./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4151454434

<...>
Warning: Permanently added '10.128.1.150' (ECDSA) to the list of known hosts.
execve("./syz-executor4151454434", ["./syz-executor4151454434"], 0x7ffc76dd31d0 /* 10 vars */) = 0
brk(NULL)                               = 0x555557344000
brk(0x555557344c40)                     = 0x555557344c40
arch_prctl(ARCH_SET_FS, 0x555557344300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
set_tid_address(0x5555573445d0)         = 322
set_robust_list(0x5555573445e0, 24)     = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7fd92c5e4650, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fd92c5e4d20}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7fd92c5e46f0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fd92c5e4d20}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor4151454434", 4096) = 28
brk(0x555557365c40)                     = 0x555557365c40
brk(0x555557366000)                     = 0x555557366000
mprotect(0x7fd92c6a6000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid()                                = 322
mkdir("./syzkaller.SY6i3v", 0700)       = 0
chmod("./syzkaller.SY6i3v", 0777)       = 0
chdir("./syzkaller.SY6i3v")             = 0
mkdir("./0", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 324 attached
 <unfinished ...>
[pid   324] set_robust_list(0x5555573445e0, 24 <unfinished ...>
[pid   322] <... clone resumed>, child_tidptr=0x5555573445d0) = 324
[pid   324] <... set_robust_list resumed>) = 0
[pid   324] chdir("./0")                = 0
[pid   324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   324] setpgid(0, 0)               = 0
[pid   324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   324] write(3, "1000", 4)         = 4
[pid   324] close(3)                    = 0
[pid   324] symlink("/dev/binderfs", "./binderfs") = 0
[pid   324] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd92c5b3000
[pid   324] mprotect(0x7fd92c5b4000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   324] clone(child_stack=0x7fd92c5d33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[325], tls=0x7fd92c5d3700, child_tidptr=0x7fd92c5d39d0) = 325
[pid   324] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   324] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 325 attached
 <unfinished ...>
[pid   325] set_robust_list(0x7fd92c5d39e0, 24) = 0
[pid   325] memfd_create("syzkaller", 0) = 3
[pid   325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd9241b3000
[pid   325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   325] munmap(0x7fd9241b3000, 1048576) = 0
[pid   325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   20.313689][   T30] audit: type=1400 audit(1679192411.160:62): avc:  denied  { execmem } for  pid=322 comm="syz-executor415" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   20.333241][   T30] audit: type=1400 audit(1679192411.160:63): avc:  denied  { read write } for  pid=322 comm="syz-executor415" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid   325] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   325] close(3)                    = 0
[pid   325] mkdir("./bus", 0777)        = 0
[   20.358596][   T30] audit: type=1400 audit(1679192411.160:64): avc:  denied  { open } for  pid=322 comm="syz-executor415" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   20.359602][  T325] loop0: detected capacity change from 0 to 2048
[   20.382875][   T30] audit: type=1400 audit(1679192411.160:65): avc:  denied  { ioctl } for  pid=322 comm="syz-executor415" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   20.414579][   T30] audit: type=1400 audit(1679192411.240:66): avc:  denied  { mounton } for  pid=324 comm="syz-executor415" path="/root/syzkaller.SY6i3v/0/bus" dev="sda1" ino=1141 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   20.446818][  T325] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[pid   325] mount("/dev/loop0", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue") = 0
[pid   325] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid   325] chdir("./bus")              = 0
[pid   325] ioctl(4, LOOP_CLR_FD)       = 0
[pid   325] close(4)                    = 0
[pid   325] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   325] futex(0x7fd92c6ac7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   324] <... futex resumed>)        = 0
[pid   324] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   324] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   325] <... futex resumed>)        = 0
[pid   325] chdir("./file0")            = 0
[pid   325] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   324] <... futex resumed>)        = 0
[pid   324] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   324] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   325] <... futex resumed>)        = 1
[pid   325] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4
[pid   325] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   324] <... futex resumed>)        = 0
[pid   324] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   324] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   325] <... futex resumed>)        = 1
[pid   325] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   325] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   324] <... futex resumed>)        = 0
[pid   324] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   324] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   325] <... futex resumed>)        = 1
[pid   325] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5
[pid   325] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   324] <... futex resumed>)        = 0
[pid   324] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   324] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   325] <... futex resumed>)        = 1
[pid   325] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid   325] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   324] <... futex resumed>)        = 0
[pid   324] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   324] futex(0x7fd92c6ac7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd924292000
[pid   324] mprotect(0x7fd924293000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   324] clone(child_stack=0x7fd9242b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[330], tls=0x7fd9242b2700, child_tidptr=0x7fd9242b29d0) = 330
[pid   324] futex(0x7fd92c6ac7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   324] futex(0x7fd92c6ac7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   325] <... futex resumed>)        = 1
[pid   325] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 196608
[pid   325] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   325] futex(0x7fd92c6ac7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 330 attached
 <unfinished ...>
[pid   330] set_robust_list(0x7fd9242b29e0, 24) = 0
[pid   330] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED, 6, 0) = 0x20000000
[pid   330] futex(0x7fd92c6ac7bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   324] <... futex resumed>)        = 0
[pid   324] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   324] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   325] <... futex resumed>)        = 0
[pid   325] write(5, 0x200000c0, 34136651 <unfinished ...>
[pid   330] <... futex resumed>)        = 1
[   20.457658][   T30] audit: type=1400 audit(1679192411.310:67): avc:  denied  { mount } for  pid=324 comm="syz-executor415" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   20.457676][  T325] ext4 filesystem being mounted at /root/syzkaller.SY6i3v/0/bus supports timestamps until 2038 (0x7fffffff)
[pid   330] futex(0x7fd92c6ac7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   325] <... write resumed>)        = 192512
[pid   325] write(5, 0x200000c0, 34136651) = 192512
[pid   325] write(5, 0x200000c0, 34136651) = 192512
[pid   325] write(5, 0x200000c0, 34136651) = 192512
[pid   325] write(5, 0x200000c0, 34136651) = 192512
[pid   325] write(5, 0x200000c0, 34136651) = 86016
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651 <unfinished ...>
[pid   324] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   324] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} <unfinished ...>
[pid   325] <... write resumed>)        = -1 ENOSPC (No space left on device)
[pid   324] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   324] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} <unfinished ...>
[pid   325] write(5, 0x200000c0, 34136651 <unfinished ...>
[pid   324] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   324] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} <unfinished ...>
[pid   325] <... write resumed>)        = -1 ENOSPC (No space left on device)
[pid   324] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   324] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} <unfinished ...>
[pid   325] write(5, 0x200000c0, 34136651 <unfinished ...>
[pid   324] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   324] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} <unfinished ...>
[pid   325] <... write resumed>)        = -1 ENOSPC (No space left on device)
[pid   324] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[   20.496244][   T30] audit: type=1400 audit(1679192411.340:68): avc:  denied  { write } for  pid=324 comm="syz-executor415" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   20.518714][   T30] audit: type=1400 audit(1679192411.340:69): avc:  denied  { add_name } for  pid=324 comm="syz-executor415" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   20.539446][   T30] audit: type=1400 audit(1679192411.340:70): avc:  denied  { create } for  pid=324 comm="syz-executor415" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   325] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   325] futex(0x7fd92c6ac7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   324] exit_group(0 <unfinished ...>
[pid   330] <... futex resumed>)        = ?
