./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2212180125
<...>
[ 3.075422][ T98] udevd[98]: starting version 3.2.11
[ 3.146282][ T99] udevd[99]: starting eudev-3.2.11
[ 3.811760][ T122] touch (122) used greatest stack depth: 22960 bytes left
[ 11.591731][ T28] kauditd_printk_skb: 50 callbacks suppressed
[ 11.591746][ T28] audit: type=1400 audit(1687060109.023:61): avc: denied { transition } for pid=223 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 11.596245][ T28] audit: type=1400 audit(1687060109.023:62): avc: denied { noatsecure } for pid=223 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 11.599051][ T28] audit: type=1400 audit(1687060109.023:63): avc: denied { write } for pid=223 comm="sh" path="pipe:[13280]" dev="pipefs" ino=13280 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 11.603218][ T28] audit: type=1400 audit(1687060109.023:64): avc: denied { rlimitinh } for pid=223 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 11.607856][ T28] audit: type=1400 audit(1687060109.023:65): avc: denied { siginh } for pid=223 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 12.949091][ T224] sshd (224) used greatest stack depth: 22608 bytes left
Warning: Permanently added '10.128.10.8' (ECDSA) to the list of known hosts.
execve("./syz-executor2212180125", ["./syz-executor2212180125"], 0x7ffd06eea740 /* 10 vars */) = 0
brk(NULL) = 0x5555555ab000
brk(0x5555555abc40) = 0x5555555abc40
arch_prctl(ARCH_SET_FS, 0x5555555ab300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2212180125", 4096) = 28
brk(0x5555555ccc40) = 0x5555555ccc40
brk(0x5555555cd000) = 0x5555555cd000
mprotect(0x7f3e15d34000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 292
mkdir("./syzkaller.20o3Yh", 0700) = 0
chmod("./syzkaller.20o3Yh", 0777) = 0
chdir("./syzkaller.20o3Yh") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555ab5d0) = 293
./strace-static-x86_64: Process 293 attached
[pid 293] chdir("./0") = 0
[pid 293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 293] setpgid(0, 0) = 0
[pid 293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 293] write(3, "1000", 4) = 4
[pid 293] close(3) = 0
[pid 293] symlink("/dev/binderfs", "./binderfs") = 0
[pid 293] memfd_create("syzkaller", 0) = 3
[pid 293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e0d878000
[pid 293] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 293] munmap(0x7f3e0d878000, 262144) = 0
[pid 293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 293] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 293] close(3) = 0
[pid 293] mkdir("./file1", 0777) = 0
[ 19.979468][ T28] audit: type=1400 audit(1687060117.403:66): avc: denied { execmem } for pid=292 comm="syz-executor221" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 19.983057][ T28] audit: type=1400 audit(1687060117.413:67): avc: denied { read write } for pid=292 comm="syz-executor221" name="loop0" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 19.987124][ T28] audit: type=1400 audit(1687060117.413:68): avc: denied { open } for pid=292 comm="syz-executor221" path="/dev/loop0" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 19.990739][ T28] audit: type=1400 audit(1687060117.413:69): avc: denied { ioctl } for pid=292 comm="syz-executor221" path="/dev/loop0" dev="devtmpfs" ino=113 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 19.998029][ T293] loop0: detected capacity change from 0 to 512
[ 20.000758][ T28] audit: type=1400 audit(1687060117.423:70): avc: denied { mounton } for pid=293 comm="syz-executor221" path="/root/syzkaller.20o3Yh/0/file1" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[pid 293] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0
[pid 293] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 293] chdir("./file1") = 0
[pid 293] ioctl(4, LOOP_CLR_FD) = 0
[pid 293] close(4) = 0
[ 20.033053][ T293] EXT4-fs (loop0): 1 orphan inode deleted
[ 20.038585][ T293] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 20.047585][ T28] audit: type=1400 audit(1687060117.473:71): avc: denied { mount } for pid=293 comm="syz-executor221" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 20.047596][ T293] ext4 filesystem being mounted at /root/syzkaller.20o3Yh/0/file1 supports timestamps until 2038 (0x7fffffff)
[pid 293] creat("./bus", 000) = 4
[pid 293] open("./file1", O_RDONLY|O_NOCTTY|O_NOATIME) = 5
[pid 293] sendfile(4, 5, NULL, 128512) = 128512
[pid 293] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 293] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6
[pid 293] write(-1, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x3f\x97\xfb\x6c\xc7\x3a\xc7\xd6\x46\x1d\xd1\x5c\x08\x7e\xa4\x87\x77\xc7\x65\xb9\xfe\x28\x9b\xc5\x54\x08\xbb\xc3\x77\x5e\xf3\xb2\x65\x55\xb7\xfe\x9e\xe8\x9e\xf9\xe8\xfb\xc8\x80\x50\x35\x60\x6a\x17\x45\xbc\x0f\x32\xa5\x23\xb7\x9b\x41\x8b\x7f\xc4\x0f\x28\x53\x38\x52\x64\xd9\x80\xd5\xfa\x13\x33\x34\x8e\x91\xb1"..., 103) = -1 EBADF (Bad file descriptor)
[pid 293] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x3f\x97\xfb\x6c\xc7\x3a\xc7\xd6\x46\x1d\xd1\x5c\x08\x7e\xa4\x87\x77\xc7\x65\xb9\xfe\x28\x9b\xc5\x54\x08\xbb\xc3\x77\x5e\xf3\xb2\x65\x55\xb7\xfe\x9e\xe8\x9e\xf9\xe8\xfb\xc8\x80\x50\x35\x60\x6a\x17\x45\xbc\x0f\x32\xa5\x23\xb7\x9b\x41\x8b\x7f\xc4\x0f\x28\x53\x38\x52\x64\xd9\x80\xd5\xfa\x13\x33\x34\x8e\x91\xb1"..., 22455190) = 262144
[pid 293] creat("./bus", 000) = 7
[pid 293] lseek(7, 512, SEEK_SET) = 512
[pid 293] open("./bus", O_RDONLY) = 8
[pid 293] sendfile(7, 8, NULL, 128512) = 128512
[pid 293] exit_group(0) = ?
[pid 293] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=293, si_uid=0, si_status=0, si_utime=0, si_stime=8} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555555ac620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 20.091172][ T28] audit: type=1400 audit(1687060117.513:72): avc: denied { write } for pid=293 comm="syz-executor221" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 20.113100][ T28] audit: type=1400 audit(1687060117.513:73): avc: denied { add_name } for pid=293 comm="syz-executor221" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 20.133793][ T28] audit: type=1400 audit(1687060117.513:74): avc: denied { create } for pid=293 comm="syz-executor221" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 20.133981][ T8] EXT4-fs error (device loop0): __ext4_get_inode_loc:4492: comm kworker/u4:0: Invalid inode table block 790638693 in block_group 0
[ 20.154047][ T28] audit: type=1400 audit(1687060117.523:75): avc: denied { write open } for pid=293 comm="syz-executor221" path="/root/syzkaller.20o3Yh/0/file1/bus" dev="loop0" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 20.167568][ T8] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5841: Corrupt filesystem
[ 20.201426][ T8] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #16: comm kworker/u4:0: mark_inode_dirty error
[ 20.212800][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 16 with error 117
[ 20.224951][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 20.224951][ T8]
umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555555b4660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555555b4660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file1") = 0
getdents64(3, 0x5555555ac620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555ab5d0) = 298
./strace-static-x86_64: Process 298 attached
[pid 298] chdir("./1") = 0
[pid 298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 298] setpgid(0, 0) = 0
[pid 298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 298] write(3, "1000", 4) = 4
[pid 298] close(3) = 0
[pid 298] symlink("/dev/binderfs", "./binderfs") = 0
[pid 298] memfd_create("syzkaller", 0) = 3
[pid 298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e0d878000
[pid 298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 298] munmap(0x7f3e0d878000, 262144) = 0
[pid 298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 20.234592][ T8] EXT4-fs error (device loop0): __ext4_get_inode_loc:4492: comm kworker/u4:0: Invalid inode table block 790638693 in block_group 0
[ 20.249359][ T292] EXT4-fs (loop0): unmounting filesystem.
