./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3346011189 <...> Warning: Permanently added '10.128.1.21' (ECDSA) to the list of known hosts. execve("./syz-executor3346011189", ["./syz-executor3346011189"], 0x7ffd6b27eaa0 /* 10 vars */) = 0 brk(NULL) = 0x555555b30000 brk(0x555555b30c40) = 0x555555b30c40 arch_prctl(ARCH_SET_FS, 0x555555b30300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555555b305d0) = 4999 set_robust_list(0x555555b305e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f2af5bbac30, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f2af5bbb300}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f2af5bbacd0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2af5bbb300}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3346011189", 4096) = 28 brk(0x555555b51c40) = 0x555555b51c40 brk(0x555555b52000) = 0x555555b52000 mprotect(0x7f2af5c7d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=784, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=4999}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1d\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x2e\x00\x00\x00\x98\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 784 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4999}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 access("/proc/net", R_OK) = 0 access("/proc/net/unix", R_OK) = 0 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4999}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4999}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4999}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4999}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4999}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 close(3) = 0 close(4) = 0 getpid() = 4999 mkdir("./syzkaller.JCsbUa", 0700) = 0 chmod("./syzkaller.JCsbUa", 0777) = 0 chdir("./syzkaller.JCsbUa") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5001 ./strace-static-x86_64: Process 5001 attached [pid 5001] set_robust_list(0x555555b305e0, 24) = 0 [pid 5001] chdir("./0") = 0 [pid 5001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5001] setpgid(0, 0) = 0 [pid 5001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5001] write(3, "1000", 4) = 4 [pid 5001] close(3) = 0 [pid 5001] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5001] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5001] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5001] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5001] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5003], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5003 [pid 5001] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5001] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5003 attached [pid 5003] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5003] memfd_create("syzkaller", 0) = 3 [pid 5003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5003] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5003] munmap(0x7f2aed789000, 1048576) = 0 [pid 5003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5003] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5003] close(3) = 0 [pid 5003] mkdir("./file2", 0777) = 0 [pid 5003] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5003] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5003] chdir("./file2") = 0 [pid 5003] ioctl(4, LOOP_CLR_FD) = 0 [pid 5003] close(4) = 0 [pid 5003] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5003] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5001] <... futex resumed>) = 0 [pid 5001] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5003] <... futex resumed>) = 0 [pid 5001] <... futex resumed>) = 1 [pid 5003] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 syzkaller login: [ 45.126890][ T5003] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5003 'syz-executor334' [ 45.147043][ T5003] loop0: detected capacity change from 0 to 2048 [ 45.162413][ T5004] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5001] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5003] <... open resumed>) = 4 [pid 5003] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5003] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5001] <... futex resumed>) = 0 [pid 5001] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5003] <... futex resumed>) = 0 [pid 5001] <... futex resumed>) = 1 [pid 5003] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5001] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5003] <... open resumed>) = 5 [pid 5003] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] <... futex resumed>) = 0 [pid 5001] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5001] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5003] <... futex resumed>) = 1 [pid 5003] ftruncate(5, 33587199) = 0 [pid 5003] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] <... futex resumed>) = 0 [pid 5001] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5001] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5003] <... futex resumed>) = 1 [ 45.176303][ T27] audit: type=1800 audit(1687313629.688:2): pid=5003 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 45.199836][ T27] audit: type=1800 audit(1687313629.708:3): pid=5003 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="bus" dev="loop0" ino=18 res=0 errno=0 [pid 5003] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5003] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5003] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5001] <... futex resumed>) = 0 [pid 5001] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5001] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5003] <... futex resumed>) = 0 [pid 5003] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5003] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5001] <... futex resumed>) = 0 [pid 5001] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5001] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5003] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5003] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5001] <... futex resumed>) = 0 [pid 5001] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5001] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5003] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5003] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5001] <... futex resumed>) = 0 [pid 5001] exit_group(0) = ? [pid 5003] +++ exited with 0 +++ [pid 5001] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5001, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 45.202987][ T5003] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 45.231332][ T5003] Remounting filesystem read-only [ 45.257149][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 45.266160][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 45.272875][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 45.280189][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 45.289235][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 45.298118][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 45.307468][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 45.314124][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 45.321439][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 45.328832][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 45.336143][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 45.343428][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 45.350407][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 45.357720][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 45.366577][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5005 attached , child_tidptr=0x555555b305d0) = 5005 [pid 5005] set_robust_list(0x555555b305e0, 24) = 0 [pid 5005] chdir("./1") = 0 [pid 5005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5005] setpgid(0, 0) = 0 [pid 5005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5005] write(3, "1000", 4) = 4 [pid 5005] close(3) = 0 [pid 5005] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5005] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5005] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5005] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5006], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5006 [pid 5005] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5006 attached [pid 5006] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5006] memfd_create("syzkaller", 0) = 3 [pid 5006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5006] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5006] munmap(0x7f2aed789000, 1048576) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 45.375422][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5006] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5006] close(3) = 0 [pid 5006] mkdir("./file2", 0777) = 0 [pid 5006] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5006] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5006] chdir("./file2") = 0 [pid 5006] ioctl(4, LOOP_CLR_FD) = 0 [pid 5006] close(4) = 0 [pid 5006] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] <... futex resumed>) = 1 [ 45.429845][ T5006] loop0: detected capacity change from 0 to 2048 [ 45.441953][ T5007] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5006] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5006] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5006] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5006] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5005] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5006] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] <... futex resumed>) = 0 [pid 5006] <... futex resumed>) = 1 [pid 5005] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] ftruncate(5, 33587199 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] <... ftruncate resumed>) = 0 [pid 5006] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5006] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5006] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5006] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5006] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5005] <... futex resumed>) = 0 [pid 5005] exit_group(0) = ? [pid 5006] +++ exited with 0 +++ [pid 5005] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5005, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 45.463138][ T27] audit: type=1800 audit(1687313629.968:4): pid=5006 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 45.487423][ T27] audit: type=1800 audit(1687313629.998:5): pid=5006 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 45.512135][ T5006] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 45.522373][ T5006] Remounting filesystem read-only [ 45.566163][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 45.575038][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 45.581756][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 45.589256][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 45.598117][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 45.606980][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 45.616010][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 45.622668][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 45.629978][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 45.637274][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 45.644532][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 45.651840][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 45.658818][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5008 ./strace-static-x86_64: Process 5008 attached [pid 5008] set_robust_list(0x555555b305e0, 24) = 0 [pid 5008] chdir("./2") = 0 [pid 5008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5008] setpgid(0, 0) = 0 [pid 5008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5008] write(3, "1000", 4) = 4 [pid 5008] close(3) = 0 [pid 5008] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5008] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5008] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5008] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5009], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5009 [pid 5008] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5009 attached [pid 5009] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5009] memfd_create("syzkaller", 0) = 3 [pid 5009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5009] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5009] munmap(0x7f2aed789000, 1048576) = 0 [pid 5009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 45.666159][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 45.675031][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 45.683911][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5009] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5009] close(3) = 0 [pid 5009] mkdir("./file2", 0777) = 0 [pid 5009] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5009] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5009] chdir("./file2") = 0 [pid 5009] ioctl(4, LOOP_CLR_FD) = 0 [pid 5009] close(4) = 0 [pid 5009] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5009] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5008] <... futex resumed>) = 0 [pid 5008] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5009] <... futex resumed>) = 0 [pid 5009] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5008] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] <... open resumed>) = 4 [pid 5009] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5008] <... futex resumed>) = 0 [pid 5008] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5009] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5008] <... futex resumed>) = 0 [pid 5009] ftruncate(5, 33587199 [pid 5008] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] <... ftruncate resumed>) = 0 [pid 5008] <... futex resumed>) = 0 [pid 5009] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] <... futex resumed>) = 0 [pid 5008] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5009] sendfile(4, 5, NULL, 281474978811908 [ 45.730932][ T5009] loop0: detected capacity change from 0 to 2048 [ 45.743137][ T5010] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 45.756860][ T27] audit: type=1800 audit(1687313630.268:6): pid=5009 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="file2" dev="loop0" ino=16 res=0 errno=0 [pid 5008] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5009] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5008] <... futex resumed>) = 0 [pid 5008] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5009] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5008] <... futex resumed>) = 0 [pid 5008] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5009] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5008] <... futex resumed>) = 0 [pid 5008] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5009] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5008] <... futex resumed>) = 0 [pid 5008] exit_group(0) = ? [pid 5009] +++ exited with 0 +++ [pid 5008] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5008, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 [ 45.778164][ T27] audit: type=1800 audit(1687313630.288:7): pid=5009 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 45.781024][ T5009] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 45.809486][ T5009] Remounting filesystem read-only [ 45.826679][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 45.835526][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 45.842244][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 45.849544][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 45.858422][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 45.867390][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 45.876421][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 45.883077][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 45.890375][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 45.897674][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 45.904943][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 45.912240][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 45.919215][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5011 attached , child_tidptr=0x555555b305d0) = 5011 [pid 5011] set_robust_list(0x555555b305e0, 24) = 0 [pid 5011] chdir("./3") = 0 [pid 5011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5011] setpgid(0, 0) = 0 [pid 5011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5011] write(3, "1000", 4) = 4 [pid 5011] close(3) = 0 [pid 5011] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5011] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 45.926547][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 45.935397][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 45.944299][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5011] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5011] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5012 attached [pid 5012] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5012] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5011] <... clone resumed>, parent_tid=[5012], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5012 [pid 5011] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5012] <... futex resumed>) = 0 [pid 5012] memfd_create("syzkaller", 0 [pid 5011] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5012] <... memfd_create resumed>) = 3 [pid 5012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5012] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5012] munmap(0x7f2aed789000, 1048576) = 0 [pid 5012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5012] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5012] close(3) = 0 [pid 5012] mkdir("./file2", 0777) = 0 [pid 5012] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5012] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5012] chdir("./file2") = 0 [pid 5012] ioctl(4, LOOP_CLR_FD) = 0 [pid 5012] close(4) = 0 [pid 5012] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] <... futex resumed>) = 0 [pid 5011] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5012] <... futex resumed>) = 1 [pid 5012] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5012] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] <... futex resumed>) = 0 [pid 5011] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5012] <... futex resumed>) = 1 [pid 5012] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5012] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] <... futex resumed>) = 0 [pid 5011] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5012] <... futex resumed>) = 1 [pid 5012] ftruncate(5, 33587199) = 0 [pid 5012] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] <... futex resumed>) = 0 [pid 5011] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5012] <... futex resumed>) = 1 [ 46.005784][ T5012] loop0: detected capacity change from 0 to 2048 [ 46.017477][ T5013] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5012] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5012] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5011] <... futex resumed>) = 0 [pid 5011] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5012] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5012] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5011] <... futex resumed>) = 0 [pid 5011] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5012] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5012] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5011] <... futex resumed>) = 0 [pid 5011] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5012] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5012] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5011] <... futex resumed>) = 0 [pid 5011] exit_group(0) = ? [pid 5012] +++ exited with 0 +++ [pid 5011] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5011, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 46.040788][ T27] audit: type=1800 audit(1687313630.548:8): pid=5012 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 46.050029][ T5012] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 46.071238][ T27] audit: type=1800 audit(1687313630.548:9): pid=5012 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 46.092120][ T5012] Remounting filesystem read-only [ 46.107581][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 46.116482][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 46.123140][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 46.130474][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 46.139391][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 46.148250][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 46.157211][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 46.163867][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 46.171171][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 46.178469][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 46.185769][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 46.193051][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 46.200132][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5014 ./strace-static-x86_64: Process 5014 attached [pid 5014] set_robust_list(0x555555b305e0, 24) = 0 [pid 5014] chdir("./4") = 0 [pid 5014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5014] setpgid(0, 0) = 0 [pid 5014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5014] write(3, "1000", 4) = 4 [pid 5014] close(3) = 0 [pid 5014] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5014] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5014] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5014] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5015 attached , parent_tid=[5015], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5015 [pid 5015] set_robust_list(0x7f2af5ba99e0, 24 [pid 5014] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] <... set_robust_list resumed>) = 0 [pid 5014] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5015] memfd_create("syzkaller", 0) = 3 [pid 5015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5015] munmap(0x7f2aed789000, 1048576) = 0 [pid 5015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 46.207643][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 46.216639][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 46.225482][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5015] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5015] close(3) = 0 [pid 5015] mkdir("./file2", 0777) = 0 [pid 5015] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5015] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5015] chdir("./file2") = 