[pid   324] <... exit_group resumed>)   = ?
[pid   330] +++ exited with 0 +++
[pid   325] <... futex resumed>)        = ?
[pid   325] +++ exited with 0 +++
[pid   324] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=324, si_uid=0, si_status=0, si_utime=0, si_stime=11} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555557345620 /* 4 entries */, 32768) = 104
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs")                  = 0
[   20.559727][   T30] audit: type=1400 audit(1679192411.350:71): avc:  denied  { read write open } for  pid=324 comm="syz-executor415" path="/root/syzkaller.SY6i3v/0/bus/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   20.585477][   T45] EXT4-fs error (device loop0): __ext4_get_inode_loc:4347: comm kworker/u4:2: Invalid inode table block 0 in block_group 0
[   20.598495][   T45] EXT4-fs error (device loop0): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:2: bad extent address lblock: 0, depth: 1 pblock 0
[   20.612361][   T45] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117
[   20.624518][   T45] EXT4-fs (loop0): This should not happen!! Data will be lost
[   20.624518][   T45] 
[   20.634209][   T45] EXT4-fs error (device loop0): __ext4_get_inode_loc:4347: comm kworker/u4:2: Invalid inode table block 0 in block_group 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555734d660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555734d660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./0/bus")                        = 0
getdents64(3, 0x555557345620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./0")                            = 0
mkdir("./1", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 331 attached
, child_tidptr=0x5555573445d0) = 331
[pid   331] set_robust_list(0x5555573445e0, 24) = 0
[pid   331] chdir("./1")                = 0
[pid   331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   331] setpgid(0, 0)               = 0
[pid   331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   331] write(3, "1000", 4)         = 4
[pid   331] close(3)                    = 0
[pid   331] symlink("/dev/binderfs", "./binderfs") = 0
[pid   331] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd92c5b3000
[pid   331] mprotect(0x7fd92c5b4000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   331] clone(child_stack=0x7fd92c5d33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 332 attached
 <unfinished ...>
[pid   332] set_robust_list(0x7fd92c5d39e0, 24 <unfinished ...>
[pid   331] <... clone resumed>, parent_tid=[332], tls=0x7fd92c5d3700, child_tidptr=0x7fd92c5d39d0) = 332
[pid   331] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   331] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid   332] <... set_robust_list resumed>) = 0
[pid   332] memfd_create("syzkaller", 0) = 3
[pid   332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd9241b3000
[pid   332] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   332] munmap(0x7fd9241b3000, 1048576) = 0
[pid   332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   332] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   332] close(3)                    = 0
[pid   332] mkdir("./bus", 0777)        = 0
[pid   332] mount("/dev/loop0", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue") = 0
[pid   332] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid   332] chdir("./bus")              = 0
[pid   332] ioctl(4, LOOP_CLR_FD)       = 0
[pid   332] close(4)                    = 0
[pid   332] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   331] <... futex resumed>)        = 0
[pid   332] futex(0x7fd92c6ac7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   331] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   331] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   332] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid   332] chdir("./file0")            = 0
[pid   332] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   331] <... futex resumed>)        = 0
[pid   331] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   331] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   332] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4
[pid   332] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   331] <... futex resumed>)        = 0
[pid   331] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   331] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   332] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   332] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   331] <... futex resumed>)        = 0
[pid   331] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   331] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   332] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5
[pid   332] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   331] <... futex resumed>)        = 0
[pid   331] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   331] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   332] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid   332] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   331] <... futex resumed>)        = 0
[pid   331] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   331] futex(0x7fd92c6ac7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd924292000
[pid   331] mprotect(0x7fd924293000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   331] clone(child_stack=0x7fd9242b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 335 attached
, parent_tid=[335], tls=0x7fd9242b2700, child_tidptr=0x7fd9242b29d0) = 335
[pid   331] futex(0x7fd92c6ac7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   331] futex(0x7fd92c6ac7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   332] <... futex resumed>)        = 1
[pid   332] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 <unfinished ...>
[pid   335] set_robust_list(0x7fd9242b29e0, 24) = 0
[pid   335] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED, 6, 0) = 0x20000000
[pid   332] <... write resumed>)        = 16384
[pid   332] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   332] futex(0x7fd92c6ac7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   335] futex(0x7fd92c6ac7bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   331] <... futex resumed>)        = 0
[pid   331] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   331] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   332] <... futex resumed>)        = 0
[pid   332] write(5, 0x200000c0, 34136651 <unfinished ...>
[pid   335] <... futex resumed>)        = 1
[pid   335] futex(0x7fd92c6ac7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   332] <... write resumed>)        = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[   20.765163][  T332] loop0: detected capacity change from 0 to 2048
[   20.786686][  T332] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   20.797146][  T332] ext4 filesystem being mounted at /root/syzkaller.SY6i3v/1/bus supports timestamps until 2038 (0x7fffffff)
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   332] write(5, 0x200000c0, 34136651) = 12288
[pid   331] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid   332] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   332] futex(0x7fd92c6ac7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   331] exit_group(0)               = ?