[pid 298] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 298] close(3) = 0
[pid 298] mkdir("./file1", 0777) = 0
[pid 298] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0
[pid 298] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 298] chdir("./file1") = 0
[pid 298] ioctl(4, LOOP_CLR_FD) = 0
[pid 298] close(4) = 0
[pid 298] creat("./bus", 000) = 4
[pid 298] open("./file1", O_RDONLY|O_NOCTTY|O_NOATIME) = 5
[pid 298] sendfile(4, 5, NULL, 128512) = 128512
[pid 298] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 298] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6
[pid 298] write(-1, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x3f\x97\xfb\x6c\xc7\x3a\xc7\xd6\x46\x1d\xd1\x5c\x08\x7e\xa4\x87\x77\xc7\x65\xb9\xfe\x28\x9b\xc5\x54\x08\xbb\xc3\x77\x5e\xf3\xb2\x65\x55\xb7\xfe\x9e\xe8\x9e\xf9\xe8\xfb\xc8\x80\x50\x35\x60\x6a\x17\x45\xbc\x0f\x32\xa5\x23\xb7\x9b\x41\x8b\x7f\xc4\x0f\x28\x53\x38\x52\x64\xd9\x80\xd5\xfa\x13\x33\x34\x8e\x91\xb1"..., 103) = -1 EBADF (Bad file descriptor)
[pid 298] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x3f\x97\xfb\x6c\xc7\x3a\xc7\xd6\x46\x1d\xd1\x5c\x08\x7e\xa4\x87\x77\xc7\x65\xb9\xfe\x28\x9b\xc5\x54\x08\xbb\xc3\x77\x5e\xf3\xb2\x65\x55\xb7\xfe\x9e\xe8\x9e\xf9\xe8\xfb\xc8\x80\x50\x35\x60\x6a\x17\x45\xbc\x0f\x32\xa5\x23\xb7\x9b\x41\x8b\x7f\xc4\x0f\x28\x53\x38\x52\x64\xd9\x80\xd5\xfa\x13\x33\x34\x8e\x91\xb1"..., 22455190) = 262144
[pid 298] creat("./bus", 000) = 7
[pid 298] lseek(7, 512, SEEK_SET) = 512
[pid 298] open("./bus", O_RDONLY) = 8
[pid 298] sendfile(7, 8, NULL, 128512) = 128512
[pid 298] exit_group(0) = ?
[pid 298] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=298, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555555ac620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 20.293117][ T298] loop0: detected capacity change from 0 to 512
[ 20.302972][ T298] EXT4-fs (loop0): 1 orphan inode deleted
[ 20.308505][ T298] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 20.317423][ T298] ext4 filesystem being mounted at /root/syzkaller.20o3Yh/1/file1 supports timestamps until 2038 (0x7fffffff)
[ 20.357289][ T10] EXT4-fs error (device loop0): __ext4_get_inode_loc:4492: comm kworker/u4:1: Invalid inode table block 790638693 in block_group 0
[ 20.370789][ T10] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5841: Corrupt filesystem
[ 20.380189][ T10] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #16: comm kworker/u4:1: mark_inode_dirty error
[ 20.391594][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 16 with error 117
umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555555b4660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555555b4660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file1") = 0
getdents64(3, 0x5555555ac620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555ab5d0) = 302
./strace-static-x86_64: Process 302 attached
[pid 302] chdir("./2") = 0
[pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 302] setpgid(0, 0) = 0
[pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 302] write(3, "1000", 4) = 4
[pid 302] close(3) = 0
[pid 302] symlink("/dev/binderfs", "./binderfs") = 0
[pid 302] memfd_create("syzkaller", 0) = 3
[pid 302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e0d878000
[pid 302] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 302] munmap(0x7f3e0d878000, 262144) = 0
[pid 302] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 20.403722][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 20.403722][ T10]
[ 20.413554][ T10] EXT4-fs error (device loop0): __ext4_get_inode_loc:4492: comm kworker/u4:1: Invalid inode table block 790638693 in block_group 0
[ 20.428502][ T292] EXT4-fs (loop0): unmounting filesystem.
[pid 302] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 302] close(3) = 0
[pid 302] mkdir("./file1", 0777) = 0
[pid 302] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0
[pid 302] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 302] chdir("./file1") = 0
[pid 302] ioctl(4, LOOP_CLR_FD) = 0
[pid 302] close(4) = 0
[pid 302] creat("./bus", 000) = 4
[pid 302] open("./file1", O_RDONLY|O_NOCTTY|O_NOATIME) = 5
[pid 302] sendfile(4, 5, NULL, 128512) = 128512
[pid 302] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 302] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6
[pid 302] write(-1, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x3f\x97\xfb\x6c\xc7\x3a\xc7\xd6\x46\x1d\xd1\x5c\x08\x7e\xa4\x87\x77\xc7\x65\xb9\xfe\x28\x9b\xc5\x54\x08\xbb\xc3\x77\x5e\xf3\xb2\x65\x55\xb7\xfe\x9e\xe8\x9e\xf9\xe8\xfb\xc8\x80\x50\x35\x60\x6a\x17\x45\xbc\x0f\x32\xa5\x23\xb7\x9b\x41\x8b\x7f\xc4\x0f\x28\x53\x38\x52\x64\xd9\x80\xd5\xfa\x13\x33\x34\x8e\x91\xb1"..., 103) = -1 EBADF (Bad file descriptor)
[pid 302] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x3f\x97\xfb\x6c\xc7\x3a\xc7\xd6\x46\x1d\xd1\x5c\x08\x7e\xa4\x87\x77\xc7\x65\xb9\xfe\x28\x9b\xc5\x54\x08\xbb\xc3\x77\x5e\xf3\xb2\x65\x55\xb7\xfe\x9e\xe8\x9e\xf9\xe8\xfb\xc8\x80\x50\x35\x60\x6a\x17\x45\xbc\x0f\x32\xa5\x23\xb7\x9b\x41\x8b\x7f\xc4\x0f\x28\x53\x38\x52\x64\xd9\x80\xd5\xfa\x13\x33\x34\x8e\x91\xb1"..., 22455190) = 262144
[pid 302] creat("./bus", 000) = 7
[pid 302] lseek(7, 512, SEEK_SET) = 512
[pid 302] open("./bus", O_RDONLY) = 8
[pid 302] sendfile(7, 8, NULL, 128512) = 128512
[pid 302] exit_group(0) = ?
[pid 302] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555555ac620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
[ 20.472304][ T302] loop0: detected capacity change from 0 to 512
[ 20.482515][ T302] EXT4-fs (loop0): 1 orphan inode deleted
[ 20.488078][ T302] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 20.496943][ T302] ext4 filesystem being mounted at /root/syzkaller.20o3Yh/2/file1 supports timestamps until 2038 (0x7fffffff)
[ 20.529156][ T284] EXT4-fs error (device loop0): __ext4_get_inode_loc:4492: comm kworker/u4:3: Invalid inode table block 790638693 in block_group 0
[ 20.542731][ T284] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5841: Corrupt filesystem
[ 20.552150][ T284] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #16: comm kworker/u4:3: mark_inode_dirty error
[ 20.563436][ T284] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 16 with error 117
umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555555b4660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555555b4660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file1") = 0
getdents64(3, 0x5555555ac620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555ab5d0) = 305
./strace-static-x86_64: Process 305 attached
[pid 305] chdir("./3") = 0
[pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 305] setpgid(0, 0) = 0
[pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 305] write(3, "1000", 4) = 4
[pid 305] close(3) = 0
[pid 305] symlink("/dev/binderfs", "./binderfs") = 0
[pid 305] memfd_create("syzkaller", 0) = 3
[pid 305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e0d878000
[pid 305] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 305] munmap(0x7f3e0d878000, 262144) = 0
[pid 305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 20.575903][ T284] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 20.575903][ T284]
[ 20.585637][ T284] EXT4-fs error (device loop0): __ext4_get_inode_loc:4492: comm kworker/u4:3: Invalid inode table block 790638693 in block_group 0
[ 20.600200][ T292] EXT4-fs (loop0): unmounting filesystem.