0 [pid 5015] ioctl(4, LOOP_CLR_FD) = 0 [pid 5015] close(4) = 0 [pid 5015] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5014] <... futex resumed>) = 0 [pid 5015] <... futex resumed>) = 1 [pid 5014] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5015] <... open resumed>) = 4 [ 46.264694][ T5015] loop0: detected capacity change from 0 to 2048 [ 46.277097][ T5016] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5015] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5015] <... futex resumed>) = 1 [pid 5015] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5015] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5015] <... futex resumed>) = 1 [pid 5015] ftruncate(5, 33587199) = 0 [pid 5015] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5015] <... futex resumed>) = 1 [ 46.307215][ T27] audit: type=1800 audit(1687313630.818:10): pid=5015 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 46.328258][ T27] audit: type=1800 audit(1687313630.818:11): pid=5015 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="bus" dev="loop0" ino=18 res=0 errno=0 [pid 5015] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5015] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5015] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5015] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5015] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5015] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5015] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5015] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5014] exit_group(0) = ? [pid 5015] +++ exited with 0 +++ [pid 5014] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5014, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 [ 46.329191][ T5015] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 46.359186][ T5015] Remounting filesystem read-only [ 46.376886][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 46.385862][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 46.392521][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 46.399856][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 46.408826][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 46.417713][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 46.426680][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 46.433334][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 46.440628][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 46.447936][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5017 ./strace-static-x86_64: Process 5017 attached [pid 5017] set_robust_list(0x555555b305e0, 24) = 0 [pid 5017] chdir("./5") = 0 [pid 5017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5017] setpgid(0, 0) = 0 [pid 5017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5017] write(3, "1000", 4) = 4 [pid 5017] close(3) = 0 [pid 5017] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5017] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5017] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5017] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5018], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5018 ./strace-static-x86_64: Process 5018 attached [pid 5018] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5018] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5017] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5018] <... futex resumed>) = 0 [pid 5017] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5018] memfd_create("syzkaller", 0) = 3 [pid 5018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [ 46.455192][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 46.462490][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 46.469476][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 46.476798][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 46.485649][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 46.494550][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5018] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5018] munmap(0x7f2aed789000, 1048576) = 0 [pid 5018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5018] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5018] close(3) = 0 [pid 5018] mkdir("./file2", 0777) = 0 [pid 5018] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5018] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5018] chdir("./file2") = 0 [pid 5018] ioctl(4, LOOP_CLR_FD) = 0 [pid 5018] close(4) = 0 [pid 5018] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5018] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5017] <... futex resumed>) = 0 [pid 5017] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5017] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5018] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5018] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5018] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5018] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5017] <... futex resumed>) = 0 [pid 5017] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5017] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5018] <... futex resumed>) = 0 [pid 5018] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5018] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5017] <... futex resumed>) = 0 [pid 5017] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5017] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5018] ftruncate(5, 33587199) = 0 [pid 5018] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5017] <... futex resumed>) = 0 [pid 5017] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5017] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 46.542409][ T5018] loop0: detected capacity change from 0 to 2048 [ 46.556006][ T5019] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5018] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5018] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5017] <... futex resumed>) = 0 [pid 5017] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5017] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5018] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5018] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5017] <... futex resumed>) = 0 [pid 5017] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5017] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5018] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5018] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5017] <... futex resumed>) = 0 [pid 5017] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5017] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5018] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5018] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5017] <... futex resumed>) = 0 [pid 5017] exit_group(0) = ? [pid 5018] +++ exited with 0 +++ [pid 5017] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5017, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 [ 46.586048][ T5018] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 46.596360][ T5018] Remounting filesystem read-only [ 46.636135][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 46.645005][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 46.651732][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 46.659134][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 46.668012][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 46.676886][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 46.685940][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 46.692598][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 46.699905][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 46.707223][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 46.714498][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 46.721810][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 46.728796][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5020 ./strace-static-x86_64: Process 5020 attached [pid 5020] set_robust_list(0x555555b305e0, 24) = 0 [pid 5020] chdir("./6") = 0 [pid 5020] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5020] setpgid(0, 0) = 0 [pid 5020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5020] write(3, "1000", 4) = 4 [pid 5020] close(3) = 0 [pid 5020] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5020] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5020] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5020] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5021 attached , parent_tid=[5021], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5021 [pid 5021] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5021] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5020] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5020] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5021] <... futex resumed>) = 0 [pid 5021] memfd_create("syzkaller", 0) = 3 [pid 5021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5021] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5021] munmap(0x7f2aed789000, 1048576) = 0 [pid 5021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 46.736101][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 46.744954][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 46.753848][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5021] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5021] close(3) = 0 [pid 5021] mkdir("./file2", 0777) = 0 [pid 5021] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5021] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5021] chdir("./file2") = 0 [pid 5021] ioctl(4, LOOP_CLR_FD) = 0 [pid 5021] close(4) = 0 [pid 5021] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5021] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5020] <... futex resumed>) = 0 [pid 5020] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5021] <... futex resumed>) = 0 [pid 5020] <... futex resumed>) = 1 [pid 5021] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5020] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5021] <... open resumed>) = 4 [pid 5021] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5021] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5020] <... futex resumed>) = 0 [pid 5020] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5021] <... futex resumed>) = 0 [pid 5020] <... futex resumed>) = 1 [pid 5021] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5020] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5021] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5021] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5020] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5021] <... futex resumed>) = 0 [pid 5020] <... futex resumed>) = 1 [pid 5021] ftruncate(5, 33587199) = 0 [pid 5020] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5021] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5021] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5020] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5021] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5020] <... futex resumed>) = 0 [pid 5021] sendfile(4, 5, NULL, 281474978811908 [ 46.804863][ T5021] loop0: detected capacity change from 0 to 2048 [ 46.818561][ T5022] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 46.844469][ T5021] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [pid 5020] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5021] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5021] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5020] <... futex resumed>) = 0 [pid 5020] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5021] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5021] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5020] <... futex resumed>) = 0 [pid 5020] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5021] <... futex resumed>) = 1 [pid 5021] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5021] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5020] <... futex resumed>) = 0 [pid 5020] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5020] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5021] <... futex resumed>) = 1 [pid 5021] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5021] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5020] <... futex resumed>) = 0 [pid 5020] exit_group(0) = ? [pid 5021] +++ exited with 0 +++ [pid 5020] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5020, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 [ 46.854625][ T5021] Remounting filesystem read-only [ 46.870756][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 46.879705][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 46.886616][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 46.893892][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 46.903030][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 46.911895][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 46.920878][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 46.927574][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 46.934851][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 46.942143][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5023 ./strace-static-x86_64: Process 5023 attached [pid 5023] set_robust_list(0x555555b305e0, 24) = 0 [pid 5023] chdir("./7") = 0 [pid 5023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5023] setpgid(0, 0) = 0 [pid 5023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5023] write(3, "1000", 4) = 4 [pid 5023] close(3) = 0 [pid 5023] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5023] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5023] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5023] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5024 attached , parent_tid=[5024], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5024 [pid 5024] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5024] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5023] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5023] <... futex resumed>) = 0 [pid 5023] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5024] memfd_create("syzkaller", 0) = 3 [pid 5024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [ 46.949436][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 46.956883][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 46.963816][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 46.971116][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 46.980008][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 46.988889][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5024] munmap(0x7f2aed789000, 1048576) = 0 [pid 5024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5024] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5024] close(3) = 0 [pid 5024] mkdir("./file2", 0777) = 0 [pid 5024] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5024] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5024] chdir("./file2") = 0 [pid 5024] ioctl(4, LOOP_CLR_FD) = 0 [pid 5024] close(4) = 0 [pid 5024] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5024] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5023] <... futex resumed>) = 0 [pid 5023] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] <... futex resumed>) = 0 [pid 5024] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5023] <... futex resumed>) = 1 [pid 5023] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5024] <... open resumed>) = 4 [pid 5024] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5024] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5023] <... futex resumed>) = 0 [pid 5023] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] <... futex resumed>) = 0 [pid 5024] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5023] <... futex resumed>) = 1 [pid 5023] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5024] <... open resumed>) = 5 [pid 5024] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5024] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5023] <... futex resumed>) = 0 [pid 5023] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] <... futex resumed>) = 0 [pid 5024] ftruncate(5, 33587199) = 0 [pid 5024] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5023] <... futex resumed>) = 1 [pid 5023] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5023] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] <... futex resumed>) = 0 [pid 5023] <... futex resumed>) = 1 [pid 5024] sendfile(4, 5, NULL, 281474978811908 [pid 5023] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5024] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5024] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5023] <... futex resumed>) = 0 [pid 5023] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5024] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000 [pid 5023] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5024] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5024] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5023] <... futex resumed>) = 0 [pid 5024] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5023] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5023] <... futex resumed>) = 0 [pid 5024] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5023] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5024] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5024] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5023] <... futex resumed>) = 0 [pid 5024] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5023] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5023] <... futex resumed>) = 0 [pid 5024] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5024] <... futex resumed>) = 0 [pid 5023] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5024] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5023] exit_group(0 [pid 5024] <... futex resumed>) = ? [pid 5023] <... exit_group resumed>) = ? [pid 5024] +++ exited with 0 +++ [pid 5023] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5023, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 [ 47.038654][ T5024] loop0: detected capacity change from 0 to 2048 [ 47.051159][ T5025] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 47.069536][ T5024] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 47.079633][ T5024] Remounting filesystem read-only [ 47.096658][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 47.105534][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 47.112516][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 47.119838][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 47.128706][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 47.137569][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 47.146638][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 47.153301][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 47.160803][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 47.168282][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 47.175586][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 47.183133][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 47.190124][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5026 attached , child_tidptr=0x555555b305d0) = 5026 [pid 5026] set_robust_list(0x555555b305e0, 24) = 0 [pid 5026] chdir("./8") = 0 [pid 5026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5026] setpgid(0, 0) = 0 [pid 5026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5026] write(3, "1000", 4) = 4 [pid 5026] close(3) = 0 [pid 5026] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5026] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5026] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5026] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5027 attached [pid 5027] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5027] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5026] <... clone resumed>, parent_tid=[5027], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5027 [pid 5026] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5027] <... futex resumed>) = 0 [pid 5026] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5027] memfd_create("syzkaller", 0) = 3 [pid 5027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5027] munmap(0x7f2aed789000, 1048576) = 0 [pid 5027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 47.197454][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 47.206326][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 47.215178][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5027] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5027] close(3) = 0 [pid 5027] mkdir("./file2", 0777) = 0 [pid 5027] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5027] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5027] chdir("./file2") = 0 [pid 5027] ioctl(4, LOOP_CLR_FD) = 0 [pid 5027] close(4) = 0 [pid 5027] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5027] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5026] <... futex resumed>) = 0 [pid 5026] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... futex resumed>) = 0 [pid 5027] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5027] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5027] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5026] <... futex resumed>) = 1 [pid 5026] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5026] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... futex resumed>) = 0 [pid 5027] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5026] <... futex resumed>) = 1 [pid 5026] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] <... open resumed>) = 5 [pid 5027] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5027] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5026] <... futex resumed>) = 0 [pid 5026] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... futex resumed>) = 0 [pid 5027] ftruncate(5, 33587199) = 0 [pid 5027] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5027] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5026] <... futex resumed>) = 1 [pid 5026] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5026] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... futex resumed>) = 0 [pid 5027] sendfile(4, 5, NULL, 281474978811908 [pid 5026] <... futex resumed>) = 1 [pid 5026] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5027] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5026] <... futex resumed>) = 0 [pid 5026] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5027] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5026] <... futex resumed>) = 0 [pid 5026] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5027] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5026] <... futex resumed>) = 0 [pid 5026] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5027] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5026] <... futex