[pid   335] <... futex resumed>)        = ?
[pid   332] <... futex resumed>)        = ?
[pid   332] +++ exited with 0 +++
[pid   335] +++ exited with 0 +++
[pid   331] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=331, si_uid=0, si_status=0, si_utime=0, si_stime=5} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555557345620 /* 4 entries */, 32768) = 104
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs")                  = 0
[   20.885223][    T8] EXT4-fs error (device loop0): __ext4_get_inode_loc:4347: comm kworker/u4:0: Invalid inode table block 0 in block_group 0
[   20.898266][    T8] EXT4-fs error (device loop0): __ext4_get_inode_loc:4347: comm kworker/u4:0: Invalid inode table block 0 in block_group 0
[   20.911207][    T8] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5805: Corrupt filesystem
[   20.920669][    T8] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #19: comm kworker/u4:0: mark_inode_dirty error
[   20.932110][    T8] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 4 with error 117
[   20.944167][    T8] EXT4-fs (loop0): This should not happen!! Data will be lost
[   20.944167][    T8] 
[   20.953828][    T8] EXT4-fs error (device loop0): __ext4_get_inode_loc:4347: comm kworker/u4:0: Invalid inode table block 0 in block_group 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555734d660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555734d660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./1/bus")                        = 0
getdents64(3, 0x555557345620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./1")                            = 0
mkdir("./2", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573445d0) = 337
./strace-static-x86_64: Process 337 attached
[pid   337] set_robust_list(0x5555573445e0, 24) = 0
[pid   337] chdir("./2")                = 0
[pid   337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   337] setpgid(0, 0)               = 0
[pid   337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   337] write(3, "1000", 4)         = 4
[pid   337] close(3)                    = 0
[pid   337] symlink("/dev/binderfs", "./binderfs") = 0
[pid   337] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd92c5b3000
[pid   337] mprotect(0x7fd92c5b4000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   337] clone(child_stack=0x7fd92c5d33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[338], tls=0x7fd92c5d3700, child_tidptr=0x7fd92c5d39d0) = 338
[pid   337] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   337] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 338 attached
 <unfinished ...>
[pid   338] set_robust_list(0x7fd92c5d39e0, 24) = 0
[pid   338] memfd_create("syzkaller", 0) = 3
[pid   338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd9241b3000
[pid   338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   338] munmap(0x7fd9241b3000, 1048576) = 0
[pid   338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   338] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   338] close(3)                    = 0
[pid   338] mkdir("./bus", 0777)        = 0
[pid   338] mount("/dev/loop0", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue") = 0
[pid   338] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid   338] chdir("./bus")              = 0
[pid   338] ioctl(4, LOOP_CLR_FD)       = 0
[pid   338] close(4)                    = 0
[pid   338] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   337] <... futex resumed>)        = 0
[pid   337] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   337] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   338] <... futex resumed>)        = 1
[pid   338] chdir("./file0")            = 0
[pid   338] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   337] <... futex resumed>)        = 0
[pid   337] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   337] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   338] <... futex resumed>)        = 1
[pid   338] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4
[pid   338] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   337] <... futex resumed>)        = 0
[pid   337] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   337] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   338] <... futex resumed>)        = 1
[pid   338] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   338] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   337] <... futex resumed>)        = 0
[pid   337] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   337] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   338] <... futex resumed>)        = 1
[pid   338] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5
[pid   338] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   337] <... futex resumed>)        = 0
[pid   337] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   337] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   338] <... futex resumed>)        = 1
[pid   338] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid   338] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   337] <... futex resumed>)        = 0
[pid   337] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   337] futex(0x7fd92c6ac7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd924292000
[pid   337] mprotect(0x7fd924293000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   337] clone(child_stack=0x7fd9242b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[341], tls=0x7fd9242b2700, child_tidptr=0x7fd9242b29d0) = 341
[pid   337] futex(0x7fd92c6ac7b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 341 attached
 <unfinished ...>
[pid   338] <... futex resumed>)        = 1
[pid   341] set_robust_list(0x7fd9242b29e0, 24 <unfinished ...>
[pid   337] <... futex resumed>)        = 0
[pid   337] futex(0x7fd92c6ac7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   341] <... set_robust_list resumed>) = 0
[pid   338] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 <unfinished ...>
[pid   341] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED, 6, 0) = 0x20000000
[pid   341] futex(0x7fd92c6ac7bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   337] <... futex resumed>)        = 0
[pid   337] futex(0x7fd92c6ac7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   337] futex(0x7fd92c6ac7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   341] <... futex resumed>)        = 1
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651 <unfinished ...>
[pid   338] <... write resumed>)        = -1 EFAULT (Bad address)
[pid   341] <... write resumed>)        = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651 <unfinished ...>
[pid   338] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   341] <... write resumed>)        = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] write(5, 0x200000c0, 34136651 <unfinished ...>
[pid   338] <... futex resumed>)        = 0
[pid   341] <... write resumed>)        = -1 EFAULT (Bad address)
[pid   338] futex(0x7fd92c6ac7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   341] write(5, 0x200000c0, 34136651) = -1 EFAULT (Bad address)
[pid   341] futex(0x7fd92c6ac7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   337] <... futex resumed>)        = 0
[pid   341] futex(0x7fd92c6ac7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   337] exit_group(0)               = ?
[pid   338] <... futex resumed>)        = ?
[pid   341] <... futex resumed>)        = ?
