502] +++ exited with 0 +++ [pid 522] <... futex resumed>) = ? [pid 522] +++ exited with 0 +++ [pid 513] exit_group(0 [pid 531] <... futex resumed>) = ? [pid 529] <... fsconfig resumed>) = ? [pid 513] <... exit_group resumed>) = ? [pid 531] +++ exited with 0 +++ [pid 529] +++ exited with 0 +++ [pid 511] exit_group(0 [pid 532] <... futex resumed>) = ? [ 30.052551][ T528] do_dentry_open+0x81c/0xfd0 [ 30.057058][ T528] vfs_open+0x73/0x80 [ 30.060877][ T528] path_openat+0x26f0/0x2f40 [ 30.065310][ T528] ? kmem_cache_alloc+0xf5/0x200 [ 30.070077][ T528] ? do_filp_open+0x460/0x460 [ 30.074586][ T528] do_filp_open+0x21c/0x460 [ 30.078923][ T528] ? vfs_tmpfile+0x2c0/0x2c0 [ 30.083358][ T528] do_sys_openat2+0x13b/0x500 [ 30.087866][ T528] ? do_sys_open+0x220/0x220 [ 30.092295][ T528] ? ptrace_notify+0x24c/0x350 [ 30.096898][ T528] __x64_sys_openat+0x243/0x290 [ 30.101581][ T528] ? __ia32_sys_open+0x270/0x270 [ 30.106360][ T528] ? __kasan_check_read+0x11/0x20 [ 30.111216][ T528] ? syscall_enter_from_user_mode+0x70/0x1b0 [ 30.117025][ T528] do_syscall_64+0x3d/0xb0 [ 30.121292][ T528] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 30.127009][ T528] RIP: 0033:0x7f3c0cb8d679 [ 30.131277][ T528] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [pid 530] <... fsconfig resumed>) = ? [pid 511] <... exit_group resumed>) = ? [pid 532] +++ exited with 0 +++ [pid 530] +++ exited with 0 +++ [ 30.150718][ T528] RSP: 002b:00007f3c047372f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 30.158977][ T528] RAX: ffffffffffffffda RBX: 00007f3c0cc127c0 RCX: 00007f3c0cb8d679 [ 30.166758][ T528] RDX: 000000000000275a RSI: 0000000020000040 RDI: 00000000ffffff9c [ 30.174573][ T528] RBP: 00007f3c0cbdf58c R08: 00007f3c04737700 R09: 0000000000000000 [ 30.182384][ T528] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c0cbdf0c0 [ 30.190192][ T528] R13: 0000000020000ec0 R14: 0030656c69662f2e R15: 00007f3c0cc127c8 [ 30.198011][ T528] [ 30.200867][ T528] Modules linked in: [pid 514] <... fsconfig resumed>) = ? [pid 512] <... fsconfig resumed>) = ? [pid 514] +++ exited with 0 +++ [pid 513] +++ exited with 0 +++ [pid 512] +++ exited with 0 +++ [pid 511] +++ exited with 0 +++ [pid 303] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=513, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=511, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- [pid 303] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 303] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 303] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 303] <... openat resumed>) = 3 [pid 299] <... openat resumed>) = 3 [pid 303] fstat(3, [pid 299] fstat(3, [pid 303] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 299] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 303] getdents64(3, [pid 299] getdents64(3, [pid 303] <... getdents64 resumed>0x55555589f620 /* 4 entries */, 32768) = 112 [pid 303] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 303] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 303] unlink("./5/binderfs") = 0 [pid 299] <... getdents64 resumed>0x55555589f620 /* 4 entries */, 32768) = 112 [pid 303] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 299] unlink("./5/binderfs") = 0 [ 30.205080][ T528] ---[ end trace ae5e43b253dd7532 ]--- [ 30.210773][ T528] RIP: 0010:ext4_acquire_dquot+0x22e/0x3f0 [ 30.216656][ T528] Code: 9c d8 80 01 00 00 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 b0 fa ba ff 4c 8b 33 49 83 c6 28 4c 89 f0 48 c1 e8 03 <42> 80 3c 38 00 74 08 4c 89 f7 e8 93 fa ba ff bb c8 03 00 00 49 03 [ 30.225595][ T523] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 30.236692][ T528] RSP: 0018:ffffc900012f7498 EFLAGS: 00010206 [pid 299] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 302] <... umount2 resumed>) = 0 [pid 302] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 302] lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 302] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 302] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 302] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 302] getdents64(4, 0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 302] getdents64(4, 0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 302] close(4) = 0 [pid 302] rmdir("./5/file0") = 0 [pid 302] getdents64(3, 0x55555589f620 /* 0 entries */, 32768) = 0 [pid 302] close(3) = 0 [pid 302] rmdir("./5") = 