[pid 305] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 305] close(3) = 0
[pid 305] mkdir("./file1", 0777) = 0
[pid 305] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0
[pid 305] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 305] chdir("./file1") = 0
[pid 305] ioctl(4, LOOP_CLR_FD) = 0
[pid 305] close(4) = 0
[pid 305] creat("./bus", 000) = 4
[pid 305] open("./file1", O_RDONLY|O_NOCTTY|O_NOATIME) = 5
[pid 305] sendfile(4, 5, NULL, 128512) = 128512
[pid 305] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 305] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6
[pid 305] write(-1, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x3f\x97\xfb\x6c\xc7\x3a\xc7\xd6\x46\x1d\xd1\x5c\x08\x7e\xa4\x87\x77\xc7\x65\xb9\xfe\x28\x9b\xc5\x54\x08\xbb\xc3\x77\x5e\xf3\xb2\x65\x55\xb7\xfe\x9e\xe8\x9e\xf9\xe8\xfb\xc8\x80\x50\x35\x60\x6a\x17\x45\xbc\x0f\x32\xa5\x23\xb7\x9b\x41\x8b\x7f\xc4\x0f\x28\x53\x38\x52\x64\xd9\x80\xd5\xfa\x13\x33\x34\x8e\x91\xb1"..., 103) = -1 EBADF (Bad file descriptor)
[pid 305] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x3f\x97\xfb\x6c\xc7\x3a\xc7\xd6\x46\x1d\xd1\x5c\x08\x7e\xa4\x87\x77\xc7\x65\xb9\xfe\x28\x9b\xc5\x54\x08\xbb\xc3\x77\x5e\xf3\xb2\x65\x55\xb7\xfe\x9e\xe8\x9e\xf9\xe8\xfb\xc8\x80\x50\x35\x60\x6a\x17\x45\xbc\x0f\x32\xa5\x23\xb7\x9b\x41\x8b\x7f\xc4\x0f\x28\x53\x38\x52\x64\xd9\x80\xd5\xfa\x13\x33\x34\x8e\x91\xb1"..., 22455190) = 262144
[pid 305] creat("./bus", 000) = 7
[pid 305] lseek(7, 512, SEEK_SET) = 512
[pid 305] open("./bus", O_RDONLY) = 8
[pid 305] sendfile(7, 8, NULL, 128512) = 128512
[pid 305] exit_group(0) = ?
[pid 305] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555555ac620 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs") = 0
[ 20.657975][ T305] loop0: detected capacity change from 0 to 512
[ 20.672978][ T305] EXT4-fs (loop0): 1 orphan inode deleted
[ 20.678567][ T305] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 20.687405][ T305] ext4 filesystem being mounted at /root/syzkaller.20o3Yh/3/file1 supports timestamps until 2038 (0x7fffffff)
[ 20.717363][ T284] EXT4-fs error (device loop0): __ext4_get_inode_loc:4492: comm kworker/u4:3: Invalid inode table block 790638693 in block_group 0
[ 20.731336][ T284] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5841: Corrupt filesystem
[ 20.740696][ T284] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #16: comm kworker/u4:3: mark_inode_dirty error
[ 20.752184][ T284] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 16 with error 117
umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555555b4660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555555b4660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file1") = 0
getdents64(3, 0x5555555ac620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555ab5d0) = 308
./strace-static-x86_64: Process 308 attached
[pid 308] chdir("./4") = 0
[pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 308] setpgid(0, 0) = 0
[pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 308] write(3, "1000", 4) = 4
[pid 308] close(3) = 0
[pid 308] symlink("/dev/binderfs", "./binderfs") = 0
[pid 308] memfd_create("syzkaller", 0) = 3
[pid 308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e0d878000
[pid 308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 308] munmap(0x7f3e0d878000, 262144) = 0
[pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 20.764433][ T284] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 20.764433][ T284]
[ 20.774152][ T284] EXT4-fs error (device loop0): __ext4_get_inode_loc:4492: comm kworker/u4:3: Invalid inode table block 790638693 in block_group 0
[ 20.789286][ T292] EXT4-fs (loop0): unmounting filesystem.
[pid 308] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 308] close(3) = 0
[pid 308] mkdir("./file1", 0777) = 0
[pid 308] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0
[pid 308] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 308] chdir("./file1") = 0
[pid 308] ioctl(4, LOOP_CLR_FD) = 0
[pid 308] close(4) = 0
[pid 308] creat("./bus", 000) = 4
[pid 308] open("./file1", O_RDONLY|O_NOCTTY|O_NOATIME) = 5
[pid 308] sendfile(4, 5, NULL, 128512) = 128512
[pid 308] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 308] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6
[pid 308] write(-1, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x3f\x97\xfb\x6c\xc7\x3a\xc7\xd6\x46\x1d\xd1\x5c\x08\x7e\xa4\x87\x77\xc7\x65\xb9\xfe\x28\x9b\xc5\x54\x08\xbb\xc3\x77\x5e\xf3\xb2\x65\x55\xb7\xfe\x9e\xe8\x9e\xf9\xe8\xfb\xc8\x80\x50\x35\x60\x6a\x17\x45\xbc\x0f\x32\xa5\x23\xb7\x9b\x41\x8b\x7f\xc4\x0f\x28\x53\x38\x52\x64\xd9\x80\xd5\xfa\x13\x33\x34\x8e\x91\xb1"..., 103) = -1 EBADF (Bad file descriptor)
[pid 308] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x3f\x97\xfb\x6c\xc7\x3a\xc7\xd6\x46\x1d\xd1\x5c\x08\x7e\xa4\x87\x77\xc7\x65\xb9\xfe\x28\x9b\xc5\x54\x08\xbb\xc3\x77\x5e\xf3\xb2\x65\x55\xb7\xfe\x9e\xe8\x9e\xf9\xe8\xfb\xc8\x80\x50\x35\x60\x6a\x17\x45\xbc\x0f\x32\xa5\x23\xb7\x9b\x41\x8b\x7f\xc4\x0f\x28\x53\x38\x52\x64\xd9\x80\xd5\xfa\x13\x33\x34\x8e\x91\xb1"..., 22455190) = 262144
[pid 308] creat("./bus", 000) = 7
[pid 308] lseek(7, 512, SEEK_SET) = 512
[pid 308] open("./bus", O_RDONLY) = 8
[pid 308] sendfile(7, 8, NULL, 128512) = 128512
[pid 308] exit_group(0) = ?
[pid 308] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555555ac620 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./4/binderfs") = 0
[ 20.827548][ T308] loop0: detected capacity change from 0 to 512
[ 20.842575][ T308] EXT4-fs (loop0): 1 orphan inode deleted
[ 20.848122][ T308] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 20.857134][ T308] ext4 filesystem being mounted at /root/syzkaller.20o3Yh/4/file1 supports timestamps until 2038 (0x7fffffff)
[ 20.882789][ T10] EXT4-fs error (device loop0): __ext4_get_inode_loc:4492: comm kworker/u4:1: Invalid inode table block 790638693 in block_group 0
[ 20.896270][ T10] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5841: Corrupt filesystem
[ 20.905684][ T10] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #16: comm kworker/u4:1: mark_inode_dirty error
[ 20.917059][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 16 with error 117
umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555555b4660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555555b4660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file1") = 0
getdents64(3, 0x5555555ac620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555ab5d0) = 311
./strace-static-x86_64: Process 311 attached
[pid 311] chdir("./5") = 0
[pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 311] setpgid(0, 0) = 0
[pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 311] write(3, "1000", 4) = 4
[pid 311] close(3) = 0
[pid 311] symlink("/dev/binderfs", "./binderfs") = 0
[pid 311] memfd_create("syzkaller", 0) = 3
[pid 311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e0d878000
[pid 311] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 311] munmap(0x7f3e0d878000, 262144) = 0
[pid 311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 311] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 311] close(3) = 0
[pid 311] mkdir("./file1", 0777) = 0
[ 20.929376][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 20.929376][ T10]
[ 20.939053][ T10] EXT4-fs error (device loop0): __ext4_get_inode_loc:4492: comm kworker/u4:1: Invalid inode table block 790638693 in block_group 0
[ 20.953499][ T292] EXT4-fs (loop0): unmounting filesystem.