resumed>) = 0 [pid 5026] exit_group(0) = ? [pid 5027] +++ exited with 0 +++ [pid 5026] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5026, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 [ 47.275845][ T5027] loop0: detected capacity change from 0 to 2048 [ 47.288809][ T5028] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 47.308259][ T5027] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 47.318799][ T5027] Remounting filesystem read-only [ 47.356330][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 47.365213][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 47.371974][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 47.379291][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 47.388188][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 47.397145][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 47.406262][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 47.412917][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 47.420228][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 47.427522][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 47.434802][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 47.442346][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 47.449326][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5029 ./strace-static-x86_64: Process 5029 attached [pid 5029] set_robust_list(0x555555b305e0, 24) = 0 [pid 5029] chdir("./9") = 0 [pid 5029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5029] setpgid(0, 0) = 0 [pid 5029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5029] write(3, "1000", 4) = 4 [pid 5029] close(3) = 0 [pid 5029] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5029] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5029] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5029] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5030 attached , parent_tid=[5030], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5030 [pid 5029] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] set_robust_list(0x7f2af5ba99e0, 24 [pid 5029] <... futex resumed>) = 0 [pid 5030] <... set_robust_list resumed>) = 0 [pid 5029] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5030] memfd_create("syzkaller", 0) = 3 [pid 5030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5030] munmap(0x7f2aed789000, 1048576) = 0 [pid 5030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 47.456684][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 47.465518][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 47.474390][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5030] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5030] close(3) = 0 [pid 5030] mkdir("./file2", 0777) = 0 [pid 5030] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5030] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5030] chdir("./file2") = 0 [pid 5030] ioctl(4, LOOP_CLR_FD) = 0 [pid 5030] close(4) = 0 [pid 5030] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5029] <... futex resumed>) = 0 [pid 5030] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5029] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5029] <... futex resumed>) = 0 [pid 5030] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5029] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5030] <... open resumed>) = 4 [pid 5030] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5029] <... futex resumed>) = 0 [pid 5030] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5029] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5029] <... futex resumed>) = 0 [pid 5030] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5029] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5030] <... open resumed>) = 5 [pid 5030] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5029] <... futex resumed>) = 0 [pid 5030] ftruncate(5, 33587199 [pid 5029] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] <... ftruncate resumed>) = 0 [pid 5029] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5030] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 47.515377][ T5030] loop0: detected capacity change from 0 to 2048 [ 47.528325][ T5031] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5030] <... futex resumed>) = 0 [pid 5029] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] sendfile(4, 5, NULL, 281474978811908 [pid 5029] <... futex resumed>) = 0 [pid 5029] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5030] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5030] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... futex resumed>) = 0 [pid 5029] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5030] <... futex resumed>) = 1 [pid 5030] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5030] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... futex resumed>) = 0 [pid 5029] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5030] <... futex resumed>) = 1 [pid 5030] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5030] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... futex resumed>) = 0 [pid 5029] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5029] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5030] <... futex resumed>) = 1 [pid 5030] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5030] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... futex resumed>) = 0 [pid 5029] exit_group(0) = ? [pid 5030] <... futex resumed>) = ? [pid 5030] +++ exited with 0 +++ [pid 5029] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5029, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 [ 47.556649][ T5030] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 47.566640][ T5030] Remounting filesystem read-only [ 47.606132][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 47.614991][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 47.621723][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 47.629230][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 47.638278][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 47.647153][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 47.656174][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 47.662831][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 47.670143][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 47.677457][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 47.684735][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 47.692044][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 47.698994][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5032 ./strace-static-x86_64: Process 5032 attached [pid 5032] set_robust_list(0x555555b305e0, 24) = 0 [pid 5032] chdir("./10") = 0 [pid 5032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5032] setpgid(0, 0) = 0 [pid 5032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5032] write(3, "1000", 4) = 4 [pid 5032] close(3) = 0 [pid 5032] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5032] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5032] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5032] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5033 attached [pid 5033] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5033] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] <... clone resumed>, parent_tid=[5033], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5033 [pid 5032] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5033] <... futex resumed>) = 0 [pid 5032] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5033] memfd_create("syzkaller", 0) = 3 [pid 5033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5033] munmap(0x7f2aed789000, 1048576) = 0 [pid 5033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 47.706299][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 47.715145][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 47.724102][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5033] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5033] close(3) = 0 [pid 5033] mkdir("./file2", 0777) = 0 [pid 5033] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5033] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5033] chdir("./file2") = 0 [pid 5033] ioctl(4, LOOP_CLR_FD) = 0 [pid 5033] close(4) = 0 [pid 5033] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = 0 [pid 5032] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] <... futex resumed>) = 1 [pid 5033] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5033] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = 0 [pid 5032] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] <... futex resumed>) = 1 [pid 5033] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5033] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = 0 [pid 5032] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] <... futex resumed>) = 1 [pid 5033] ftruncate(5, 33587199) = 0 [pid 5033] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = 0 [pid 5032] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] <... futex resumed>) = 1 [ 47.772194][ T5033] loop0: detected capacity change from 0 to 2048 [ 47.784666][ T5034] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5033] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5033] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] <... futex resumed>) = 0 [pid 5033] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5032] <... futex resumed>) = 0 [pid 5032] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5033] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = 0 [pid 5033] <... futex resumed>) = 1 [pid 5032] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5032] <... futex resumed>) = 0 [pid 5032] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5033] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] <... futex resumed>) = 0 [pid 5033] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5032] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5032] <... futex resumed>) = 0 [pid 5033] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5033] <... futex resumed>) = 0 [pid 5033] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] exit_group(0) = ? [pid 5033] <... futex resumed>) = ? [pid 5033] +++ exited with 0 +++ [pid 5032] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5032, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 [ 47.815607][ T5033] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 47.825834][ T5033] Remounting filesystem read-only [ 47.851751][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 47.860839][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 47.867538][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 47.874829][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 47.883709][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 47.892573][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 47.901712][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 47.908436][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 47.915922][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 47.923281][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 47.930591][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 47.937902][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 47.944812][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 47.952103][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5035 ./strace-static-x86_64: Process 5035 attached [pid 5035] set_robust_list(0x555555b305e0, 24) = 0 [pid 5035] chdir("./11") = 0 [pid 5035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5035] setpgid(0, 0) = 0 [pid 5035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5035] write(3, "1000", 4) = 4 [pid 5035] close(3) = 0 [pid 5035] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5035] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5035] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5035] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5036 attached [pid 5036] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5035] <... clone resumed>, parent_tid=[5036], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5036 [pid 5036] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5035] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] <... futex resumed>) = 0 [pid 5035] <... futex resumed>) = 1 [pid 5035] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5036] memfd_create("syzkaller", 0) = 3 [pid 5036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5036] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5036] munmap(0x7f2aed789000, 1048576) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 47.960963][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 47.969902][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5036] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5036] close(3) = 0 [pid 5036] mkdir("./file2", 0777) = 0 [pid 5036] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5036] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5036] chdir("./file2") = 0 [pid 5036] ioctl(4, LOOP_CLR_FD) = 0 [pid 5036] close(4) = 0 [pid 5036] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5036] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5035] <... futex resumed>) = 0 [pid 5035] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5035] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5036] <... futex resumed>) = 0 [pid 5036] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5036] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5035] <... futex resumed>) = 0 [pid 5035] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5036] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5036] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5035] <... futex resumed>) = 0 [pid 5035] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5036] ftruncate(5, 33587199) = 0 [pid 5036] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5035] <... futex resumed>) = 0 [pid 5035] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 48.022898][ T5036] loop0: detected capacity change from 0 to 2048 [ 48.034823][ T5037] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5036] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5036] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5035] <... futex resumed>) = 0 [pid 5035] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5036] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5036] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5035] <... futex resumed>) = 0 [pid 5035] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5036] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5036] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5035] <... futex resumed>) = 0 [pid 5035] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5036] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5036] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5035] <... futex resumed>) = 0 [pid 5035] exit_group(0) = ? [pid 5036] +++ exited with 0 +++ [pid 5035] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5035, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 [ 48.064622][ T5036] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 48.074673][ T5036] Remounting filesystem read-only [ 48.092921][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 48.101899][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 48.108618][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 48.115919][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 48.124745][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 48.133706][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 48.142742][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 48.149779][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 48.157109][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 48.164404][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 48.171731][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 48.179037][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 48.185981][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 48.193256][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 48.202124][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5038 ./strace-static-x86_64: Process 5038 attached [pid 5038] set_robust_list(0x555555b305e0, 24) = 0 [pid 5038] chdir("./12") = 0 [pid 5038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5038] setpgid(0, 0) = 0 [pid 5038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 48.210978][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5038] write(3, "1000", 4) = 4 [pid 5038] close(3) = 0 [pid 5038] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5038] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5038] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5038] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5039 attached [pid 5039] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5039] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] <... clone resumed>, parent_tid=[5039], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5039 [pid 5038] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5039] memfd_create("syzkaller", 0) = 3 [pid 5039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5038] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5039] munmap(0x7f2aed789000, 1048576) = 0 [pid 5039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5039] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5039] close(3) = 0 [pid 5039] mkdir("./file2", 0777) = 0 [pid 5039] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5039] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5039] chdir("./file2") = 0 [pid 5039] ioctl(4, LOOP_CLR_FD) = 0 [pid 5039] close(4) = 0 [pid 5039] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] <... futex resumed>) = 0 [pid 5038] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 0 [pid 5038] <... futex resumed>) = 1 [pid 5039] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5038] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] <... open resumed>) = 4 [pid 5039] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] <... futex resumed>) = 0 [pid 5038] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 0 [pid 5038] <... futex resumed>) = 1 [pid 5039] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5038] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] <... open resumed>) = 5 [pid 5039] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... futex resumed>) = 0 [pid 5038] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 1 [pid 5038] <... futex resumed>) = 0 [pid 5039] ftruncate(5, 33587199 [pid 5038] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] <... ftruncate resumed>) = 0 [pid 5039] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5038] <... futex resumed>) = 0 [pid 5039] sendfile(4, 5, NULL, 281474978811908 [pid 5038] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 48.273137][ T5039] loop0: detected capacity change from 0 to 2048 [ 48.286330][ T5040] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 48.311149][ T5039] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [pid 5038] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5039] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... futex resumed>) = 0 [pid 5038] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] <... futex resumed>) = 1 [pid 5039] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5039] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... futex resumed>) = 0 [pid 5038] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] <... futex resumed>) = 1 [pid 5039] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5039] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5038] <... futex resumed>) = 0 [pid 5038] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5039] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5038] <... futex resumed>) = 0 [pid 5039] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] exit_group(0) = ? [pid 5039] <... futex resumed>) = ? [pid 5039] +++ exited with 0 +++ [pid 5038] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5038, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 [ 48.321343][ T5039] Remounting filesystem read-only [ 48.356172][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 48.365031][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 48.371747][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 48.379139][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 48.388014][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 48.397082][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 48.406087][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 48.412768][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 48.420084][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 48.427376][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 48.434631][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 48.441927][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 48.448878][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5041 ./strace-static-x86_64: Process 5041 attached [pid 5041] set_robust_list(0x555555b305e0, 24) = 0 [pid 5041] chdir("./13") = 0 [pid 5041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5041] setpgid(0, 0) = 0 [pid 5041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5041] write(3, "1000", 4) = 4 [pid 5041] close(3) = 0 [pid 5041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5041] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5041] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5041] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5042], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5042 [pid 5041] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5042 attached [pid 5042] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5042] memfd_create("syzkaller", 0) = 3 [pid 5042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5042] munmap(0x7f2aed789000, 1048576) = 0 [pid 5042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 48.456172][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 48.465026][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 48.473890][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5042] close(3) = 0 [pid 5042] mkdir("./file2", 0777) = 0 [pid 5042] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5042] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5042] chdir("./file2") = 0 [pid 5042] ioctl(4, LOOP_CLR_FD) = 0 [pid 5042] close(4) = 0 [pid 5042] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] <... futex resumed>) = 0 [pid 5041] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5042] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] <... futex resumed>) = 0 [pid 