[pid   341] +++ exited with 0 +++
[pid   338] +++ exited with 0 +++
[pid   337] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=337, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555557345620 /* 4 entries */, 32768) = 104
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs")                  = 0
[   21.054707][  T338] loop0: detected capacity change from 0 to 2048
[   21.076222][  T338] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   21.086768][  T338] ext4 filesystem being mounted at /root/syzkaller.SY6i3v/2/bus supports timestamps until 2038 (0x7fffffff)
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555734d660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555734d660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./2/bus")                        = 0
getdents64(3, 0x555557345620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./2")                            = 0
mkdir("./3", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573445d0) = 342
./strace-static-x86_64: Process 342 attached
[pid   342] set_robust_list(0x5555573445e0, 24) = 0
[pid   342] chdir("./3")                = 0
[pid   342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   342] setpgid(0, 0)               = 0
[pid   342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   342] write(3, "1000", 4)         = 4
[pid   342] close(3)                    = 0
[pid   342] symlink("/dev/binderfs", "./binderfs") = 0
[pid   342] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd92c5b3000
[pid   342] mprotect(0x7fd92c5b4000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   342] clone(child_stack=0x7fd92c5d33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[343], tls=0x7fd92c5d3700, child_tidptr=0x7fd92c5d39d0) = 343
[pid   342] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   342] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 343 attached
 <unfinished ...>
[pid   343] set_robust_list(0x7fd92c5d39e0, 24) = 0
[pid   343] memfd_create("syzkaller", 0) = 3
[pid   343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd9241b3000
[pid   343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   343] munmap(0x7fd9241b3000, 1048576) = 0
[pid   343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   343] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   343] close(3)                    = 0
[pid   343] mkdir("./bus", 0777)        = 0
[pid   343] mount("/dev/loop0", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue") = 0
[pid   343] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid   343] chdir("./bus")              = 0
[pid   343] ioctl(4, LOOP_CLR_FD)       = 0
[pid   343] close(4)                    = 0
[pid   343] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   342] <... futex resumed>)        = 0
[pid   342] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   342] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   343] <... futex resumed>)        = 1
[pid   343] chdir("./file0")            = 0
[pid   343] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   342] <... futex resumed>)        = 0
[pid   342] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   342] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   343] <... futex resumed>)        = 1
[pid   343] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4
[pid   343] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   343] futex(0x7fd92c6ac7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   342] <... futex resumed>)        = 0
[pid   342] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   342] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   343] <... futex resumed>)        = 0
[pid   343] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   343] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   342] <... futex resumed>)        = 0
[pid   342] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   342] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   343] <... futex resumed>)        = 1
[pid   343] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5
[pid   343] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   342] <... futex resumed>)        = 0
[pid   342] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   342] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   343] <... futex resumed>)        = 1
[pid   343] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid   343] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   342] <... futex resumed>)        = 0
[pid   342] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   342] futex(0x7fd92c6ac7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd924292000
[pid   342] mprotect(0x7fd924293000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   342] clone(child_stack=0x7fd9242b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[346], tls=0x7fd9242b2700, child_tidptr=0x7fd9242b29d0) = 346
[pid   342] futex(0x7fd92c6ac7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   342] futex(0x7fd92c6ac7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   343] <... futex resumed>)        = 1
[pid   343] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651./strace-static-x86_64: Process 346 attached
 <unfinished ...>
[pid   346] set_robust_list(0x7fd9242b29e0, 24) = 0
[pid   346] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED, 6, 0) = 0x20000000
[pid   343] <... write resumed>)        = 45056
[pid   343] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   343] futex(0x7fd92c6ac7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   346] futex(0x7fd92c6ac7bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   342] <... futex resumed>)        = 0
[pid   342] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   342] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   343] <... futex resumed>)        = 0
[pid   343] write(5, 0x200000c0, 34136651 <unfinished ...>
[pid   346] <... futex resumed>)        = 1
[pid   346] futex(0x7fd92c6ac7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   343] <... write resumed>)        = 40960
[pid   343] write(5, 0x200000c0, 34136651) = 40960
[pid   343] write(5, 0x200000c0, 34136651) = 40960
[pid   343] write(5, 0x200000c0, 34136651) = 40960
[pid   343] write(5, 0x200000c0, 34136651) = 40960
[pid   343] write(5, 0x200000c0, 34136651) = 40960
[pid   343] write(5, 0x200000c0, 34136651) = 40960
[pid   343] write(5, 0x200000c0, 34136651) = 40960
[pid   343] write(5, 0x200000c0, 34136651) = 40960
[pid   343] write(5, 0x200000c0, 34136651) = 40960
[pid   343] write(5, 0x200000c0, 34136651) = 40960
[pid   343] write(5, 0x200000c0, 34136651) = 40960
[pid   343] write(5, 0x200000c0, 34136651) = 40960
[pid   343] write(5, 0x200000c0, 34136651) = 40960
[pid   343] write(5, 0x200000c0, 34136651) = 40960
[pid   343] write(5, 0x200000c0, 34136651) = 40960
[pid   343] write(5, 0x200000c0, 34136651) = 40960
[pid   343] write(5, 0x200000c0, 34136651) = 40960
[pid   343] write(5, 0x200000c0, 34136651) = 40960
[   21.211225][  T343] loop0: detected capacity change from 0 to 2048
[   21.236568][  T343] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   21.247355][  T343] ext4 filesystem being mounted at /root/syzkaller.SY6i3v/3/bus supports timestamps until 2038 (0x7fffffff)
[pid   343] write(5, 0x200000c0, 34136651) = 40960
[pid   343] write(5, 0x200000c0, 34136651) = 40960
[pid   343] write(5, 0x200000c0, 34136651) = 40960
[pid   343] write(5, 0x200000c0, 34136651) = 40960
[pid   343] write(5, 0x200000c0, 34136651) = 40960
[pid   343] write(5, 0x200000c0, 34136651) = 40960
[pid   343] write(5, 0x200000c0, 34136651) = 24576
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   343] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   342] <... futex resumed>)        = 0
[pid   342] exit_group(0 <unfinished ...>
[pid   346] <... futex resumed>)        = ?
[pid   342] <... exit_group resumed>)   = ?