[ 20.976122][ T311] loop0: detected capacity change from 0 to 512
[pid 311] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0
[pid 311] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 311] chdir("./file1") = 0
[pid 311] ioctl(4, LOOP_CLR_FD) = 0
[pid 311] close(4) = 0
[pid 311] creat("./bus", 000) = 4
[pid 311] open("./file1", O_RDONLY|O_NOCTTY|O_NOATIME) = 5
[pid 311] sendfile(4, 5, NULL, 128512) = 128512
[pid 311] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 311] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6
[pid 311] write(-1, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x3f\x97\xfb\x6c\xc7\x3a\xc7\xd6\x46\x1d\xd1\x5c\x08\x7e\xa4\x87\x77\xc7\x65\xb9\xfe\x28\x9b\xc5\x54\x08\xbb\xc3\x77\x5e\xf3\xb2\x65\x55\xb7\xfe\x9e\xe8\x9e\xf9\xe8\xfb\xc8\x80\x50\x35\x60\x6a\x17\x45\xbc\x0f\x32\xa5\x23\xb7\x9b\x41\x8b\x7f\xc4\x0f\x28\x53\x38\x52\x64\xd9\x80\xd5\xfa\x13\x33\x34\x8e\x91\xb1"..., 103) = -1 EBADF (Bad file descriptor)
[pid 311] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x3f\x97\xfb\x6c\xc7\x3a\xc7\xd6\x46\x1d\xd1\x5c\x08\x7e\xa4\x87\x77\xc7\x65\xb9\xfe\x28\x9b\xc5\x54\x08\xbb\xc3\x77\x5e\xf3\xb2\x65\x55\xb7\xfe\x9e\xe8\x9e\xf9\xe8\xfb\xc8\x80\x50\x35\x60\x6a\x17\x45\xbc\x0f\x32\xa5\x23\xb7\x9b\x41\x8b\x7f\xc4\x0f\x28\x53\x38\x52\x64\xd9\x80\xd5\xfa\x13\x33\x34\x8e\x91\xb1"..., 22455190) = 262144
[pid 311] creat("./bus", 000) = 7
[pid 311] lseek(7, 512, SEEK_SET) = 512
[pid 311] open("./bus", O_RDONLY) = 8
[pid 311] sendfile(7, 8, NULL, 128512) = 128512
[pid 311] exit_group(0) = ?
[pid 311] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=311, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555555ac620 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./5/binderfs") = 0
[ 20.992656][ T311] EXT4-fs (loop0): 1 orphan inode deleted
[ 20.998195][ T311] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 21.007088][ T311] ext4 filesystem being mounted at /root/syzkaller.20o3Yh/5/file1 supports timestamps until 2038 (0x7fffffff)
[ 21.036372][ T8] ==================================================================
[ 21.044253][ T8] BUG: KASAN: use-after-free in ext4_find_extent+0xbab/0xdb0
[ 21.051455][ T8] Read of size 4 at addr ffff8881206d045c by task kworker/u4:0/8
[ 21.059004][ T8]
[ 21.061279][ T8] CPU: 1 PID: 8 Comm: kworker/u4:0 Not tainted 6.1.25-syzkaller-00099-g35fe0d393f80 #0
[ 21.071159][ T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 21.081065][ T8] Workqueue: writeback wb_workfn (flush-7:0)
[ 21.086903][ T8] Call Trace:
[ 21.089989][ T8]
[ 21.092767][ T8] dump_stack_lvl+0x151/0x1b7
[ 21.097283][ T8] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 21.103091][ T8] ? _printk+0xd1/0x111
[ 21.107087][ T8] ? __virt_addr_valid+0x242/0x2f0
[ 21.112032][ T8] print_report+0x158/0x4e0
[ 21.116375][ T8] ? __virt_addr_valid+0x242/0x2f0
[ 21.121320][ T8] ? kasan_addr_to_slab+0xd/0x80
[ 21.126093][ T8] ? ext4_find_extent+0xbab/0xdb0
[ 21.130953][ T8] kasan_report+0x13c/0x170
[ 21.135294][ T8] ? ext4_find_extent+0xbab/0xdb0
[ 21.140153][ T8] __asan_report_load4_noabort+0x14/0x20
[ 21.145622][ T8] ext4_find_extent+0xbab/0xdb0
[ 21.150308][ T8] ext4_ext_map_blocks+0x255/0x71e0
[ 21.155347][ T8] ? stack_trace_save+0x113/0x1c0
[ 21.160202][ T8] ? kasan_set_track+0x60/0x70
[ 21.164801][ T8] ? kasan_set_track+0x4b/0x70
[ 21.169401][ T8] ? kasan_save_alloc_info+0x1f/0x30
[ 21.174524][ T8] ? __kasan_slab_alloc+0x6c/0x80
[ 21.179383][ T8] ? slab_post_alloc_hook+0x53/0x2c0
[ 21.184503][ T8] ? kmem_cache_alloc+0x175/0x2c0
[ 21.189364][ T8] ? ext4_ext_release+0x10/0x10
[ 21.194056][ T8] ? writeback_sb_inodes+0xb33/0x18f0
[ 21.199257][ T8] ? wb_writeback+0x3b9/0x9f0
[ 21.203770][ T8] ? wb_workfn+0x399/0x1030
[ 21.208196][ T8] ? process_one_work+0x73d/0xcb0
[ 21.213057][ T8] ? worker_thread+0xa60/0x1260
[ 21.217743][ T8] ? kthread+0x26d/0x300
[ 21.221822][ T8] ? ret_from_fork+0x1f/0x30
[ 21.226259][ T8] ? _raw_read_unlock+0x25/0x40
[ 21.230938][ T8] ? ext4_es_lookup_extent+0x33b/0x950
[ 21.236231][ T8] ext4_map_blocks+0xa42/0x1ce0
[ 21.240916][ T8] ? kasan_save_alloc_info+0x1f/0x30
[ 21.246039][ T8] ? ext4_issue_zeroout+0x250/0x250
[ 21.251073][ T8] ? ext4_inode_journal_mode+0x1a5/0x470
[ 21.256541][ T8] ext4_writepages+0x178c/0x3fb0
[ 21.261321][ T8] ? sched_clock_cpu+0x71/0x2b0
[ 21.266003][ T8] ? ext4_read_folio+0x240/0x240
[ 21.270780][ T8] ? kvm_sched_clock_read+0x18/0x40
[ 21.275808][ T8] ? xas_start+0x32c/0x3f0
[ 21.280060][ T8] ? xas_load+0x34f/0x370
[ 21.284228][ T8] ? ext4_read_folio+0x240/0x240
[ 21.289001][ T8] do_writepages+0x385/0x620
[ 21.293428][ T8] ? __writepage+0x130/0x130
[ 21.297859][ T8] ? enqueue_task_fair+0x19fa/0x22b0
[ 21.302982][ T8] ? update_load_avg+0x54a/0x14e0
[ 21.307838][ T8] __writeback_single_inode+0xdc/0xb80
[ 21.313133][ T8] writeback_sb_inodes+0xb33/0x18f0
[ 21.318166][ T8] ? queue_io+0x520/0x520
[ 21.322329][ T8] ? __writeback_inodes_wb+0x3f0/0x3f0
[ 21.327624][ T8] ? queue_io+0x3d0/0x520
[ 21.331795][ T8] ? memset+0x35/0x40
[ 21.335606][ T8] wb_writeback+0x3b9/0x9f0
[ 21.339948][ T8] ? inode_cgwb_move_to_attached+0x3c0/0x3c0
[ 21.345778][ T8] ? set_worker_desc+0x158/0x1c0
[ 21.350534][ T8] ? __kasan_check_write+0x14/0x20
[ 21.355484][ T8] wb_workfn+0x399/0x1030
[ 21.359650][ T8] ? inode_wait_for_writeback+0x280/0x280
[ 21.365218][ T8] ? native_set_ldt+0x130/0x130
[ 21.369888][ T8] ? kthread_data+0x53/0xc0
[ 21.374231][ T8] ? _raw_spin_unlock+0x4c/0x70
[ 21.378918][ T8] ? finish_task_switch+0x167/0x7b0
[ 21.383953][ T8] ? __kasan_check_read+0x11/0x20
[ 21.388814][ T8] ? read_word_at_a_time+0x12/0x20
[ 21.393771][ T8] ? strscpy+0x9c/0x260
[ 21.397751][ T8] process_one_work+0x73d/0xcb0
[ 21.402438][ T8] worker_thread+0xa60/0x1260
[ 21.406953][ T8] kthread+0x26d/0x300
[ 21.410854][ T8] ? worker_clr_flags+0x1a0/0x1a0
[ 21.415716][ T8] ? kthread_blkcg+0xd0/0xd0
[ 21.420142][ T8] ret_from_fork+0x1f/0x30
[ 21.424425][ T8]
[ 21.427262][ T8]
[ 21.429427][ T8] The buggy address belongs to the physical page:
[ 21.435680][ T8] page:ffffea000481b400 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x1206d0
[ 21.445757][ T8] flags: 0x4000000000000000(zone=1)
[ 21.450786][ T8] raw: 4000000000000000 ffffea000481e388 ffffea000481b3c8 0000000000000000
[ 21.459206][ T8] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 21.467617][ T8] page dumped because: kasan: bad access detected
[ 21.473870][ T8] page_owner tracks the page as freed
[ 21.479073][ T8] page last allocated via order 0, migratetype Movable, gfp_mask 0x141cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_WRITE), pid 305, tgid 305 (syz-executor221), ts 20703607314, free_ts 20788875962
[ 21.497740][ T8] post_alloc_hook+0x213/0x220
[ 21.502335][ T8] get_page_from_freelist+0x2527/0x2600
[ 21.507724][ T8] __alloc_pages+0x3a1/0x780
[ 21.512141][ T8] __folio_alloc+0x15/0x40
[ 21.516393][ T8] __filemap_get_folio+0x6c0/0x970
[ 21.521341][ T8] pagecache_get_page+0x2f/0x110
[ 21.526114][ T8] grab_cache_page_write_begin+0x42/0x60
[ 21.531582][ T8] ext4_write_begin+0x257/0xfb0
[ 21.536268][ T8] ext4_da_write_begin+0x2ff/0x920