5041] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5042] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] <... futex resumed>) = 0 [pid 5041] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] ftruncate(5, 33587199) = 0 [pid 5042] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] <... futex resumed>) = 0 [pid 5041] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5042] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... futex resumed>) = 0 [pid 5041] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] <... futex resumed>) = 1 [pid 5042] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5042] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5041] <... futex resumed>) = 0 [pid 5041] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5042] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... futex resumed>) = 0 [pid 5041] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5042] <... futex resumed>) = 1 [pid 5042] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5042] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... futex resumed>) = 0 [pid 5041] exit_group(0) = ? [pid 5042] <... futex resumed>) = ? [pid 5042] +++ exited with 0 +++ [pid 5041] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5041, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 [ 48.521554][ T5042] loop0: detected capacity change from 0 to 2048 [ 48.534256][ T5043] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 48.541727][ T5042] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 48.557421][ T5042] Remounting filesystem read-only [ 48.576364][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 48.585237][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 48.592070][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 48.599482][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 48.608375][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 48.617245][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 48.626258][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 48.632935][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 48.640259][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 48.647588][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 48.654868][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 48.662393][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 48.669384][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5044 attached , child_tidptr=0x555555b305d0) = 5044 [pid 5044] set_robust_list(0x555555b305e0, 24) = 0 [pid 5044] chdir("./14") = 0 [pid 5044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5044] setpgid(0, 0) = 0 [pid 5044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5044] write(3, "1000", 4) = 4 [pid 5044] close(3) = 0 [pid 5044] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5044] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5044] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5044] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5045 attached , parent_tid=[5045], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5045 [pid 5045] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5045] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5045] <... futex resumed>) = 0 [pid 5044] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5045] memfd_create("syzkaller", 0) = 3 [pid 5045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5045] munmap(0x7f2aed789000, 1048576) = 0 [pid 5045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 48.676684][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 48.685506][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 48.694434][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5045] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5045] close(3) = 0 [pid 5045] mkdir("./file2", 0777) = 0 [pid 5045] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5045] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5045] chdir("./file2") = 0 [pid 5045] ioctl(4, LOOP_CLR_FD) = 0 [pid 5045] close(4) = 0 [pid 5045] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5045] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5044] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... open resumed>) = 4 [pid 5044] <... futex resumed>) = 0 [pid 5044] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5045] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5044] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... open resumed>) = 5 [pid 5044] <... futex resumed>) = 0 [pid 5044] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] <... futex resumed>) = 0 [pid 5045] ftruncate(5, 33587199 [pid 5044] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... ftruncate resumed>) = 0 [pid 5044] <... futex resumed>) = 0 [pid 5045] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... futex resumed>) = 0 [pid 5044] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5045] sendfile(4, 5, NULL, 281474978811908 [pid 5044] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 48.747430][ T5045] loop0: detected capacity change from 0 to 2048 [ 48.769415][ T5046] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 48.787614][ T5045] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [pid 5044] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5045] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5044] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... futex resumed>) = 1 [pid 5045] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5045] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5044] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... futex resumed>) = 1 [pid 5045] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5045] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5044] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5045] <... futex resumed>) = 1 [pid 5045] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5045] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5044] exit_group(0) = ? [pid 5045] <... futex resumed>) = ? [pid 5045] +++ exited with 0 +++ [pid 5044] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5044, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 [ 48.800441][ T5045] Remounting filesystem read-only [ 48.816976][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 48.825984][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 48.832637][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 48.839939][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 48.848913][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 48.857787][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 48.867106][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 48.873765][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 48.881133][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 48.888447][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5047 attached , child_tidptr=0x555555b305d0) = 5047 [pid 5047] set_robust_list(0x555555b305e0, 24) = 0 [pid 5047] chdir("./15") = 0 [pid 5047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5047] setpgid(0, 0) = 0 [pid 5047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5047] write(3, "1000", 4) = 4 [pid 5047] close(3) = 0 [pid 5047] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5047] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5047] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5047] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5048 attached , parent_tid=[5048], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5048 [pid 5048] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5048] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5048] <... futex resumed>) = 0 [pid 5047] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5048] memfd_create("syzkaller", 0) = 3 [ 48.895774][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 48.903055][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 48.910004][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 48.917301][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 48.926156][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 48.935000][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5048] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5048] munmap(0x7f2aed789000, 1048576) = 0 [pid 5048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5048] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5048] close(3) = 0 [pid 5048] mkdir("./file2", 0777) = 0 [pid 5048] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5048] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5048] chdir("./file2") = 0 [pid 5048] ioctl(4, LOOP_CLR_FD) = 0 [pid 5048] close(4) = 0 [pid 5048] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5048] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5048] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] <... futex resumed>) = 0 [pid 5048] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5048] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] ftruncate(5, 33587199 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] <... ftruncate resumed>) = 0 [ 48.991158][ T5048] loop0: detected capacity change from 0 to 2048 [ 49.003796][ T5049] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5048] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5048] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5047] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] sendfile(4, 5, NULL, 281474978811908 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5048] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5048] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5048] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5047] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5048] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5047] <... futex resumed>) = 0 [pid 5047] exit_group(0) = ? [pid 5048] +++ exited with 0 +++ [pid 5047] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5047, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 [ 49.039269][ T5048] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 49.049652][ T5048] Remounting filesystem read-only [ 49.067335][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 49.076230][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 49.082882][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 49.090179][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 49.099050][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 49.107930][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 49.116998][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 49.123673][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 49.130974][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 49.138291][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 49.145569][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 49.152874][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 49.159823][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 49.167117][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 49.175974][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5050 ./strace-static-x86_64: Process 5050 attached [pid 5050] set_robust_list(0x555555b305e0, 24) = 0 [pid 5050] chdir("./16") = 0 [pid 5050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5050] setpgid(0, 0) = 0 [pid 5050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5050] write(3, "1000", 4) = 4 [ 49.184816][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5050] close(3) = 0 [pid 5050] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5050] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5050] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5050] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5051 attached [pid 5051] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5051] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5050] <... clone resumed>, parent_tid=[5051], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5051 [pid 5050] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5051] <... futex resumed>) = 0 [pid 5050] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5051] memfd_create("syzkaller", 0) = 3 [pid 5051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5051] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5051] munmap(0x7f2aed789000, 1048576) = 0 [pid 5051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5051] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5051] close(3) = 0 [pid 5051] mkdir("./file2", 0777) = 0 [pid 5051] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5051] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5051] chdir("./file2") = 0 [pid 5051] ioctl(4, LOOP_CLR_FD) = 0 [pid 5051] close(4) = 0 [pid 5051] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5051] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5051] <... futex resumed>) = 0 [pid 5051] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5050] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] <... open resumed>) = 4 [pid 5051] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] <... futex resumed>) = 1 [pid 5051] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5051] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] <... futex resumed>) = 1 [pid 5051] ftruncate(5, 33587199) = 0 [pid 5051] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] <... futex resumed>) = 1 [pid 5051] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5051] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5051] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5051] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5050] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5051] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5050] exit_group(0) = ? [pid 5051] +++ exited with 0 +++ [pid 5050] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5050, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 [ 49.246811][ T5051] loop0: detected capacity change from 0 to 2048 [ 49.259496][ T5052] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 49.281469][ T5051] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 49.291727][ T5051] Remounting filesystem read-only [ 49.310626][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 49.319523][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 49.326267][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 49.333541][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 49.342524][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 49.351387][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 49.360496][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 49.367195][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 49.374463][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 49.381763][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 49.389076][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 49.396401][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 49.403342][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5053 ./strace-static-x86_64: Process 5053 attached [pid 5053] set_robust_list(0x555555b305e0, 24) = 0 [pid 5053] chdir("./17") = 0 [pid 5053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5053] setpgid(0, 0) = 0 [pid 5053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5053] write(3, "1000", 4) = 4 [pid 5053] close(3) = 0 [pid 5053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5053] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5053] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5053] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5054 attached [pid 5054] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5054] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] <... clone resumed>, parent_tid=[5054], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5054 [pid 5053] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5053] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5054] memfd_create("syzkaller", 0) = 3 [pid 5054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5054] munmap(0x7f2aed789000, 1048576) = 0 [pid 5054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 49.410652][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 49.419511][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 49.428374][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5054] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5054] close(3) = 0 [pid 5054] mkdir("./file2", 0777) = 0 [pid 5054] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5054] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5054] chdir("./file2") = 0 [pid 5054] ioctl(4, LOOP_CLR_FD) = 0 [pid 5054] close(4) = 0 [pid 5054] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5054] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5054] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5054] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5054] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5053] <... futex resumed>) = 0 [pid 5054] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5053] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... open resumed>) = 5 [pid 5054] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5054] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5053] <... futex resumed>) = 0 [pid 5054] ftruncate(5, 33587199 [pid 5053] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... ftruncate resumed>) = 0 [pid 5054] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5054] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5053] <... futex resumed>) = 0 [pid 5054] sendfile(4, 5, NULL, 281474978811908 [ 49.474321][ T5054] loop0: detected capacity change from 0 to 2048 [ 49.487393][ T5055] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5053] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5054] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5053] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... futex resumed>) = 1 [pid 5054] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5054] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] <... futex resumed>) = 0 [pid 5054] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5053] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5053] <... futex resumed>) = 0 [pid 5054] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... futex resumed>) = 0 [pid 5053] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5054] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5053] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5053] <... futex resumed>) = 0 [pid 5054] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... futex resumed>) = 0 [pid 5053] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5054] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5053] exit_group(0 [pid 5054] <... futex resumed>) = ? [pid 5053] <... exit_group resumed>) = ? [pid 5054] +++ exited with 0 +++ [pid 5053] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5053, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 [ 49.515016][ T5054] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 49.525699][ T5054] Remounting filesystem read-only [ 49.540742][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 49.549721][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 49.556425][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 49.563704][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 49.572654][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 49.581515][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 49.590614][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 49.597313][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 49.604572][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 49.611859][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 49.619182][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 49.626498][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 49.633436][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 49.640759][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 49.649630][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 umount2("./17/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5056 attached [pid 5056] set_robust_list(0x555555b305e0, 24) = 0 [pid 4999] <... clone resumed>, child_tidptr=0x555555b305d0) = 5056 [pid 5056] chdir("./18") = 0 [pid 5056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5056] setpgid(0, 0) = 0 [pid 5056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5056] write(3, "1000", 4) = 4 [pid 5056] close(3) = 0 [pid 5056] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5056] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 49.658505][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5056] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5056] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5057], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5057 [pid 5056] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5057 attached [pid 5057] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5057] memfd_create("syzkaller", 0) = 3 [pid 5057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5057] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5057] munmap(0x7f2aed789000, 1048576) = 0 [pid 5057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5057] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5057] close(3) = 0 [pid 5057] mkdir("./file2", 0777) = 0 [pid 5057] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5057] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5057] chdir("./file2") = 0 [pid 5057] ioctl(4, LOOP_CLR_FD) = 0 [pid 5057] close(4) = 0 [pid 5057] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... futex resumed>) = 1 [pid 5057] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5057] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... futex resumed>) = 1 [pid 5057] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5057] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... futex resumed>) = 1 [pid 5057] ftruncate(5, 33587199) = 0 [pid 5057] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... futex resumed>) = 1 [pid 5057] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5057] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5057] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5057] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5057] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5056] exit_group(0) = ? [pid 5057] +++ exited with 0 +++ [pid 5056] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5056, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 [ 49.719248][ T5057] loop0: detected capacity change from 0 to 2048 [ 49.731400][ T5058] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 49.748529][ T5057] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 49.758830][ T5057] Remounting filesystem read-only [ 49.796126][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 49.804985][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 49.811709][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 49.819111][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 49.827973][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 49.836839][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 49.845867][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 49.852521][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 49.859830][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 49.867150][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 49.874431][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 49.881773][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 49.888735][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./18/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5059 ./strace-static-x86_64: Process 5059 attached [pid 5059] set_robust_list(0x555555b305e0, 24) = 0 [pid 5059] chdir("./19") = 0 [pid 5059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5059] setpgid(0, 0) = 0 [pid 5059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5059] write(3, "1000", 4) = 4 [pid 5059] close(3) = 0 [pid 5059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5059] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5059] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5059] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5060], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5060 [pid 5059] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5060 attached [pid 5060] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5060] memfd_create("syzkaller", 0) = 3 [pid 5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5060] munmap(0x7f2aed789000, 1048576) = 0 [pid 5060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 49.896127][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 49.904968][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 49.913837][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5060] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5060] close(3) = 0 [pid 5060] mkdir("./file2", 0777) = 0 [pid 5060] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5060] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5060] chdir("./file2") = 0 [pid 5060] ioctl(4, LOOP_CLR_FD) = 0 [pid 5060] close(4) = 0 [pid 5060] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5060] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... futex resumed>) = 1 [pid 5060] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5060] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... futex resumed>) = 1 [pid 5060] ftruncate(5, 33587199) = 0 [pid 5060] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... futex resumed>) = 1 [pid 5060] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5060] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5060] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5060] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5059] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5060] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5059] exit_group(0) = ? [pid 5060] +++ exited with 0 +++ [pid 5059] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5059, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 49.965157][ T5060] loop0: detected capacity change from 0 to 2048 [ 49.977355][ T5061] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 49.991162][ T5060] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 50.003256][ T5060] Remounting filesystem read-only unlink("./19/binderfs") = 0 [ 50.052620][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 50.061528][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 50.069015][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 50.076580][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 50.085404][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 50.094293][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 50.103264][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 50.109977][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 50.117304][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 50.124592][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 50.132069][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 50.139487][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 umount2("./19/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5062 ./strace-static-x86_64: Process 5062 attached [pid 5062] set_robust_list(0x555555b305e0, 24) = 0 [pid 5062] chdir("./20") = 0 [pid 5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5062] setpgid(0, 0) = 0 [pid 5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5062] write(3, "1000", 4) = 4 [pid 5062] close(3) = 0 [pid 5062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5062] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5062] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5062] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5063 attached , parent_tid=[5063], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5063 [pid 5063] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5063] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] <... futex resumed>) = 0 [pid 5063] memfd_create("syzkaller", 0) = 3 [pid 5062] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5063] munmap(0x7f2aed789000, 1048576) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 50.146461][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 50.153738][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 50.162611][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 50.171489][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5063] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5063] close(3) = 0 [pid 5063] mkdir("./file2", 0777) = 0 [pid 5063] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5063] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5063] chdir("./file2") = 0 [pid 5063] ioctl(4, LOOP_CLR_FD) = 0 [pid 5063] close(4) = 0 [pid 5063] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5063] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5063] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5063] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = 0 [pid 5062] <... futex resumed>) = 1 [pid 5063] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5062] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... open resumed>) = 5 [pid 5063] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5063] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] <... futex resumed>) = 0 [pid 5063] ftruncate(5, 33587199 [pid 5062] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... ftruncate resumed>) = 0 [pid 5063] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5063] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] <... futex resumed>) = 0 [ 50.218065][ T5063] loop0: detected capacity change from 0 to 2048 [ 50.230631][ T5064] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 50.246736][ T27] kauditd_printk_skb: 30 callbacks suppressed [pid 5063] sendfile(4, 5, NULL, 281474978811908 [pid 5062] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5063] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5063] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5063] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5063] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5062] exit_group(0) = ? [pid 5063] +++ exited with 0 +++ [pid 5062] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5062, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 [ 50.246746][ T27] audit: type=1800 audit(1687313634.758:42): pid=5063 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 50.267801][ T5063] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 50.273810][ T27] audit: type=1800 audit(1687313634.768:43): pid=5063 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 50.284229][ T5063] Remounting filesystem read-only [ 50.322380][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 50.331251][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 50.338183][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 50.345458][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 50.354347][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 50.363223][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 50.372289][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 50.378997][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 50.386695][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 50.393954][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 50.401268][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 50.408645][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 50.415577][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./20/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5065 ./strace-static-x86_64: Process 5065 attached [pid 5065] set_robust_list(0x555555b305e0, 24) = 0 [pid 5065] chdir("./21") = 0 [pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] setpgid(0, 0) = 0 [pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] write(3, "1000", 4) = 4 [pid 5065] close(3) = 0 [pid 5065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5065] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5065] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5065] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5066 attached , parent_tid=[5066], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5066 [pid 5066] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5066] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5066] memfd_create("syzkaller", 0 [pid 5065] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5066] <... memfd_create resumed>) = 3 [pid 5066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5066] munmap(0x7f2aed789000, 1048576) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 50.422883][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 50.431754][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 50.440618][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5066] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5066] close(3) = 0 [pid 5066] mkdir("./file2", 0777) = 0 [pid 5066] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5066] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5066] chdir("./file2") = 0 [pid 5066] ioctl(4, LOOP_CLR_FD) = 0 [pid 5066] close(4) = 0 [pid 5066] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5065] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5066] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... futex resumed>) = 0 [pid 5065] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] <... futex resumed>) = 1 [pid 5066] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5066] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... futex resumed>) = 0 [pid 5065] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] <... futex resumed>) = 1 [pid 5066] ftruncate(5, 33587199) = 0 [pid 5066] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... futex resumed>) = 0 [pid 5065] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] <... futex resumed>) = 1 [ 50.476558][ T5066] loop0: detected capacity change from 0 to 2048 [ 50.488075][ T5067] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5066] sendfile(4, 5, NULL, 281474978811908 [pid 5065] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5065] futex(0x7f2af5c837bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5066] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5065] <... mmap resumed>) = 0x7f2aed868000 [pid 5065] mprotect(0x7f2aed869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5065] clone(child_stack=0x7f2aed8883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5068 attached , parent_tid=[5068], tls=0x7f2aed888700, child_tidptr=0x7f2aed8889d0) = 5068 [pid 5065] futex(0x7f2af5c837b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] set_robust_list(0x7f2aed8889e0, 24 [pid 5065] futex(0x7f2af5c837bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] <... set_robust_list resumed>) = 0 [pid 5068] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5068] futex(0x7f2af5c837bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... futex resumed>) = 0 [pid 5065] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] <... futex resumed>) = 0 [pid 5066] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5066] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... futex resumed>) = 0 [pid 5065] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5065] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] <... futex resumed>) = 1 [pid 5066] <... futex resumed>) = 1 [pid 5068] futex(0x7f2af5c837b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5066] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5065] <... futex resumed>) = 0 [pid 5065] exit_group(0) = ? [pid 5068] <... futex resumed>) = ? [pid 5066] +++ exited with 0 +++ [pid 5068] +++ exited with 0 +++ [pid 5065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5065, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 [ 50.509113][ T27] audit: type=1800 audit(1687313635.018:44): pid=5066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 50.514917][ T5066] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 50.530040][ T27] audit: type=1800 audit(1687313635.018:45): pid=5066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 50.539950][ T5066] Remounting filesystem read-only [ 50.578940][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 50.587839][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 50.594489][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 50.601828][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 50.610709][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 50.619578][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 50.628555][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 50.635209][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 50.642517][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 50.649804][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 50.657095][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 50.664375][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 50.671316][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./21/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5069 ./strace-static-x86_64: Process 5069 attached [pid 5069] set_robust_list(0x555555b305e0, 24) = 0 [pid 5069] chdir("./22") = 0 [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] setpgid(0, 0) = 0 [pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1000", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5069] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5069] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5069] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5070], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5070 [pid 5069] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5070 attached [pid 5070] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5070] memfd_create("syzkaller", 0) = 3 [pid 5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5070] munmap(0x7f2aed789000, 1048576) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 50.678649][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 50.687521][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 50.696392][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5070] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5070] close(3) = 0 [pid 5070] mkdir("./file2", 0777) = 0 [pid 5070] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5070] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5070] chdir("./file2") = 0 [pid 5070] ioctl(4, LOOP_CLR_FD) = 0 [pid 5070] close(4) = 0 [pid 5070] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5070] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5070] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5069] <... futex resumed>) = 0 [pid 5070] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5069] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... open resumed>) = 5 [pid 5070] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 50.747043][ T5070] loop0: detected capacity change from 0 to 2048 [ 50.760183][ T5071] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 50.770151][ T27] audit: type=1800 audit(1687313635.268:46): pid=5070 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="file2" dev="loop0" ino=16 res=0 errno=0 [pid 5070] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... futex resumed>) = 0 [pid 5070] ftruncate(5, 33587199) = 0 [pid 5070] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... futex resumed>) = 1 [pid 5070] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5070] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5070] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5070] <... futex resumed>) = 1 [pid 5069] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5069] <... futex resumed>) = 0 [pid 5070] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5069] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5070] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5069] exit_group(0) = ? [pid 5070] +++ exited with 0 +++ [pid 5069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5069, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 [ 50.797307][ T27] audit: type=1800 audit(1687313635.308:47): pid=5070 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 50.801513][ T5070] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 50.828512][ T5070] Remounting filesystem read-only [ 50.845533][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 50.854508][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 50.861280][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 50.868574][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 50.877448][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 50.886306][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 50.895219][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 50.901913][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 50.909202][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 50.916629][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 50.923996][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 50.931314][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 50.938537][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./22/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5072 attached [pid 5072] set_robust_list(0x555555b305e0, 24) = 0 [pid 4999] <... clone resumed>, child_tidptr=0x555555b305d0) = 5072 [pid 5072] chdir("./23") = 0 [pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5072] setpgid(0, 0) = 0 [pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5072] write(3, "1000", 4) = 4 [pid 5072] close(3) = 0 [pid 5072] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5072] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5072] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5072] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5073], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5073 [pid 5072] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5073 attached [pid 5073] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5073] memfd_create("syzkaller", 0) = 3 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [ 50.945848][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 50.954701][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 50.963615][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5073] munmap(0x7f2aed789000, 1048576) = 0 [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5073] close(3) = 0 [pid 5073] mkdir("./file2", 0777) = 0 [pid 5073] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5073] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5073] chdir("./file2") = 0 [pid 5073] ioctl(4, LOOP_CLR_FD) = 0 [pid 5073] close(4) = 0 [pid 5073] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = 0 [ 51.017180][ T5073] loop0: detected capacity change from 0 to 2048 [ 51.029547][ T5074] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 51.045648][ T27] audit: type=1800 audit(1687313635.548:48): pid=5073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="file2" dev="loop0" ino=16 res=0 errno=0 [pid 5073] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5073] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = 1 [pid 5073] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5073] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = 1 [pid 5073] ftruncate(5, 33587199) = 0 [pid 5073] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = 1 [pid 5073] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5073] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = 1 [pid 5073] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5073] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5073] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5073] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5072] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5073] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5073] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] exit_group(0) = ? [pid 5073] <... futex resumed>) = ? [pid 5073] +++ exited with 0 +++ [pid 5072] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5072, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 [ 51.059048][ T5073] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 51.076613][ T27] audit: type=1800 audit(1687313635.568:49): pid=5073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 51.076796][ T5073] Remounting filesystem read-only [ 51.113977][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 51.123022][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 51.129856][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 51.137188][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 51.146046][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 51.154868][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 51.163897][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 51.171044][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 51.178383][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 51.185726][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 51.193013][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 51.200345][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 51.207328][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./23/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5075 attached [pid 5075] set_robust_list(0x555555b305e0, 24) = 0 [pid 5075] chdir("./24") = 0 [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4999] <... clone resumed>, child_tidptr=0x555555b305d0) = 