[pid   346] +++ exited with 0 +++
[pid   343] +++ exited with 0 +++
[pid   342] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=342, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555557345620 /* 4 entries */, 32768) = 104
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs")                  = 0
[   21.321680][  T336] EXT4-fs error (device loop0): __ext4_get_inode_loc:4347: comm kworker/u4:3: Invalid inode table block 0 in block_group 0
[   21.334861][  T336] EXT4-fs error (device loop0): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:3: bad extent address lblock: 0, depth: 1 pblock 0
[   21.349029][  T336] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 11 with error 117
[   21.361961][  T336] EXT4-fs (loop0): This should not happen!! Data will be lost
[   21.361961][  T336] 
[   21.371708][  T336] EXT4-fs error (device loop0): __ext4_get_inode_loc:4347: comm kworker/u4:3: Invalid inode table block 0 in block_group 0
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555734d660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555734d660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./3/bus")                        = 0
getdents64(3, 0x555557345620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./3")                            = 0
mkdir("./4", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555573445d0) = 348
./strace-static-x86_64: Process 348 attached
[pid   348] set_robust_list(0x5555573445e0, 24) = 0
[pid   348] chdir("./4")                = 0
[pid   348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid   348] setpgid(0, 0)               = 0
[pid   348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid   348] write(3, "1000", 4)         = 4
[pid   348] close(3)                    = 0
[pid   348] symlink("/dev/binderfs", "./binderfs") = 0
[pid   348] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd92c5b3000
[pid   348] mprotect(0x7fd92c5b4000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   348] clone(child_stack=0x7fd92c5d33f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[349], tls=0x7fd92c5d3700, child_tidptr=0x7fd92c5d39d0) = 349
[pid   348] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   348] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 349 attached
 <unfinished ...>
[pid   349] set_robust_list(0x7fd92c5d39e0, 24) = 0
[pid   349] memfd_create("syzkaller", 0) = 3
[pid   349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd9241b3000
[pid   349] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid   349] munmap(0x7fd9241b3000, 1048576) = 0
[pid   349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid   349] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid   349] close(3)                    = 0
[pid   349] mkdir("./bus", 0777)        = 0
[pid   349] mount("/dev/loop0", "./bus", "ext4", MS_NOATIME|MS_NODIRATIME|MS_REC|MS_I_VERSION|MS_LAZYTIME, ",errors=continue") = 0
[pid   349] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid   349] chdir("./bus")              = 0
[pid   349] ioctl(4, LOOP_CLR_FD)       = 0
[pid   349] close(4)                    = 0
[pid   349] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   348] <... futex resumed>)        = 0
[pid   348] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   348] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   349] <... futex resumed>)        = 1
[pid   349] chdir("./file0")            = 0
[pid   349] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   348] <... futex resumed>)        = 0
[pid   348] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   348] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   349] <... futex resumed>)        = 1
[pid   349] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 4
[pid   349] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   348] <... futex resumed>)        = 0
[pid   348] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   348] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   349] <... futex resumed>)        = 1
[pid   349] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid   349] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   349] futex(0x7fd92c6ac7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   348] <... futex resumed>)        = 0
[pid   348] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   348] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   349] <... futex resumed>)        = 0
[pid   349] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5
[pid   349] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   348] <... futex resumed>)        = 0
[pid   348] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   348] futex(0x7fd92c6ac7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   349] <... futex resumed>)        = 1
[pid   349] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid   349] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   348] <... futex resumed>)        = 0
[pid   348] futex(0x7fd92c6ac7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   348] futex(0x7fd92c6ac7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd924292000
[pid   348] mprotect(0x7fd924293000, 131072, PROT_READ|PROT_WRITE) = 0
[pid   348] clone(child_stack=0x7fd9242b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[352], tls=0x7fd9242b2700, child_tidptr=0x7fd9242b29d0) = 352
[pid   348] futex(0x7fd92c6ac7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   348] futex(0x7fd92c6ac7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   349] <... futex resumed>)        = 1
[pid   349] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651./strace-static-x86_64: Process 352 attached
 <unfinished ...>
[pid   352] set_robust_list(0x7fd9242b29e0, 24) = 0
[pid   352] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED, 6, 0) = 0x20000000
[pid   352] futex(0x7fd92c6ac7bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid   349] <... write resumed>)        = 57344
[pid   348] <... futex resumed>)        = 0
[pid   348] futex(0x7fd92c6ac7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   348] futex(0x7fd92c6ac7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid   352] <... futex resumed>)        = 1
[pid   352] write(5, 0x200000c0, 34136651 <unfinished ...>
[pid   349] futex(0x7fd92c6ac7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid   349] futex(0x7fd92c6ac7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   352] <... write resumed>)        = 53248
[pid   352] write(5, 0x200000c0, 34136651) = 53248
[pid   352] write(5, 0x200000c0, 34136651) = 53248
[pid   352] write(5, 0x200000c0, 34136651) = 53248
[pid   352] write(5, 0x200000c0, 34136651) = 53248
[pid   352] write(5, 0x200000c0, 34136651) = 53248
[pid   352] write(5, 0x200000c0, 34136651) = 53248
[pid   352] write(5, 0x200000c0, 34136651) = 53248
[pid   352] write(5, 0x200000c0, 34136651) = 53248
[pid   352] write(5, 0x200000c0, 34136651) = 53248
[pid   352] write(5, 0x200000c0, 34136651) = 53248
[pid   352] write(5, 0x200000c0, 34136651) = 53248
[pid   352] write(5, 0x200000c0, 34136651) = 53248
[pid   352] write(5, 0x200000c0, 34136651) = 53248
[pid   352] write(5, 0x200000c0, 34136651) = 53248
[pid   352] write(5, 0x200000c0, 34136651) = 53248
[pid   352] write(5, 0x200000c0, 34136651) = 53248
[pid   352] write(5, 0x200000c0, 34136651) = 53248
[pid   352] write(5, 0x200000c0, 34136651) = 53248
[pid   352] write(5, 0x200000c0, 34136651) = 36864
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[   21.464860][  T349] loop0: detected capacity change from 0 to 2048
[   21.476881][  T349] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   21.487642][  T349] ext4 filesystem being mounted at /root/syzkaller.SY6i3v/4/bus supports timestamps until 2038 (0x7fffffff)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] write(5, 0x200000c0, 34136651) = -1 ENOSPC (No space left on device)
[pid   352] futex(0x7fd92c6ac7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid   348] <... futex resumed>)        = 0
[pid   352] futex(0x7fd92c6ac7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid   348] exit_group(0 <unfinished ...>
[pid   352] <... futex resumed>)        = ?