[ 21.541215][ T8] generic_perform_write+0x2f9/0x5c0
[ 21.546335][ T8] ext4_buffered_write_iter+0x360/0x640
[ 21.551717][ T8] ext4_file_write_iter+0x194/0x1cf0
[ 21.556839][ T8] do_iter_write+0x6e6/0xc50
[ 21.561267][ T8] vfs_iter_write+0x7c/0xa0
[ 21.565605][ T8] iter_file_splice_write+0x7f8/0xf90
[ 21.570813][ T8] direct_splice_actor+0xff/0x130
[ 21.575670][ T8] page last free stack trace:
[ 21.580189][ T8] free_unref_page_prepare+0x83d/0x850
[ 21.585481][ T8] free_unref_page_list+0xf6/0x6c0
[ 21.590426][ T8] release_pages+0xf7f/0xfe0
[ 21.594851][ T8] __pagevec_release+0x84/0x100
[ 21.599713][ T8] truncate_inode_pages_range+0x465/0xf10
[ 21.605268][ T8] truncate_inode_pages_final+0x83/0x90
[ 21.610649][ T8] ext4_evict_inode+0x657/0x1510
[ 21.615422][ T8] evict+0x2a3/0x630
[ 21.619155][ T8] evict_inodes+0x5d1/0x650
[ 21.623499][ T8] generic_shutdown_super+0x97/0x370
[ 21.628613][ T8] kill_block_super+0x7e/0xe0
[ 21.633130][ T8] deactivate_locked_super+0xa5/0x110
[ 21.638333][ T8] deactivate_super+0xbe/0xf0
[ 21.642848][ T8] cleanup_mnt+0x485/0x510
[ 21.647111][ T8] __cleanup_mnt+0x19/0x20
[ 21.651353][ T8] task_work_run+0x24d/0x2e0
[ 21.655780][ T8]
[ 21.657947][ T8] Memory state around the buggy address:
[ 21.663422][ T8] ffff8881206d0300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 21.671318][ T8] ffff8881206d0380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 21.679217][ T8] >ffff8881206d0400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 21.687112][ T8] ^
[ 21.693884][ T8] ffff8881206d0480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 21.701782][ T8] ffff8881206d0500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 21.709677][ T8] ==================================================================
[ 21.717698][ T8] Disabling lock debugging due to kernel taint
[ 21.723636][ T8] EXT4-fs error (device loop0): ext4_map_blocks:731: inode #16: comm kworker/u4:0: lblock 0 mapped to illegal pblock 0 (length 6)
umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555555b4660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555555b4660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file1") = 0
getdents64(3, 0x5555555ac620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555ab5d0) = 315
./strace-static-x86_64: Process 315 attached
[pid 315] chdir("./6") = 0
[pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 315] setpgid(0, 0) = 0
[pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 315] write(3, "1000", 4) = 4
[pid 315] close(3) = 0
[pid 315] symlink("/dev/binderfs", "./binderfs") = 0
[pid 315] memfd_create("syzkaller", 0) = 3
[pid 315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e0d878000
[pid 315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 315] munmap(0x7f3e0d878000, 262144) = 0
[pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 21.737128][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 6 with error 117
[ 21.749211][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 21.749211][ T8]
[ 21.759269][ T8] EXT4-fs error (device loop0): __ext4_get_inode_loc:4492: comm kworker/u4:0: Invalid inode table block 790638693 in block_group 0
[ 21.774174][ T292] EXT4-fs (loop0): unmounting filesystem.
[pid 315] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 315] close(3) = 0
[pid 315] mkdir("./file1", 0777) = 0
[pid 315] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0
[pid 315] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 315] chdir("./file1") = 0
[pid 315] ioctl(4, LOOP_CLR_FD) = 0
[pid 315] close(4) = 0
[pid 315] creat("./bus", 000) = 4
[pid 315] open("./file1", O_RDONLY|O_NOCTTY|O_NOATIME) = 5
[pid 315] sendfile(4, 5, NULL, 128512) = 128512
[pid 315] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 315] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6
[pid 315] write(-1, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x3f\x97\xfb\x6c\xc7\x3a\xc7\xd6\x46\x1d\xd1\x5c\x08\x7e\xa4\x87\x77\xc7\x65\xb9\xfe\x28\x9b\xc5\x54\x08\xbb\xc3\x77\x5e\xf3\xb2\x65\x55\xb7\xfe\x9e\xe8\x9e\xf9\xe8\xfb\xc8\x80\x50\x35\x60\x6a\x17\x45\xbc\x0f\x32\xa5\x23\xb7\x9b\x41\x8b\x7f\xc4\x0f\x28\x53\x38\x52\x64\xd9\x80\xd5\xfa\x13\x33\x34\x8e\x91\xb1"..., 103) = -1 EBADF (Bad file descriptor)
[pid 315] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x3f\x97\xfb\x6c\xc7\x3a\xc7\xd6\x46\x1d\xd1\x5c\x08\x7e\xa4\x87\x77\xc7\x65\xb9\xfe\x28\x9b\xc5\x54\x08\xbb\xc3\x77\x5e\xf3\xb2\x65\x55\xb7\xfe\x9e\xe8\x9e\xf9\xe8\xfb\xc8\x80\x50\x35\x60\x6a\x17\x45\xbc\x0f\x32\xa5\x23\xb7\x9b\x41\x8b\x7f\xc4\x0f\x28\x53\x38\x52\x64\xd9\x80\xd5\xfa\x13\x33\x34\x8e\x91\xb1"..., 22455190) = 262144
[pid 315] creat("./bus", 000) = 7
[pid 315] lseek(7, 512, SEEK_SET) = 512
[pid 315] open("./bus", O_RDONLY) = 8
[pid 315] sendfile(7, 8, NULL, 128512) = 128512
[pid 315] exit_group(0) = ?
[pid 315] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555555ac620 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[ 21.801930][ T315] loop0: detected capacity change from 0 to 512
[ 21.812441][ T315] EXT4-fs (loop0): 1 orphan inode deleted
[ 21.817968][ T315] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 21.826756][ T315] ext4 filesystem being mounted at /root/syzkaller.20o3Yh/6/file1 supports timestamps until 2038 (0x7fffffff)
unlink("./6/binderfs") = 0
[ 21.852730][ T10] EXT4-fs error (device loop0): __ext4_get_inode_loc:4492: comm kworker/u4:1: Invalid inode table block 790638693 in block_group 0
[ 21.866201][ T10] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5841: Corrupt filesystem
[ 21.875593][ T10] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #16: comm kworker/u4:1: mark_inode_dirty error
[ 21.886886][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 16 with error 117
umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555555b4660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555555b4660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file1") = 0
getdents64(3, 0x5555555ac620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555ab5d0) = 318
./strace-static-x86_64: Process 318 attached
[pid 318] chdir("./7") = 0
[pid 318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 318] setpgid(0, 0) = 0
[pid 318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 318] write(3, "1000", 4) = 4
[pid 318] close(3) = 0
[pid 318] symlink("/dev/binderfs", "./binderfs") = 0
[pid 318] memfd_create("syzkaller", 0) = 3
[pid 318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e0d878000
[pid 318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 318] munmap(0x7f3e0d878000, 262144) = 0
[pid 318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 318] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 318] close(3) = 0
[pid 318] mkdir("./file1", 0777) = 0
[ 21.899130][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 21.899130][ T10]
[ 21.908811][ T10] EXT4-fs error (device loop0): __ext4_get_inode_loc:4492: comm kworker/u4:1: Invalid inode table block 790638693 in block_group 0
[ 21.923453][ T292] EXT4-fs (loop0): unmounting filesystem.