0 [ 30.245081][ T527] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 30.249954][ T528] RAX: 0000000000000005 RBX: ffff8881063d9180 RCX: ffff888110b9e2c0 [ 30.249974][ T528] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 30.258704][ T527] System zones: [ 30.265945][ T528] RBP: ffffc900012f74e8 R08: ffffffff81f637df R09: ffffed10238be5cb [ 30.274768][ T523] System zones: [ 30.276925][ T528] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000162 [ 30.295956][ T528] R13: 0000000000000049 R14: 0000000000000028 R15: dffffc0000000000 [pid 302] mkdir("./6", 0777) = 0 [pid 302] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 302] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 302] close(3) = 0 [pid 302] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555589e5d0) = 538 ./strace-static-x86_64: Process 538 attached [pid 538] set_robust_list(0x55555589e5e0, 24) = 0 [pid 538] chdir("./6") = 0 [pid 538] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 538] setpgid(0, 0) = 0 [pid 538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 538] write(3, "1000", 4) = 4 [pid 538] close(3) = 0 [pid 538] symlink("/dev/binderfs", "./binderfs") = 0 [pid 538] futex(0x7f3c0cc127ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3c0cb19000 [pid 538] mprotect(0x7f3c0cb1a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 538] clone(child_stack=0x7f3c0cb393f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[539], tls=0x7f3c0cb39700, child_tidptr=0x7f3c0cb399d0) = 539 [pid 538] futex(0x7f3c0cc127a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7f3c0cc127ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 539 attached [pid 539] set_robust_list(0x7f3c0cb399e0, 24) = 0 [pid 539] memfd_create("syzkaller", 0) = 3 [pid 539] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3c04719000 [pid 303] <... umount2 resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 539] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 539] munmap(0x7f3c04719000, 262144) = 0 [pid 539] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 539] ioctl(4, LOOP_SET_FD, 3 [pid 303] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 303] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 303] lstat("./5/file0", [pid 299] lstat("./5/file0", [pid 303] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 299] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 303] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 303] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 303] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] <... openat resumed>) = 4 [pid 303] fstat(4, [pid 299] fstat(4, [pid 303] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 299] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 303] getdents64(4, [pid 299] getdents64(4, [pid 303] <... getdents64 resumed>0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 299] <... getdents64 resumed>0x5555558a7660 /* 2 entries */, 32768) = 48 [pid 303] getdents64(4, [pid 299] getdents64(4, [pid 303] <... getdents64 resumed>0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 303] close(4 [pid 299] <... getdents64 resumed>0x5555558a7660 /* 0 entries */, 32768) = 0 [pid 303] <... close resumed>) = 0 [pid 299] close(4 [pid 303] rmdir("./5/file0" [pid 299] <... close resumed>) = 0 [ 30.303903][ T528] FS: 00007f3c04737700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 30.313104][ T528] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.316571][ T527] 0-2 [ 30.319777][ T528] CR2: 00007ffee9b537c0 CR3: 0000000104fe3000 CR4: 00000000003506b0 [ 30.322046][ T527] , 18-18 [ 30.322435][ T528] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.345169][ T523] 0-2, 18-18, 34-34 [ 30.349608][ T527] , 34-34 [ 30.357896][ T527] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 30.357905][ T539] loop4: detected capacity change from 0 to 512 [ 30.357943][ T528] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.372948][ T523] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3824: comm syz-executor261: Allocating blocks 41-42 which overlap fs metadata [ 30.378313][ T528] Kernel panic - not syncing: Fatal exception [ 30.389282][ T523] __quota_error: 162 callbacks suppressed [ 30.389302][ T523] Quota error (device loop2): write_blk: dquota write failed [ 30.400095][ T528] Kernel Offset: disabled [ 30.423000][ T528] Rebooting in 86400 seconds..