5075 [pid 5075] setpgid(0, 0) = 0 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1000", 4) = 4 [pid 5075] close(3) = 0 [ 51.214614][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 51.223509][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 51.232369][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5075] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5075] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5075] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5075] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5076], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5076 [pid 5075] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5076 attached [pid 5076] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5076] memfd_create("syzkaller", 0) = 3 [pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5076] munmap(0x7f2aed789000, 1048576) = 0 [pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5076] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5076] close(3) = 0 [pid 5076] mkdir("./file2", 0777) = 0 [pid 5076] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5076] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5076] chdir("./file2") = 0 [pid 5076] ioctl(4, LOOP_CLR_FD) = 0 [pid 5076] close(4) = 0 [pid 5076] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5076] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5076] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] ftruncate(5, 33587199) = 0 [pid 5076] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... futex resumed>) = 1 [ 51.296054][ T5076] loop0: detected capacity change from 0 to 2048 [ 51.307164][ T5077] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 51.312722][ T5076] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [pid 5076] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5076] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5076] <... futex resumed>) = 0 [pid 5075] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000 [pid 5075] <... futex resumed>) = 0 [pid 5076] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5075] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5076] <... futex resumed>) = 0 [pid 5075] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5075] <... futex resumed>) = 0 [pid 5076] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5076] <... futex resumed>) = 0 [pid 5075] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5075] <... futex resumed>) = 0 [pid 5076] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5076] <... futex resumed>) = 0 [pid 5075] exit_group(0) = ? [pid 5076] +++ exited with 0 +++ [pid 5075] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 [ 51.327502][ T27] audit: type=1800 audit(1687313635.818:50): pid=5076 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 51.349066][ T5076] Remounting filesystem read-only [ 51.354310][ T27] audit: type=1800 audit(1687313635.818:51): pid=5076 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 51.406081][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 51.414929][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 51.421647][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 51.429270][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 51.438137][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 51.447003][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 51.456044][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 51.462729][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 51.470065][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 51.477360][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 51.484621][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 51.491931][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 51.498880][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./24/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5078 ./strace-static-x86_64: Process 5078 attached [pid 5078] set_robust_list(0x555555b305e0, 24) = 0 [pid 5078] chdir("./25") = 0 [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5078] setpgid(0, 0) = 0 [pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5078] write(3, "1000", 4) = 4 [pid 5078] close(3) = 0 [pid 5078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5078] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5078] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5078] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5079 attached [pid 5079] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5079] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] <... clone resumed>, parent_tid=[5079], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5079 [pid 5078] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5078] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5079] memfd_create("syzkaller", 0) = 3 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5079] munmap(0x7f2aed789000, 1048576) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 51.506183][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 51.515024][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 51.523887][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5079] close(3) = 0 [pid 5079] mkdir("./file2", 0777) = 0 [pid 5079] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5079] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5079] chdir("./file2") = 0 [pid 5079] ioctl(4, LOOP_CLR_FD) = 0 [pid 5079] close(4) = 0 [pid 5079] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5079] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5078] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... open resumed>) = 5 [pid 5079] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] ftruncate(5, 33587199 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... ftruncate resumed>) = 0 [pid 5079] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] sendfile(4, 5, NULL, 281474978811908 [pid 5078] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5079] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5079] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5079] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5079] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] exit_group(0) = ? [pid 5079] +++ exited with 0 +++ [pid 5078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 51.577535][ T5079] loop0: detected capacity change from 0 to 2048 [ 51.589596][ T5080] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 51.612374][ T5079] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 51.622771][ T5079] Remounting filesystem read-only getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 [ 51.640788][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 51.649882][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 51.656617][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 51.663906][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 51.672785][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 51.681641][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 51.690678][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 51.697403][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 51.704674][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 51.712170][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 51.719550][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 51.726870][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 51.733784][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./25/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x555555b305e0, 24) = 0 [pid 4999] <... clone resumed>, child_tidptr=0x555555b305d0) = 5081 [pid 5081] chdir("./26") = 0 [pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5081] setpgid(0, 0) = 0 [pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5081] write(3, "1000", 4) = 4 [pid 5081] close(3) = 0 [pid 5081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5081] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5081] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5081] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5082], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5082 [pid 5081] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5082 attached [pid 5082] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5082] memfd_create("syzkaller", 0) = 3 [pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5082] munmap(0x7f2aed789000, 1048576) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 51.741079][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 51.749931][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 51.758874][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5082] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5082] close(3) = 0 [pid 5082] mkdir("./file2", 0777) = 0 [pid 5082] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5082] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5082] chdir("./file2") = 0 [pid 5082] ioctl(4, LOOP_CLR_FD) = 0 [pid 5082] close(4) = 0 [pid 5082] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... futex resumed>) = 1 [pid 5082] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5082] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... futex resumed>) = 1 [pid 5082] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5082] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... futex resumed>) = 1 [pid 5082] ftruncate(5, 33587199) = 0 [pid 5082] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... futex resumed>) = 1 [pid 5082] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5082] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5082] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... futex resumed>) = 0 [pid 5082] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5082] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5082] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5082] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5081] exit_group(0) = ? [pid 5082] +++ exited with 0 +++ [pid 5081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 [ 51.810117][ T5082] loop0: detected capacity change from 0 to 2048 [ 51.821985][ T5083] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 51.836603][ T5082] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 51.847051][ T5082] Remounting filesystem read-only [ 51.864909][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 51.873780][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 51.880592][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 51.888068][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 51.896920][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 51.905784][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 51.914695][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 51.921401][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 51.928713][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 51.936094][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 51.943382][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 51.950711][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 51.957664][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./26/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5084 attached [pid 5084] set_robust_list(0x555555b305e0, 24) = 0 [pid 4999] <... clone resumed>, child_tidptr=0x555555b305d0) = 5084 [pid 5084] chdir("./27") = 0 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5084] setpgid(0, 0) = 0 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5084] write(3, "1000", 4) = 4 [pid 5084] close(3) = 0 [pid 5084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5084] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5084] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5084] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5085], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5085 [pid 5084] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5085 attached [pid 5085] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5085] memfd_create("syzkaller", 0) = 3 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5085] munmap(0x7f2aed789000, 1048576) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 51.964936][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 51.973841][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 51.982717][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5085] close(3) = 0 [pid 5085] mkdir("./file2", 0777) = 0 [pid 5085] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5085] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5085] chdir("./file2") = 0 [pid 5085] ioctl(4, LOOP_CLR_FD) = 0 [pid 5085] close(4) = 0 [pid 5085] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 1 [pid 5085] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5085] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 1 [pid 5085] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5085] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 1 [pid 5085] ftruncate(5, 33587199) = 0 [pid 5085] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 1 [pid 5085] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5085] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 1 [pid 5085] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5085] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 1 [pid 5085] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5085] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 1 [pid 5085] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5085] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = 0 [pid 5084] exit_group(0) = ? [pid 5085] <... futex resumed>) = ? [pid 5085] +++ exited with 0 +++ [pid 5084] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 [ 52.038431][ T5085] loop0: detected capacity change from 0 to 2048 [ 52.050630][ T5086] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 52.062187][ T5085] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 52.073269][ T5085] Remounting filesystem read-only [ 52.087319][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 52.096207][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 52.102864][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 52.110168][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 52.119040][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 52.127900][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 52.136873][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 52.143527][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 52.150820][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 52.158112][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 52.165368][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 52.172675][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 52.179643][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./27/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5087 ./strace-static-x86_64: Process 5087 attached [pid 5087] set_robust_list(0x555555b305e0, 24) = 0 [pid 5087] chdir("./28") = 0 [pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5087] setpgid(0, 0) = 0 [pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5087] write(3, "1000", 4) = 4 [pid 5087] close(3) = 0 [pid 5087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5087] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5087] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5087] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5088], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5088 [pid 5087] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5088 attached [pid 5088] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5088] memfd_create("syzkaller", 0) = 3 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [ 52.186953][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 52.195828][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 52.204687][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5088] munmap(0x7f2aed789000, 1048576) = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5088] close(3) = 0 [pid 5088] mkdir("./file2", 0777) = 0 [pid 5088] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5088] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5088] chdir("./file2") = 0 [pid 5088] ioctl(4, LOOP_CLR_FD) = 0 [pid 5088] close(4) = 0 [pid 5088] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... futex resumed>) = 1 [pid 5088] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5088] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... futex resumed>) = 1 [pid 5088] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5088] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... futex resumed>) = 1 [pid 5088] ftruncate(5, 33587199) = 0 [pid 5088] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... futex resumed>) = 1 [pid 5088] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5088] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5088] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5088] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5088] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5087] exit_group(0) = ? [pid 5088] +++ exited with 0 +++ [pid 5087] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5087, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 [ 52.255313][ T5088] loop0: detected capacity change from 0 to 2048 [ 52.268523][ T5089] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 52.281570][ T5088] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 52.291732][ T5088] Remounting filesystem read-only [ 52.309968][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 52.318965][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 52.325621][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 52.333036][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 52.341938][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 52.350807][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 52.359785][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 52.366598][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 52.373892][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 52.381188][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 52.388479][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 52.395791][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 52.402721][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./28/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5090 ./strace-static-x86_64: Process 5090 attached [pid 5090] set_robust_list(0x555555b305e0, 24) = 0 [pid 5090] chdir("./29") = 0 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5090] setpgid(0, 0) = 0 [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [pid 5090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5090] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5090] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5091], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5091 [pid 5090] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5091 attached [pid 5091] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5091] memfd_create("syzkaller", 0) = 3 [pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5091] munmap(0x7f2aed789000, 1048576) = 0 [pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 52.410014][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 52.418893][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 52.427779][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5091] close(3) = 0 [pid 5091] mkdir("./file2", 0777) = 0 [pid 5091] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5091] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5091] chdir("./file2") = 0 [pid 5091] ioctl(4, LOOP_CLR_FD) = 0 [pid 5091] close(4) = 0 [pid 5091] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 1 [pid 5091] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5091] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 1 [pid 5091] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5091] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 1 [pid 5091] ftruncate(5, 33587199) = 0 [pid 5091] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 1 [pid 5091] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5091] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5091] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5091] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5091] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5091] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] exit_group(0) = ? [pid 5091] <... futex resumed>) = ? [pid 5091] +++ exited with 0 +++ [pid 5090] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 [ 52.476065][ T5091] loop0: detected capacity change from 0 to 2048 [ 52.487564][ T5092] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 52.507905][ T5091] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 52.518243][ T5091] Remounting filesystem read-only [ 52.534516][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 52.543429][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 52.550175][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 52.557590][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 52.566550][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 52.575491][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 52.584704][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 52.591421][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 52.598716][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 52.606016][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 52.613292][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 52.620601][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 52.627568][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./29/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5093 ./strace-static-x86_64: Process 5093 attached [pid 5093] set_robust_list(0x555555b305e0, 24) = 0 [pid 5093] chdir("./30") = 0 [pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5093] setpgid(0, 0) = 0 [pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "1000", 4) = 4 [pid 5093] close(3) = 0 [pid 5093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5093] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5093] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5093] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5094 attached [pid 5094] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5094] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] <... clone resumed>, parent_tid=[5094], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5094 [pid 5093] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5094] memfd_create("syzkaller", 0 [pid 5093] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5094] <... memfd_create resumed>) = 3 [pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5094] munmap(0x7f2aed789000, 1048576) = 0 [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 52.634825][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 52.643778][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 52.652729][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5094] close(3) = 0 [pid 5094] mkdir("./file2", 0777) = 0 [pid 5094] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5094] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5094] chdir("./file2") = 0 [pid 5094] ioctl(4, LOOP_CLR_FD) = 0 [pid 5094] close(4) = 0 [pid 5094] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... futex resumed>) = 1 [pid 5094] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5094] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5094] <... futex resumed>) = 1 [pid 5094] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5093] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... open resumed>) = 5 [pid 5094] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] ftruncate(5, 33587199) = 0 [pid 5094] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5094] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... futex resumed>) = 1 [pid 5094] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5094] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... futex resumed>) = 1 [pid 5094] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5094] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... futex resumed>) = 1 [pid 5094] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5094] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5094] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] exit_group(0 [pid 5094] <... futex resumed>) = ? [pid 5093] <... exit_group resumed>) = ? [pid 5094] +++ exited with 0 +++ [pid 5093] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5093, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 [ 52.696698][ T5094] loop0: detected capacity change from 0 to 2048 [ 52.708711][ T5095] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 52.731466][ T5094] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 52.741529][ T5094] Remounting filesystem read-only [ 52.755411][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 52.764581][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 52.771328][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 52.778658][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 52.787540][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 52.796430][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 52.805364][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 52.812059][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 52.819349][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 52.826641][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 52.833918][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 52.841218][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 52.848275][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./30/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5096 attached [pid 5096] set_robust_list(0x555555b305e0, 24) = 0 [pid 5096] chdir("./31") = 0 [pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5096] setpgid(0, 0) = 0 [pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 4999] <... clone resumed>, child_tidptr=0x555555b305d0) = 5096 [pid 5096] <... openat resumed>) = 3 [pid 5096] write(3, "1000", 4) = 4 [pid 5096] close(3) = 0 [pid 5096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5096] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5096] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5096] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5097], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5097 [pid 5096] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5097 attached [pid 5097] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5097] memfd_create("syzkaller", 0) = 3 [pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5097] munmap(0x7f2aed789000, 1048576) = 0 [pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 52.855542][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 52.864456][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 52.873316][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5097] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5097] close(3) = 0 [pid 5097] mkdir("./file2", 0777) = 0 [pid 5097] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5097] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5097] chdir("./file2") = 0 [pid 5097] ioctl(4, LOOP_CLR_FD) = 0 [pid 5097] close(4) = 0 [pid 5097] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] <... futex resumed>) = 0 [pid 5096] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = 0 [pid 5096] <... futex resumed>) = 1 [pid 5097] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5096] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... open resumed>) = 4 [pid 5097] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5097] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5096] <... futex resumed>) = 0 [pid 5097] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5096] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... open resumed>) = 5 [pid 5097] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5097] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5097] ftruncate(5, 33587199) = 0 [pid 5097] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5097] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5096] <... futex resumed>) = 0 [pid 5097] sendfile(4, 5, NULL, 281474978811908 [ 52.928231][ T5097] loop0: detected capacity change from 0 to 2048 [ 52.941632][ T5098] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 52.967117][ T5097] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [pid 5096] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5097] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5097] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000 [pid 5096] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5096] <... futex resumed>) = 0 [pid 5097] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... futex resumed>) = 0 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5097] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5096] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5096] <... futex resumed>) = 0 [pid 5097] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... futex resumed>) = 0 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5097] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5096] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5096] <... futex resumed>) = 0 [pid 5097] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... futex resumed>) = 0 [pid 5096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5097] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] exit_group(0) = ? [pid 5097] <... futex resumed>) = ? [pid 5097] +++ exited with 0 +++ [pid 5096] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 [ 52.977161][ T5097] Remounting filesystem read-only [ 52.996149][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 53.004997][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 53.011865][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 53.019351][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 53.028257][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 53.037327][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 53.046374][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 53.053029][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 53.060346][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 53.067771][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 umount2("./31/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5099 attached , child_tidptr=0x555555b305d0) = 5099 [pid 5099] set_robust_list(0x555555b305e0, 24) = 0 [pid 5099] chdir("./32") = 0 [pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5099] setpgid(0, 0) = 0 [pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5099] write(3, "1000", 4) = 4 [pid 5099] close(3) = 0 [pid 5099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5099] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5099] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5099] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5100 attached [ 53.075033][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 53.082339][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 53.089385][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 53.096680][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 53.105605][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 53.114475][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5100] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5100] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] <... clone resumed>, parent_tid=[5100], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5100 [pid 5099] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5099] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5100] memfd_create("syzkaller", 0) = 3 [pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5100] munmap(0x7f2aed789000, 1048576) = 0 [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5100] close(3) = 0 [pid 5100] mkdir("./file2", 0777) = 0 [pid 5100] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5100] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5100] chdir("./file2") = 0 [pid 5100] ioctl(4, LOOP_CLR_FD) = 0 [pid 5100] close(4) = 0 [pid 5100] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5099] <... futex resumed>) = 1 [pid 5100] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5099] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... open resumed>) = 4 [pid 5100] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5100] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] ftruncate(5, 33587199) = 0 [pid 5100] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 53.171054][ T5100] loop0: detected capacity change from 0 to 2048 [ 53.182962][ T5101] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 53.209169][ T5100] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [pid 5100] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5100] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... futex resumed>) = 0 [pid 5100] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5100] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... futex resumed>) = 1 [pid 5100] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5100] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... futex resumed>) = 1 [pid 5100] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5100] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5099] exit_group(0) = ? [pid 5100] <... futex resumed>) = ? [pid 5100] +++ exited with 0 +++ [pid 5099] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5099, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 [ 53.219160][ T5100] Remounting filesystem read-only [ 53.266256][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 53.275106][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 53.281815][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 53.289161][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 53.298046][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 53.306978][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 53.315991][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 53.322650][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 53.329950][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 53.337241][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 53.344499][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 53.351795][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 53.358763][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./32/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5102 attached [pid 5102] set_robust_list(0x555555b305e0, 24) = 0 [pid 4999] <... clone resumed>, child_tidptr=0x555555b305d0) = 5102 [pid 5102] chdir("./33") = 0 [pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5102] setpgid(0, 0) = 0 [pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5102] write(3, "1000", 4) = 4 [pid 5102] close(3) = 0 [pid 5102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5102] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5102] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5102] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5103], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5103 [pid 5102] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5103 attached [pid 5103] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5103] memfd_create("syzkaller", 0) = 3 [pid 5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5103] munmap(0x7f2aed789000, 1048576) = 0 [pid 5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 53.366055][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 53.374895][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 53.383749][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5103] close(3) = 0 [pid 5103] mkdir("./file2", 0777) = 0 [pid 5103] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5103] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5103] chdir("./file2") = 0 [pid 5103] ioctl(4, LOOP_CLR_FD) = 0 [pid 5103] close(4) = 0 [pid 5103] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = 0 [pid 5102] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... futex resumed>) = 1 [pid 5103] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5103] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = 0 [pid 5102] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... futex resumed>) = 1 [pid 5103] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5103] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = 0 [pid 5102] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... futex resumed>) = 1 [pid 5103] ftruncate(5, 33587199) = 0 [pid 5103] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = 0 [pid 5102] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... futex resumed>) = 1 [pid 5103] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5103] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... futex resumed>) = 0 [pid 5102] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... futex resumed>) = 0 [pid 5103] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5103] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... futex resumed>) = 0 [pid 5102] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... futex resumed>) = 0 [pid 5103] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5103] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = 0 [pid 5102] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... futex resumed>) = 1 [pid 5103] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5103] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = 0 [pid 5102] exit_group(0) = ? [pid 5103] <... futex resumed>) = ? [pid 5103] +++ exited with 0 +++ [pid 5102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5102, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./33/binderfs") = 0 [ 53.440514][ T5103] loop0: detected capacity change from 0 to 2048 [ 53.453186][ T5104] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 53.467448][ T5103] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 53.477667][ T5103] Remounting filesystem read-only [ 53.516223][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 53.525074][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 53.531795][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 53.539329][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 53.548216][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 53.557100][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 53.566138][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 53.572796][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 53.580292][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 53.587697][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 53.594973][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 53.602272][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 53.609232][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./33/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5105 ./strace-static-x86_64: Process 5105 attached [pid 5105] set_robust_list(0x555555b305e0, 24) = 0 [pid 5105] chdir("./34") = 0 [pid 5105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5105] setpgid(0, 0) = 0 [pid 5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5105] write(3, "1000", 4) = 4 [pid 5105] close(3) = 0 [pid 5105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5105] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5105] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5105] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5106], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5106 [pid 5105] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5106 attached [pid 5106] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5106] memfd_create("syzkaller", 0) = 3 [pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5106] munmap(0x7f2aed789000, 1048576) = 0 [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 53.616527][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 53.625369][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 53.634243][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5106] close(3) = 0 [pid 5106] mkdir("./file2", 0777) = 0 [pid 5106] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5106] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5106] chdir("./file2") = 0 [pid 5106] ioctl(4, LOOP_CLR_FD) = 0 [pid 5106] close(4) = 0 [pid 5106] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5106] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5105] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... open resumed>) = 5 [pid 5106] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] ftruncate(5, 33587199 [pid 5105] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... ftruncate resumed>) = 0 [pid 5106] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] sendfile(4, 5, NULL, 281474978811908 [ 53.677279][ T5106] loop0: detected capacity change from 0 to 2048 [ 53.689319][ T5107] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 53.714435][ T5106] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [pid 5105] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5106] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000 [pid 5105] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5106] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5105] <... futex resumed>) = 0 [pid 5106] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5105] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5106] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5105] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5106] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] exit_group(0) = ? [pid 5106] <... futex resumed>) = ? [pid 5106] +++ exited with 0 +++ [pid 5105] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5105, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 [ 53.726408][ T5106] Remounting filesystem read-only [ 53.776281][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 53.785155][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 53.791900][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 53.799356][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 53.808252][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 53.817114][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 53.826185][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 53.832842][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 53.840147][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 53.847459][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 53.854801][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 53.862181][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 53.869203][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./34/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./34/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5108 ./strace-static-x86_64: Process 5108 attached [pid 5108] set_robust_list(0x555555b305e0, 24) = 0 [pid 5108] chdir("./35") = 0 [pid 5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5108] setpgid(0, 0) = 0 [pid 5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5108] write(3, "1000", 4) = 4 [pid 5108] close(3) = 0 [pid 5108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5108] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5108] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5108] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5109], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5109 [pid 5108] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5109 attached [pid 5109] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5109] memfd_create("syzkaller", 0) = 3 [pid 5109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5109] munmap(0x7f2aed789000, 1048576) = 0 [pid 5109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 53.876531][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 53.885392][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 53.894321][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5109] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5109] close(3) = 0 [pid 5109] mkdir("./file2", 0777) = 0 [pid 5109] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5109] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5109] chdir("./file2") = 0 [pid 5109] ioctl(4, LOOP_CLR_FD) = 0 [pid 5109] close(4) = 0 [pid 5109] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5108] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5109] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5109] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5108] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] <... open resumed>) = 5 [pid 5109] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5109] ftruncate(5, 33587199 [pid 5108] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] <... ftruncate resumed>) = 0 [pid 5109] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5108] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] sendfile(4, 5, NULL, 281474978811908 [ 53.936289][ T5109] loop0: detected capacity change from 0 to 2048 [ 53.948163][ T5110] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 53.974462][ T5109] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [pid 