[ 21.940110][ T318] loop0: detected capacity change from 0 to 512
[pid 318] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0
[pid 318] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 318] chdir("./file1") = 0
[pid 318] ioctl(4, LOOP_CLR_FD) = 0
[pid 318] close(4) = 0
[pid 318] creat("./bus", 000) = 4
[pid 318] open("./file1", O_RDONLY|O_NOCTTY|O_NOATIME) = 5
[pid 318] sendfile(4, 5, NULL, 128512) = 128512
[pid 318] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 318] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6
[pid 318] write(-1, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x3f\x97\xfb\x6c\xc7\x3a\xc7\xd6\x46\x1d\xd1\x5c\x08\x7e\xa4\x87\x77\xc7\x65\xb9\xfe\x28\x9b\xc5\x54\x08\xbb\xc3\x77\x5e\xf3\xb2\x65\x55\xb7\xfe\x9e\xe8\x9e\xf9\xe8\xfb\xc8\x80\x50\x35\x60\x6a\x17\x45\xbc\x0f\x32\xa5\x23\xb7\x9b\x41\x8b\x7f\xc4\x0f\x28\x53\x38\x52\x64\xd9\x80\xd5\xfa\x13\x33\x34\x8e\x91\xb1"..., 103) = -1 EBADF (Bad file descriptor)
[pid 318] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x3f\x97\xfb\x6c\xc7\x3a\xc7\xd6\x46\x1d\xd1\x5c\x08\x7e\xa4\x87\x77\xc7\x65\xb9\xfe\x28\x9b\xc5\x54\x08\xbb\xc3\x77\x5e\xf3\xb2\x65\x55\xb7\xfe\x9e\xe8\x9e\xf9\xe8\xfb\xc8\x80\x50\x35\x60\x6a\x17\x45\xbc\x0f\x32\xa5\x23\xb7\x9b\x41\x8b\x7f\xc4\x0f\x28\x53\x38\x52\x64\xd9\x80\xd5\xfa\x13\x33\x34\x8e\x91\xb1"..., 22455190) = 262144
[pid 318] creat("./bus", 000) = 7
[pid 318] lseek(7, 512, SEEK_SET) = 512
[pid 318] open("./bus", O_RDONLY) = 8
[pid 318] sendfile(7, 8, NULL, 128512) = 128512
[pid 318] exit_group(0) = ?
[pid 318] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=318, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555555ac620 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./7/binderfs") = 0
[ 21.952647][ T318] EXT4-fs (loop0): 1 orphan inode deleted
[ 21.958176][ T318] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 21.967036][ T318] ext4 filesystem being mounted at /root/syzkaller.20o3Yh/7/file1 supports timestamps until 2038 (0x7fffffff)
[ 21.997592][ T8] EXT4-fs error (device loop0): __ext4_get_inode_loc:4492: comm kworker/u4:0: Invalid inode table block 790638693 in block_group 0
[ 22.011038][ T8] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5841: Corrupt filesystem
[ 22.020430][ T8] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #16: comm kworker/u4:0: mark_inode_dirty error
[ 22.031964][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 16 with error 117
[ 22.044117][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 22.044117][ T8]
umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555555b4660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555555b4660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file1") = 0
getdents64(3, 0x5555555ac620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555ab5d0) = 321
./strace-static-x86_64: Process 321 attached
[pid 321] chdir("./8") = 0
[pid 321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 321] setpgid(0, 0) = 0
[pid 321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 321] write(3, "1000", 4) = 4
[pid 321] close(3) = 0
[pid 321] symlink("/dev/binderfs", "./binderfs") = 0
[pid 321] memfd_create("syzkaller", 0) = 3
[pid 321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e0d878000
[pid 321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 321] munmap(0x7f3e0d878000, 262144) = 0
[pid 321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 22.053692][ T8] EXT4-fs error (device loop0): __ext4_get_inode_loc:4492: comm kworker/u4:0: Invalid inode table block 790638693 in block_group 0
[ 22.068460][ T292] EXT4-fs (loop0): unmounting filesystem.
[pid 321] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 321] close(3) = 0
[pid 321] mkdir("./file1", 0777) = 0
[pid 321] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0
[pid 321] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 321] chdir("./file1") = 0
[pid 321] ioctl(4, LOOP_CLR_FD) = 0
[pid 321] close(4) = 0
[pid 321] creat("./bus", 000) = 4
[pid 321] open("./file1", O_RDONLY|O_NOCTTY|O_NOATIME) = 5
[pid 321] sendfile(4, 5, NULL, 128512) = 128512
[pid 321] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 321] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6
[pid 321] write(-1, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x3f\x97\xfb\x6c\xc7\x3a\xc7\xd6\x46\x1d\xd1\x5c\x08\x7e\xa4\x87\x77\xc7\x65\xb9\xfe\x28\x9b\xc5\x54\x08\xbb\xc3\x77\x5e\xf3\xb2\x65\x55\xb7\xfe\x9e\xe8\x9e\xf9\xe8\xfb\xc8\x80\x50\x35\x60\x6a\x17\x45\xbc\x0f\x32\xa5\x23\xb7\x9b\x41\x8b\x7f\xc4\x0f\x28\x53\x38\x52\x64\xd9\x80\xd5\xfa\x13\x33\x34\x8e\x91\xb1"..., 103) = -1 EBADF (Bad file descriptor)
[pid 321] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x3f\x97\xfb\x6c\xc7\x3a\xc7\xd6\x46\x1d\xd1\x5c\x08\x7e\xa4\x87\x77\xc7\x65\xb9\xfe\x28\x9b\xc5\x54\x08\xbb\xc3\x77\x5e\xf3\xb2\x65\x55\xb7\xfe\x9e\xe8\x9e\xf9\xe8\xfb\xc8\x80\x50\x35\x60\x6a\x17\x45\xbc\x0f\x32\xa5\x23\xb7\x9b\x41\x8b\x7f\xc4\x0f\x28\x53\x38\x52\x64\xd9\x80\xd5\xfa\x13\x33\x34\x8e\x91\xb1"..., 22455190) = 262144
[pid 321] creat("./bus", 000) = 7
[pid 321] lseek(7, 512, SEEK_SET) = 512
[pid 321] open("./bus", O_RDONLY) = 8
[pid 321] sendfile(7, 8, NULL, 128512) = 128512
[pid 321] exit_group(0) = ?
[pid 321] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=321, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555555ac620 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./8/binderfs") = 0
[ 22.104846][ T321] loop0: detected capacity change from 0 to 512
[ 22.122734][ T321] EXT4-fs (loop0): 1 orphan inode deleted
[ 22.128294][ T321] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 22.137223][ T321] ext4 filesystem being mounted at /root/syzkaller.20o3Yh/8/file1 supports timestamps until 2038 (0x7fffffff)
[ 22.167737][ T8] EXT4-fs error (device loop0): __ext4_get_inode_loc:4492: comm kworker/u4:0: Invalid inode table block 790638693 in block_group 0
[ 22.181321][ T8] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5841: Corrupt filesystem
[ 22.190569][ T8] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #16: comm kworker/u4:0: mark_inode_dirty error
[ 22.201868][ T8] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 16 with error 117
umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555555b4660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555555b4660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/file1") = 0
getdents64(3, 0x5555555ac620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555ab5d0) = 324
./strace-static-x86_64: Process 324 attached
[pid 324] chdir("./9") = 0
[pid 324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 324] setpgid(0, 0) = 0
[pid 324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 324] write(3, "1000", 4) = 4
[pid 324] close(3) = 0
[pid 324] symlink("/dev/binderfs", "./binderfs") = 0
[pid 324] memfd_create("syzkaller", 0) = 3
[pid 324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e0d878000
[pid 324] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 324] munmap(0x7f3e0d878000, 262144) = 0
[pid 324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 22.214302][ T8] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 22.214302][ T8]
[ 22.223973][ T8] EXT4-fs error (device loop0): __ext4_get_inode_loc:4492: comm kworker/u4:0: Invalid inode table block 790638693 in block_group 0
[ 22.238920][ T292] EXT4-fs (loop0): unmounting filesystem.