[pid   349] <... futex resumed>)        = ?
[pid   348] <... exit_group resumed>)   = ?
[pid   349] +++ exited with 0 +++
[pid   352] +++ exited with 0 +++
[pid   348] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555557345620 /* 4 entries */, 32768) = 104
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./4/binderfs")                  = 0
[   21.554507][  T336] EXT4-fs error (device loop0): __ext4_get_inode_loc:4347: comm kworker/u4:3: Invalid inode table block 0 in block_group 0
[   21.567437][  T336] ==================================================================
[   21.575303][  T336] BUG: KASAN: use-after-free in ext4_find_extent+0xbab/0xdb0
[   21.582507][  T336] Read of size 4 at addr ffff88811e5e9a9c by task kworker/u4:3/336
[   21.590230][  T336] 
[   21.592403][  T336] CPU: 0 PID: 336 Comm: kworker/u4:3 Not tainted 5.15.94-syzkaller-03204-g5448b2fda85f #0
[   21.602121][  T336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   21.612018][  T336] Workqueue: writeback wb_workfn (flush-7:0)
[   21.617832][  T336] Call Trace:
[   21.620956][  T336]  <TASK>
[   21.623733][  T336]  dump_stack_lvl+0x151/0x1b7
[   21.628247][  T336]  ? io_uring_drop_tctx_refs+0x190/0x190
[   21.633714][  T336]  ? __wake_up_klogd+0xd5/0x110
[   21.638402][  T336]  ? panic+0x751/0x751
[   21.642311][  T336]  print_address_description+0x87/0x3b0
[   21.647690][  T336]  kasan_report+0x179/0x1c0
[   21.652029][  T336]  ? __read_extent_tree_block+0x1e0/0x7b0
[   21.657583][  T336]  ? ext4_find_extent+0xbab/0xdb0
[   21.662443][  T336]  ? ext4_find_extent+0xbab/0xdb0
[   21.667302][  T336]  __asan_report_load4_noabort+0x14/0x20
[   21.672788][  T336]  ext4_find_extent+0xbab/0xdb0
[   21.677464][  T336]  ext4_ext_map_blocks+0x254/0x7250
[   21.682492][  T336]  ? ret_from_fork+0x1f/0x30
[   21.686919][  T336]  ? free_unref_page_commit+0x480/0x480
[   21.692298][  T336]  ? stack_trace_snprint+0xf0/0xf0
[   21.697244][  T336]  ? __stack_depot_save+0x34/0x470
[   21.702202][  T336]  ? find_get_entry+0x3d3/0x3e0
[   21.706884][  T336]  ? ext4_ext_release+0x10/0x10
[   21.711566][  T336]  ? __kasan_slab_alloc+0xc3/0xe0
[   21.716428][  T336]  ? __kasan_slab_alloc+0xb1/0xe0
[   21.721317][  T336]  ? slab_post_alloc_hook+0x53/0x2c0
[   21.726409][  T336]  ? kmem_cache_alloc+0xf5/0x200
[   21.731183][  T336]  ? ext4_alloc_io_end_vec+0x2a/0x170
[   21.736413][  T336]  ? ext4_writepages+0x13b6/0x4010
[   21.742379][  T336]  ? do_writepages+0x40e/0x670
[   21.746979][  T336]  ? __writeback_single_inode+0xdf/0xa70
[   21.752447][  T336]  ? writeback_sb_inodes+0xb2e/0x1910
[   21.758709][  T336]  ? wb_writeback+0x3b9/0x9e0
[   21.763309][  T336]  ? wb_workfn+0x3d9/0x1110
[   21.767645][  T336]  ? process_one_work+0x6bb/0xc10
[   21.772502][  T336]  ? worker_thread+0xad5/0x12a0
[   21.777194][  T336]  ? kthread+0x421/0x510
[   21.781271][  T336]  ? ret_from_fork+0x1f/0x30
[   21.785707][  T336]  ? _raw_read_unlock+0x25/0x40
[   21.790480][  T336]  ? ext4_es_lookup_extent+0x33b/0x940
[   21.795767][  T336]  ext4_map_blocks+0xaa7/0x1e30
[   21.800541][  T336]  ? ext4_issue_zeroout+0x250/0x250
[   21.805574][  T336]  ? ext4_inode_journal_mode+0x1a5/0x470
[   21.811040][  T336]  ext4_writepages+0x162a/0x4010
[   21.815817][  T336]  ? __kasan_check_read+0x11/0x20
[   21.820766][  T336]  ? ext4_readpage+0x230/0x230
[   21.825450][  T336]  ? __kasan_check_read+0x11/0x20
[   21.830308][  T336]  ? shmem_getpage_gfp+0x21cd/0x23c0
[   21.835432][  T336]  ? ext4_itable_unused_set+0x100/0x100
[   21.840810][  T336]  ? copy_page_from_iter_atomic+0x7fd/0x10e0
[   21.846631][  T336]  ? __kasan_check_write+0x14/0x20
[   21.851576][  T336]  ? ext4_readpage+0x230/0x230
[   21.856173][  T336]  do_writepages+0x40e/0x670
[   21.860602][  T336]  ? __writepage+0x130/0x130
[   21.865052][  T336]  ? __kasan_check_write+0x14/0x20
[   21.869985][  T336]  ? _raw_spin_lock+0xa4/0x1b0
[   21.874570][  T336]  ? _raw_spin_trylock_bh+0x190/0x190
[   21.879783][  T336]  ? __kasan_check_write+0x14/0x20
[   21.884738][  T336]  __writeback_single_inode+0xdf/0xa70
[   21.890029][  T336]  writeback_sb_inodes+0xb2e/0x1910
[   21.895060][  T336]  ? queue_io+0x520/0x520
[   21.899229][  T336]  ? __writeback_inodes_wb+0x3f0/0x3f0
[   21.904527][  T336]  ? queue_io+0x3d0/0x520
[   21.908803][  T336]  wb_writeback+0x3b9/0x9e0