[pid 324] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 324] close(3) = 0
[pid 324] mkdir("./file1", 0777) = 0
[pid 324] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0
[pid 324] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 324] chdir("./file1") = 0
[pid 324] ioctl(4, LOOP_CLR_FD) = 0
[pid 324] close(4) = 0
[pid 324] creat("./bus", 000) = 4
[pid 324] open("./file1", O_RDONLY|O_NOCTTY|O_NOATIME) = 5
[pid 324] sendfile(4, 5, NULL, 128512) = 128512
[pid 324] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 324] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6
[pid 324] write(-1, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x3f\x97\xfb\x6c\xc7\x3a\xc7\xd6\x46\x1d\xd1\x5c\x08\x7e\xa4\x87\x77\xc7\x65\xb9\xfe\x28\x9b\xc5\x54\x08\xbb\xc3\x77\x5e\xf3\xb2\x65\x55\xb7\xfe\x9e\xe8\x9e\xf9\xe8\xfb\xc8\x80\x50\x35\x60\x6a\x17\x45\xbc\x0f\x32\xa5\x23\xb7\x9b\x41\x8b\x7f\xc4\x0f\x28\x53\x38\x52\x64\xd9\x80\xd5\xfa\x13\x33\x34\x8e\x91\xb1"..., 103) = -1 EBADF (Bad file descriptor)
[pid 324] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x3f\x97\xfb\x6c\xc7\x3a\xc7\xd6\x46\x1d\xd1\x5c\x08\x7e\xa4\x87\x77\xc7\x65\xb9\xfe\x28\x9b\xc5\x54\x08\xbb\xc3\x77\x5e\xf3\xb2\x65\x55\xb7\xfe\x9e\xe8\x9e\xf9\xe8\xfb\xc8\x80\x50\x35\x60\x6a\x17\x45\xbc\x0f\x32\xa5\x23\xb7\x9b\x41\x8b\x7f\xc4\x0f\x28\x53\x38\x52\x64\xd9\x80\xd5\xfa\x13\x33\x34\x8e\x91\xb1"..., 22455190) = 262144
[pid 324] creat("./bus", 000) = 7
[pid 324] lseek(7, 512, SEEK_SET) = 512
[pid 324] open("./bus", O_RDONLY) = 8
[pid 324] sendfile(7, 8, NULL, 128512) = 128512
[pid 324] exit_group(0) = ?
[pid 324] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=324, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555555ac620 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./9/binderfs") = 0
[ 22.281485][ T324] loop0: detected capacity change from 0 to 512
[ 22.292451][ T324] EXT4-fs (loop0): 1 orphan inode deleted
[ 22.297988][ T324] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 22.306868][ T324] ext4 filesystem being mounted at /root/syzkaller.20o3Yh/9/file1 supports timestamps until 2038 (0x7fffffff)
[ 22.333333][ T10] EXT4-fs error (device loop0): __ext4_get_inode_loc:4492: comm kworker/u4:1: Invalid inode table block 790638693 in block_group 0
[ 22.346849][ T10] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5841: Corrupt filesystem
[ 22.356269][ T10] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #16: comm kworker/u4:1: mark_inode_dirty error
[ 22.367563][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 16 with error 117
umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555555b4660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555555b4660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/file1") = 0
getdents64(3, 0x5555555ac620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555ab5d0) = 328
./strace-static-x86_64: Process 328 attached
[pid 328] chdir("./10") = 0
[pid 328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 328] setpgid(0, 0) = 0
[pid 328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 328] write(3, "1000", 4) = 4
[pid 328] close(3) = 0
[pid 328] symlink("/dev/binderfs", "./binderfs") = 0
[pid 328] memfd_create("syzkaller", 0) = 3
[pid 328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e0d878000
[pid 328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 328] munmap(0x7f3e0d878000, 262144) = 0
[pid 328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 328] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 328] close(3) = 0
[pid 328] mkdir("./file1", 0777) = 0
[ 22.379643][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 22.379643][ T10]
[ 22.389199][ T10] EXT4-fs error (device loop0): __ext4_get_inode_loc:4492: comm kworker/u4:1: Invalid inode table block 790638693 in block_group 0
[ 22.404063][ T292] EXT4-fs (loop0): unmounting filesystem.
[ 22.426796][ T328] loop0: detected capacity change from 0 to 512
[pid 328] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0
[pid 328] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 328] chdir("./file1") = 0
[pid 328] ioctl(4, LOOP_CLR_FD) = 0
[pid 328] close(4) = 0
[pid 328] creat("./bus", 000) = 4
[pid 328] open("./file1", O_RDONLY|O_NOCTTY|O_NOATIME) = 5
[pid 328] sendfile(4, 5, NULL, 128512) = 128512
[pid 328] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 328] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6
[pid 328] write(-1, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x3f\x97\xfb\x6c\xc7\x3a\xc7\xd6\x46\x1d\xd1\x5c\x08\x7e\xa4\x87\x77\xc7\x65\xb9\xfe\x28\x9b\xc5\x54\x08\xbb\xc3\x77\x5e\xf3\xb2\x65\x55\xb7\xfe\x9e\xe8\x9e\xf9\xe8\xfb\xc8\x80\x50\x35\x60\x6a\x17\x45\xbc\x0f\x32\xa5\x23\xb7\x9b\x41\x8b\x7f\xc4\x0f\x28\x53\x38\x52\x64\xd9\x80\xd5\xfa\x13\x33\x34\x8e\x91\xb1"..., 103) = -1 EBADF (Bad file descriptor)
[pid 328] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x3f\x97\xfb\x6c\xc7\x3a\xc7\xd6\x46\x1d\xd1\x5c\x08\x7e\xa4\x87\x77\xc7\x65\xb9\xfe\x28\x9b\xc5\x54\x08\xbb\xc3\x77\x5e\xf3\xb2\x65\x55\xb7\xfe\x9e\xe8\x9e\xf9\xe8\xfb\xc8\x80\x50\x35\x60\x6a\x17\x45\xbc\x0f\x32\xa5\x23\xb7\x9b\x41\x8b\x7f\xc4\x0f\x28\x53\x38\x52\x64\xd9\x80\xd5\xfa\x13\x33\x34\x8e\x91\xb1"..., 22455190) = 262144
[pid 328] creat("./bus", 000) = 7
[pid 328] lseek(7, 512, SEEK_SET) = 512
[pid 328] open("./bus", O_RDONLY) = 8
[pid 328] sendfile(7, 8, NULL, 128512) = 128512
[pid 328] exit_group(0) = ?
[pid 328] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=328, si_uid=0, si_status=0, si_utime=0, si_stime=3} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555555ac620 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./10/binderfs") = 0
[ 22.442568][ T328] EXT4-fs (loop0): 1 orphan inode deleted
[ 22.448095][ T328] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 22.456875][ T328] ext4 filesystem being mounted at /root/syzkaller.20o3Yh/10/file1 supports timestamps until 2038 (0x7fffffff)
[ 22.494515][ T284] EXT4-fs error (device loop0): __ext4_get_inode_loc:4492: comm kworker/u4:3: Invalid inode table block 790638693 in block_group 0
[ 22.508007][ T284] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5841: Corrupt filesystem
[ 22.517418][ T284] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #16: comm kworker/u4:3: mark_inode_dirty error
[ 22.528819][ T284] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 16 with error 117
umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555555b4660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555555b4660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/file1") = 0
getdents64(3, 0x5555555ac620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555ab5d0) = 331
./strace-static-x86_64: Process 331 attached
[pid 331] chdir("./11") = 0
[pid 331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 331] setpgid(0, 0) = 0
[pid 331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 331] write(3, "1000", 4) = 4
[pid 331] close(3) = 0
[pid 331] symlink("/dev/binderfs", "./binderfs") = 0
[pid 331] memfd_create("syzkaller", 0) = 3
[pid 331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e0d878000
[pid 331] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144
[pid 331] munmap(0x7f3e0d878000, 262144) = 0
[pid 331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 331] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 331] close(3) = 0
[pid 331] mkdir("./file1", 0777) = 0
[ 22.540966][ T284] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 22.540966][ T284]
[ 22.550595][ T284] EXT4-fs error (device loop0): __ext4_get_inode_loc:4492: comm kworker/u4:3: Invalid inode table block 790638693 in block_group 0
[ 22.565362][ T292] EXT4-fs (loop0): unmounting filesystem.
[ 22.586877][ T331] loop0: detected capacity change from 0 to 512
[pid 331] mount("/dev/loop0", "./file1", "ext4", MS_NOSYMFOLLOW|MS_NOATIME|MS_REC, ",errors=continue") = 0
[pid 331] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid 331] chdir("./file1") = 0
[pid 331] ioctl(4, LOOP_CLR_FD) = 0
[pid 331] close(4) = 0
[pid 331] creat("./bus", 000) = 4
[pid 331] open("./file1", O_RDONLY|O_NOCTTY|O_NOATIME) = 5
[pid 331] sendfile(4, 5, NULL, 128512) = 128512
[pid 331] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0
[pid 331] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6
[pid 331] write(-1, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x3f\x97\xfb\x6c\xc7\x3a\xc7\xd6\x46\x1d\xd1\x5c\x08\x7e\xa4\x87\x77\xc7\x65\xb9\xfe\x28\x9b\xc5\x54\x08\xbb\xc3\x77\x5e\xf3\xb2\x65\x55\xb7\xfe\x9e\xe8\x9e\xf9\xe8\xfb\xc8\x80\x50\x35\x60\x6a\x17\x45\xbc\x0f\x32\xa5\x23\xb7\x9b\x41\x8b\x7f\xc4\x0f\x28\x53\x38\x52\x64\xd9\x80\xd5\xfa\x13\x33\x34\x8e\x91\xb1"..., 103) = -1 EBADF (Bad file descriptor)
[pid 331] write(6, "\x23\x21\x20\x2e\x2f\x66\x69\x6c\x65\x30\x20\x2f\x64\x65\x76\x2f\x6c\x6f\x6f\x70\x20\x28\x0a\x3f\x97\xfb\x6c\xc7\x3a\xc7\xd6\x46\x1d\xd1\x5c\x08\x7e\xa4\x87\x77\xc7\x65\xb9\xfe\x28\x9b\xc5\x54\x08\xbb\xc3\x77\x5e\xf3\xb2\x65\x55\xb7\xfe\x9e\xe8\x9e\xf9\xe8\xfb\xc8\x80\x50\x35\x60\x6a\x17\x45\xbc\x0f\x32\xa5\x23\xb7\x9b\x41\x8b\x7f\xc4\x0f\x28\x53\x38\x52\x64\xd9\x80\xd5\xfa\x13\x33\x34\x8e\x91\xb1"..., 22455190) = 262144
[pid 331] creat("./bus", 000) = 7
[pid 331] lseek(7, 512, SEEK_SET) = 512
[pid 331] open("./bus", O_RDONLY) = 8
[pid 331] sendfile(7, 8, NULL, 128512) = 128512
[pid 331] exit_group(0) = ?
[pid 331] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=331, si_uid=0, si_status=0, si_utime=0, si_stime=2} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555555ac620 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./11/binderfs") = 0
[ 22.602757][ T331] EXT4-fs (loop0): 1 orphan inode deleted
[ 22.608308][ T331] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 22.617139][ T331] ext4 filesystem being mounted at /root/syzkaller.20o3Yh/11/file1 supports timestamps until 2038 (0x7fffffff)
[ 22.641853][ T284] ------------[ cut here ]------------
[ 22.647117][ T284] kernel BUG at fs/ext4/inode.c:2433!
[ 22.652505][ T284] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 22.658375][ T284] CPU: 0 PID: 284 Comm: kworker/u4:3 Tainted: G B 6.1.25-syzkaller-00099-g35fe0d393f80 #0
[ 22.669484][ T284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 22.679379][ T284] Workqueue: writeback wb_workfn (flush-7:0)
[ 22.685191][ T284] RIP: 0010:ext4_writepages+0x3d59/0x3fb0
[ 22.690747][ T284] Code: e8 ac 80 82 ff be 00 10 00 00 48 c7 c7 d0 92 8b 86 4c 89 f2 e8 a8 5a a9 00 e9 1d fb ff ff e8 8e 80 82 ff 0f 0b e8 87 80 82 ff <0f> 0b e8 e0 a2 14 03 65 8b 05 21 ce 10 7e 41 89 c7 4c 89 f8 48 c1
[ 22.710186][ T284] RSP: 0018:ffffc90000d87000 EFLAGS: 00010293
[ 22.716094][ T284] RAX: ffffffff81f14329 RBX: dffffc0000000000 RCX: ffff888121a66540
[ 22.723901][ T284] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 22.731711][ T284] RBP: ffffc90000d87410 R08: ffffffff81f1201d R09: ffffed10200ac8ba
[ 22.739522][ T284] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90000d87330
[ 22.747333][ T284] R13: 0000000000000000 R14: ffff888100564608 R15: 0000000000000000
[ 22.755146][ T284] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 22.763910][ T284] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 22.770339][ T284] CR2: 00005555555b4628 CR3: 000000010f4db000 CR4: 00000000003506b0
[ 22.778148][ T284] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 22.785965][ T284] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 22.793766][ T284] Call Trace:
[ 22.796892][ T284]
[ 22.799673][ T284] ? sched_group_set_idle+0x710/0x710
[ 22.804877][ T284] ? ext4_read_folio+0x240/0x240
[ 22.809658][ T284] ? xas_start+0x32c/0x3f0
[ 22.813903][ T284] ? xas_load+0x34f/0x370
[ 22.818073][ T284] ? __kasan_check_write+0x14/0x20
[ 22.823039][ T284] ? folio_activate_fn+0xd20/0xd20
[ 22.827971][ T284] ? ext4_read_folio+0x240/0x240
[ 22.832737][ T284] do_writepages+0x385/0x620
[ 22.837170][ T284] ? __writepage+0x130/0x130
[ 22.841588][ T284] ? update_load_avg+0x54a/0x14e0
[ 22.846451][ T284] ? update_curr+0x2fe/0x5f0
[ 22.850875][ T284] ? enqueue_task_fair+0xdf9/0x22b0
[ 22.855913][ T284] __writeback_single_inode+0xdc/0xb80
[ 22.861211][ T284] writeback_sb_inodes+0xb33/0x18f0
[ 22.866241][ T284] ? queue_io+0x520/0x520
[ 22.870412][ T284] ? __writeback_inodes_wb+0x3f0/0x3f0
[ 22.875701][ T284] ? queue_io+0x3d0/0x520
[ 22.879863][ T284] ? memset+0x35/0x40
[ 22.883685][ T284] wb_writeback+0x3b9/0x9f0
[ 22.888050][ T284] ? inode_cgwb_move_to_attached+0x3c0/0x3c0
[ 22.893845][ T284] ? set_worker_desc+0x158/0x1c0
[ 22.898612][ T284] ? __kasan_check_write+0x14/0x20
[ 22.903560][ T284] wb_workfn+0x399/0x1030
[ 22.907725][ T284] ? inode_wait_for_writeback+0x280/0x280
[ 22.913392][ T284] ? kthread_data+0x53/0xc0
[ 22.917707][ T284] ? _raw_spin_unlock+0x4c/0x70
[ 22.922396][ T284] ? finish_task_switch+0x167/0x7b0
[ 22.927426][ T284] ? __kasan_check_read+0x11/0x20
[ 22.932286][ T284] ? read_word_at_a_time+0x12/0x20
[ 22.937232][ T284] ? strscpy+0x9c/0x260
[ 22.941225][ T284] process_one_work+0x73d/0xcb0
[ 22.945913][ T284] worker_thread+0xa60/0x1260
[ 22.950426][ T284] ? __kasan_check_read+0x11/0x20
[ 22.955287][ T284] kthread+0x26d/0x300
[ 22.959199][ T284] ? worker_clr_flags+0x1a0/0x1a0
[ 22.964053][ T284] ? kthread_blkcg+0xd0/0xd0
[ 22.968655][ T284] ret_from_fork+0x1f/0x30
[ 22.972905][ T284]
[ 22.975767][ T284] Modules linked in:
[ 22.979678][ T284] ---[ end trace 0000000000000000 ]---
[ 22.985076][ T284] RIP: 0010:ext4_writepages+0x3d59/0x3fb0
[ 22.990621][ T284] Code: e8 ac 80 82 ff be 00 10 00 00 48 c7 c7 d0 92 8b 86 4c 89 f2 e8 a8 5a a9 00 e9 1d fb ff ff e8 8e 80 82 ff 0f 0b e8 87 80 82 ff <0f> 0b e8 e0 a2 14 03 65 8b 05 21 ce 10 7e 41 89 c7 4c 89 f8 48 c1
[ 23.010387][ T284] RSP: 0018:ffffc90000d87000 EFLAGS: 00010293
[ 23.016342][ T284] RAX: ffffffff81f14329 RBX: dffffc0000000000 RCX: ffff888121a66540
[ 23.024136][ T284] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 23.031952][ T284] RBP: ffffc90000d87410 R08: ffffffff81f1201d R09: ffffed10200ac8ba
[ 23.039733][ T284] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90000d87330
[ 23.047569][ T284] R13: 0000000000000000 R14: ffff888100564608 R15: 0000000000000000
[ 23.055410][ T284] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 23.064180][ T284] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 23.070582][ T284] CR2: 0000000020042000 CR3: 000000000660f000 CR4: 00000000003506a0
[ 23.078421][ T284] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 23.086214][ T284] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 23.094032][ T284] Kernel panic - not syncing: Fatal exception
[ 23.100127][ T284] Kernel Offset: disabled
[ 23.104247][ T284] Rebooting in 86400 seconds..