[   21.913222][  T336]  ? inode_cgwb_move_to_attached+0x3c0/0x3c0
[   21.919033][  T336]  ? set_worker_desc+0x158/0x1c0
[   21.923810][  T336]  ? __kasan_check_write+0x14/0x20
[   21.928758][  T336]  ? __update_load_avg_cfs_rq+0xb1/0x2f0
[   21.934228][  T336]  wb_workfn+0x3d9/0x1110
[   21.938496][  T336]  ? inode_wait_for_writeback+0x280/0x280
[   21.944047][  T336]  ? _raw_spin_unlock+0x4d/0x70
[   21.948731][  T336]  ? finish_task_switch+0x167/0x7b0
[   21.953767][  T336]  ? __schedule+0xd82/0x1620
[   21.958195][  T336]  ? __kasan_check_read+0x11/0x20
[   21.963056][  T336]  ? read_word_at_a_time+0x12/0x20
[   21.968000][  T336]  ? strscpy+0x9c/0x260
[   21.971995][  T336]  process_one_work+0x6bb/0xc10
[   21.976682][  T336]  worker_thread+0xad5/0x12a0
[   21.981194][  T336]  ? release_firmware_map_entry+0x18b/0x18b
[   21.987010][  T336]  ? _raw_spin_lock+0x1b0/0x1b0
[   21.991703][  T336]  kthread+0x421/0x510
[   21.995601][  T336]  ? worker_clr_flags+0x180/0x180
[   22.000468][  T336]  ? kthread_blkcg+0xd0/0xd0
[   22.004888][  T336]  ret_from_fork+0x1f/0x30
[   22.009146][  T336]  </TASK>
[   22.012003][  T336] 
[   22.014175][  T336] The buggy address belongs to the page:
[   22.019647][  T336] page:ffffea0004797a40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x11e5e9
[   22.029708][  T336] flags: 0x4000000000000000(zone=1)
[   22.034758][  T336] raw: 4000000000000000 ffffea0004797788 ffffea0004797108 0000000000000000
[   22.043170][  T336] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   22.051673][  T336] page dumped because: kasan: bad access detected
[   22.057919][  T336] page_owner tracks the page as freed
[   22.063125][  T336] page last allocated via order 0, migratetype Movable, gfp_mask 0x100cca(GFP_HIGHUSER_MOVABLE), pid 343, ts 21209581202, free_ts 21440279794
[   22.077358][  T336]  post_alloc_hook+0x1a3/0x1b0
[   22.081958][  T336]  get_page_from_freelist+0x2c14/0x2cf0
[   22.087346][  T336]  __alloc_pages+0x386/0x7b0
[   22.091772][  T336]  shmem_alloc_and_acct_page+0x4bd/0xa80
[   22.097235][  T336]  shmem_getpage_gfp+0x1388/0x23c0
[   22.102182][  T336]  shmem_write_begin+0xca/0x1b0
[   22.106883][  T336]  generic_perform_write+0x2bc/0x5a0
[   22.112073][  T336]  __generic_file_write_iter+0x25b/0x4b0
[   22.117541][  T336]  generic_file_write_iter+0xaf/0x1c0
[   22.122749][  T336]  vfs_write+0xd8a/0x1160
[   22.126916][  T336]  ksys_write+0x199/0x2c0
[   22.131103][  T336]  __x64_sys_write+0x7b/0x90
[   22.135509][  T336]  do_syscall_64+0x3d/0xb0
[   22.139757][  T336]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   22.145490][  T336] page last free stack trace:
[   22.149999][  T336]  free_unref_page_prepare+0x7c8/0x7d0
[   22.155297][  T336]  free_unref_page_list+0x15d/0x980
[   22.160330][  T336]  release_pages+0x1310/0x1370
[   22.164935][  T336]  __pagevec_release+0x84/0x100
[   22.169632][  T336]  shmem_undo_range+0x604/0x1560
[   22.174427][  T336]  shmem_evict_inode+0x215/0x9d0
[   22.179165][  T336]  evict+0x2a3/0x630
[   22.182895][  T336]  iput+0x63b/0x7e0
[   22.186647][  T336]  dentry_unlink_inode+0x34f/0x440
[   22.191581][  T336]  __dentry_kill+0x447/0x660
[   22.196006][  T336]  dentry_kill+0xc0/0x2a0
[   22.200172][  T336]  dput+0x165/0x320
[   22.203816][  T336]  __fput+0x662/0x910
[   22.207665][  T336]  ____fput+0x15/0x20
[   22.211483][  T336]  task_work_run+0x129/0x190
[   22.215878][  T336]  ptrace_notify+0x29e/0x350
[   22.220308][  T336] 
[   22.222474][  T336] Memory state around the buggy address:
[   22.227957][  T336]  ffff88811e5e9980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   22.235842][  T336]  ffff88811e5e9a00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   22.243745][  T336] >ffff88811e5e9a80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   22.252060][  T336]                             ^
[   22.256750][  T336]  ffff88811e5e9b00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   22.264669][  T336]  ffff88811e5e9b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   22.272544][  T336] ==================================================================
[   22.280446][  T336] Disabling lock debugging due to kernel taint
[   22.286684][  T336] ------------[ cut here ]------------
[   22.291952][  T336] kernel BUG at fs/ext4/inode.c:2431!
[   22.297439][  T336] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   22.303329][  T336] CPU: 0 PID: 336 Comm: kworker/u4:3 Tainted: G    B             5.15.94-syzkaller-03204-g5448b2fda85f #0
[   22.314430][  T336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   22.324329][  T336] Workqueue: writeback wb_workfn (flush-7:0)
[   22.330139][  T336] RIP: 0010:ext4_writepages+0x3f45/0x4010
[   22.335711][  T336] Code: 00 74 08 48 89 df e8 2a f8 c9 ff 48 8b 3b 48 8b 74 24 48 48 8b 54 24 28 44 89 e9 45 89 f8 e8 22 45 08 00 eb 60 e8 3b be 88 ff <0f> 0b e8 34 be 88 ff eb 3b e8 2d be 88 ff eb 7a e8 26 be 88 ff 31
[   22.355155][  T336] RSP: 0018:ffffc900009f7000 EFLAGS: 00010293
[   22.361038][  T336] RAX: ffffffff81e6b385 RBX: dffffc0000000000 RCX: ffff88811f4b2780
[   22.368849][  T336] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   22.376659][  T336] RBP: ffffc900009f7410 R08: ffffffff81e68d4d R09: ffffed1021237b19
[   22.384558][  T336] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[   22.392482][  T336] R13: ffffc900009f72e0 R14: 0000000000000000 R15: 0000000000000000
[   22.400268][  T336] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   22.409039][  T336] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   22.415462][  T336] CR2: 0000000020002000 CR3: 000000011ed97000 CR4: 00000000003506b0
[   22.423271][  T336] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   22.431077][  T336] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   22.438894][  T336] Call Trace:
[   22.442018][  T336]  <TASK>
[   22.444799][  T336]  ? __kasan_check_read+0x11/0x20
[   22.449746][  T336]  ? ext4_readpage+0x230/0x230
[   22.454345][  T336]  ? __kasan_check_read+0x11/0x20
[   22.459201][  T336]  ? shmem_getpage_gfp+0x21cd/0x23c0
[   22.464322][  T336]  ? ext4_itable_unused_set+0x100/0x100
[   22.469711][  T336]  ? copy_page_from_iter_atomic+0x7fd/0x10e0
[   22.475521][  T336]  ? __kasan_check_write+0x14/0x20
[   22.480470][  T336]  ? ext4_readpage+0x230/0x230
[   22.485075][  T336]  do_writepages+0x40e/0x670
[   22.489492][  T336]  ? __writepage+0x130/0x130
[   22.493945][  T336]  ? __kasan_check_write+0x14/0x20
[   22.498870][  T336]  ? _raw_spin_lock+0xa4/0x1b0
[   22.503465][  T336]  ? _raw_spin_trylock_bh+0x190/0x190
[   22.508676][  T336]  ? __kasan_check_write+0x14/0x20
[   22.513621][  T336]  __writeback_single_inode+0xdf/0xa70
[   22.518918][  T336]  writeback_sb_inodes+0xb2e/0x1910
[   22.523965][  T336]  ? queue_io+0x520/0x520
[   22.528125][  T336]  ? __writeback_inodes_wb+0x3f0/0x3f0
[   22.533409][  T336]  ? queue_io+0x3d0/0x520
[   22.537577][  T336]  wb_writeback+0x3b9/0x9e0
[   22.541925][  T336]  ? inode_cgwb_move_to_attached+0x3c0/0x3c0
[   22.547734][  T336]  ? set_worker_desc+0x158/0x1c0
[   22.552502][  T336]  ? __kasan_check_write+0x14/0x20
[   22.557773][  T336]  ? __update_load_avg_cfs_rq+0xb1/0x2f0
[   22.563235][  T336]  wb_workfn+0x3d9/0x1110
[   22.567410][  T336]  ? inode_wait_for_writeback+0x280/0x280
[   22.572954][  T336]  ? _raw_spin_unlock+0x4d/0x70
[   22.577635][  T336]  ? finish_task_switch+0x167/0x7b0
[   22.582670][  T336]  ? __schedule+0xd82/0x1620
[   22.587093][  T336]  ? __kasan_check_read+0x11/0x20
[   22.591957][  T336]  ? read_word_at_a_time+0x12/0x20
[   22.596899][  T336]  ? strscpy+0x9c/0x260
[   22.600894][  T336]  process_one_work+0x6bb/0xc10
[   22.605581][  T336]  worker_thread+0xad5/0x12a0
[   22.610091][  T336]  ? release_firmware_map_entry+0x18b/0x18b
[   22.615822][  T336]  ? _raw_spin_lock+0x1b0/0x1b0
[   22.620510][  T336]  kthread+0x421/0x510
[   22.624412][  T336]  ? worker_clr_flags+0x180/0x180
[   22.629275][  T336]  ? kthread_blkcg+0xd0/0xd0
[   22.633701][  T336]  ret_from_fork+0x1f/0x30
[   22.637954][  T336]  </TASK>
[   22.640816][  T336] Modules linked in:
[   22.645091][  T336] ---[ end trace b0137a8fdb9ff54b ]---
[   22.650369][  T336] RIP: 0010:ext4_writepages+0x3f45/0x4010
[   22.656181][  T336] Code: 00 74 08 48 89 df e8 2a f8 c9 ff 48 8b 3b 48 8b 74 24 48 48 8b 54 24 28 44 89 e9 45 89 f8 e8 22 45 08 00 eb 60 e8 3b be 88 ff <0f> 0b e8 34 be 88 ff eb 3b e8 2d be 88 ff eb 7a e8 26 be 88 ff 31
[   22.675587][  T336] RSP: 0018:ffffc900009f7000 EFLAGS: 00010293
[   22.681419][  T336] RAX: ffffffff81e6b385 RBX: dffffc0000000000 RCX: ffff88811f4b2780
[   22.689293][  T336] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   22.697078][  T336] RBP: ffffc900009f7410 R08: ffffffff81e68d4d R09: ffffed1021237b19
[   22.704940][  T336] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[   22.712900][  T336] R13: ffffc900009f72e0 R14: 0000000000000000 R15: 0000000000000000
[   22.720710][  T336] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   22.729449][  T336] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   22.735921][  T336] CR2: 0000000020002000 CR3: 000000011ed97000 CR4: 00000000003506b0
[   22.743653][  T336] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   22.751501][  T336] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   22.759318][  T336] Kernel panic - not syncing: Fatal exception
[   22.765431][  T336] Kernel Offset: disabled
[   22.769564][  T336] Rebooting in 86400 seconds..