5108] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5109] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5108] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5109] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5108] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5109] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5108] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5109] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5108] exit_group(0) = ? [pid 5109] +++ exited with 0 +++ [pid 5108] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5108, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./35/binderfs") = 0 [ 53.987334][ T5109] Remounting filesystem read-only [ 54.005104][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 54.014077][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 54.021098][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 54.028837][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 54.037748][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 54.046796][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 54.055957][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 54.062617][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 54.069964][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 54.077295][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 umount2("./35/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./35/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5111 ./strace-static-x86_64: Process 5111 attached [pid 5111] set_robust_list(0x555555b305e0, 24) = 0 [pid 5111] chdir("./36") = 0 [pid 5111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5111] setpgid(0, 0) = 0 [pid 5111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5111] write(3, "1000", 4) = 4 [pid 5111] close(3) = 0 [pid 5111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5111] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5111] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5111] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5112], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5112 ./strace-static-x86_64: Process 5112 attached [pid 5112] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5112] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5112] <... futex resumed>) = 0 [pid 5111] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5112] memfd_create("syzkaller", 0) = 3 [pid 5112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [ 54.084561][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 54.091885][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 54.098846][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 54.106174][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 54.115023][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 54.123912][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5112] munmap(0x7f2aed789000, 1048576) = 0 [pid 5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5112] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5112] close(3) = 0 [pid 5112] mkdir("./file2", 0777) = 0 [pid 5112] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5112] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5112] chdir("./file2") = 0 [pid 5112] ioctl(4, LOOP_CLR_FD) = 0 [pid 5112] close(4) = 0 [pid 5112] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5112] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = 0 [pid 5112] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5112] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] <... futex resumed>) = 1 [pid 5111] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5111] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = 0 [pid 5112] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5112] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] <... futex resumed>) = 1 [pid 5111] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5111] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = 0 [pid 5112] ftruncate(5, 33587199) = 0 [pid 5112] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] <... futex resumed>) = 1 [pid 5111] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5111] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = 0 [pid 5111] <... futex resumed>) = 1 [pid 5112] sendfile(4, 5, NULL, 281474978811908 [pid 5111] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5112] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5112] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... futex resumed>) = 0 [pid 5112] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5112] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... futex resumed>) = 1 [pid 5112] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5112] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... futex resumed>) = 1 [pid 5112] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5112] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5111] exit_group(0) = ? [pid 5112] <... futex resumed>) = ? [pid 5112] +++ exited with 0 +++ [pid 5111] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5111, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./36/binderfs") = 0 [ 54.173424][ T5112] loop0: detected capacity change from 0 to 2048 [ 54.186049][ T5113] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 54.206316][ T5112] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 54.216293][ T5112] Remounting filesystem read-only [ 54.236159][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 54.245011][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 54.251967][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 54.259523][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 54.268618][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 54.277505][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 54.286618][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 54.293275][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 54.300584][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 54.307964][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 54.315244][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 54.322587][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 54.329563][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./36/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./36/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5114 ./strace-static-x86_64: Process 5114 attached [pid 5114] set_robust_list(0x555555b305e0, 24) = 0 [pid 5114] chdir("./37") = 0 [pid 5114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5114] setpgid(0, 0) = 0 [pid 5114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5114] write(3, "1000", 4) = 4 [pid 5114] close(3) = 0 [pid 5114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5114] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5114] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5114] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5115], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5115 [pid 5114] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5115 attached [pid 5115] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5115] memfd_create("syzkaller", 0) = 3 [pid 5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5115] munmap(0x7f2aed789000, 1048576) = 0 [pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 54.336866][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 54.345744][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 54.354591][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5115] close(3) = 0 [pid 5115] mkdir("./file2", 0777) = 0 [pid 5115] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5115] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5115] chdir("./file2") = 0 [pid 5115] ioctl(4, LOOP_CLR_FD) = 0 [pid 5115] close(4) = 0 [pid 5115] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] <... futex resumed>) = 1 [pid 5115] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5115] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] <... futex resumed>) = 1 [pid 5115] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5115] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] <... futex resumed>) = 1 [pid 5115] ftruncate(5, 33587199) = 0 [pid 5115] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] <... futex resumed>) = 1 [pid 5115] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5115] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5115] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5115] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] <... futex resumed>) = 1 [pid 5115] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5115] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = 0 [pid 5114] exit_group(0) = ? [pid 5115] <... futex resumed>) = ? [pid 5115] +++ exited with 0 +++ [pid 5114] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5114, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./37/binderfs") = 0 [ 54.410707][ T5115] loop0: detected capacity change from 0 to 2048 [ 54.423218][ T5116] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 54.439115][ T5115] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 54.449964][ T5115] Remounting filesystem read-only [ 54.472872][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 54.481907][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 54.488627][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 54.495992][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 54.504834][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 54.513697][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 54.522778][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 54.529471][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 54.536801][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 54.544098][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 54.551414][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 54.558743][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 54.565719][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./37/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./37/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5117 ./strace-static-x86_64: Process 5117 attached [pid 5117] set_robust_list(0x555555b305e0, 24) = 0 [pid 5117] chdir("./38") = 0 [pid 5117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5117] setpgid(0, 0) = 0 [pid 5117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5117] write(3, "1000", 4) = 4 [pid 5117] close(3) = 0 [pid 5117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5117] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5117] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5117] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5118], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5118 [pid 5117] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5118 attached [pid 5118] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5118] memfd_create("syzkaller", 0) = 3 [pid 5118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5118] munmap(0x7f2aed789000, 1048576) = 0 [pid 5118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 54.572998][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 54.581857][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 54.590735][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5118] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5118] close(3) = 0 [pid 5118] mkdir("./file2", 0777) = 0 [pid 5118] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5118] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5118] chdir("./file2") = 0 [pid 5118] ioctl(4, LOOP_CLR_FD) = 0 [pid 5118] close(4) = 0 [pid 5118] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5118] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = 0 [pid 5118] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5118] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5118] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] <... futex resumed>) = 1 [pid 5117] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5117] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = 0 [pid 5118] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5117] <... futex resumed>) = 1 [pid 5118] <... open resumed>) = 5 [pid 5117] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5118] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] ftruncate(5, 33587199) = 0 [pid 5118] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5118] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = 0 [pid 5117] <... futex resumed>) = 1 [pid 5118] sendfile(4, 5, NULL, 281474978811908 [ 54.633311][ T5118] loop0: detected capacity change from 0 to 2048 [ 54.646598][ T5119] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 54.672242][ T5118] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [pid 5117] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5118] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5118] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000 [pid 5117] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5117] <... futex resumed>) = 0 [pid 5118] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... futex resumed>) = 0 [pid 5117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5118] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5117] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5117] <... futex resumed>) = 0 [pid 5118] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... futex resumed>) = 0 [pid 5117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5118] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5117] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5117] <... futex resumed>) = 0 [pid 5118] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... futex resumed>) = 0 [pid 5117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5118] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] exit_group(0 [pid 5118] <... futex resumed>) = ? [pid 5117] <... exit_group resumed>) = ? [pid 5118] +++ exited with 0 +++ [pid 5117] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5117, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./38/binderfs") = 0 [ 54.682484][ T5118] Remounting filesystem read-only [ 54.695864][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 54.704720][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 54.711641][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 54.718943][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 54.727829][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 54.736688][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 54.745632][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 54.752369][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 54.759677][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 54.766999][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 54.774303][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 umount2("./38/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./38/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5120 ./strace-static-x86_64: Process 5120 attached [pid 5120] set_robust_list(0x555555b305e0, 24) = 0 [pid 5120] chdir("./39") = 0 [pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5120] setpgid(0, 0) = 0 [pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5120] write(3, "1000", 4) = 4 [pid 5120] close(3) = 0 [pid 5120] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5120] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5120] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5120] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5121 attached [pid 5121] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5120] <... clone resumed>, parent_tid=[5121], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5121 [pid 5121] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5120] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5121] memfd_create("syzkaller", 0) = 3 [pid 5121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [ 54.781605][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 54.788587][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 54.795894][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 54.804745][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 54.813639][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5121] munmap(0x7f2aed789000, 1048576) = 0 [pid 5121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5121] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5121] close(3) = 0 [pid 5121] mkdir("./file2", 0777) = 0 [pid 5121] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5121] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5121] chdir("./file2") = 0 [pid 5121] ioctl(4, LOOP_CLR_FD) = 0 [pid 5121] close(4) = 0 [pid 5121] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5121] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5121] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5121] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5121] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5121] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5121] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5121] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5121] ftruncate(5, 33587199) = 0 [pid 5121] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 54.870605][ T5121] loop0: detected capacity change from 0 to 2048 [ 54.882686][ T5122] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5120] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5121] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5121] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000 [pid 5120] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5121] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5121] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5121] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5120] exit_group(0) = ? [pid 5121] +++ exited with 0 +++ [pid 5120] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./39/binderfs") = 0 [ 54.912131][ T5121] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 54.922186][ T5121] Remounting filesystem read-only [ 54.937301][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 54.946278][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 54.953856][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 54.961256][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 54.970267][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 54.979165][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 54.988260][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 54.994921][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 55.002226][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 55.009556][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 55.016871][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 55.024159][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 55.031130][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 55.038467][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 55.047356][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 umount2("./39/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./39/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 55.056223][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 rmdir("./39/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5123 ./strace-static-x86_64: Process 5123 attached [pid 5123] set_robust_list(0x555555b305e0, 24) = 0 [pid 5123] chdir("./40") = 0 [pid 5123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5123] setpgid(0, 0) = 0 [pid 5123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5123] write(3, "1000", 4) = 4 [pid 5123] close(3) = 0 [pid 5123] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5123] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5123] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5123] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5124 attached , parent_tid=[5124], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5124 [pid 5124] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5124] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5123] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5124] memfd_create("syzkaller", 0) = 3 [pid 5124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5124] munmap(0x7f2aed789000, 1048576) = 0 [pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5124] close(3) = 0 [pid 5124] mkdir("./file2", 0777) = 0 [pid 5124] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5124] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5124] chdir("./file2") = 0 [pid 5124] ioctl(4, LOOP_CLR_FD) = 0 [pid 5124] close(4) = 0 [pid 5124] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5124] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5123] <... futex resumed>) = 0 [pid 5124] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5123] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... open resumed>) = 4 [pid 5124] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5124] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5123] <... futex resumed>) = 0 [pid 5124] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5123] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... open resumed>) = 5 [pid 5124] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5124] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5123] <... futex resumed>) = 0 [pid 5124] ftruncate(5, 33587199 [pid 5123] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... ftruncate resumed>) = 0 [pid 5124] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5124] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5123] <... futex resumed>) = 0 [pid 5124] sendfile(4, 5, NULL, 281474978811908 [pid 5123] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5124] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] <... futex resumed>) = 0 [pid 5123] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 0 [pid 5123] <... futex resumed>) = 1 [pid 5124] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000 [pid 5123] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5124] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] <... futex resumed>) = 0 [pid 5124] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5123] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5123] <... futex resumed>) = 0 [pid 5124] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... futex resumed>) = 0 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5124] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5123] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5123] <... futex resumed>) = 0 [pid 5124] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] <... futex resumed>) = 0 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5124] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5123] exit_group(0 [pid 5124] <... futex resumed>) = ? [pid 5123] <... exit_group resumed>) = ? [pid 5124] +++ exited with 0 +++ [pid 5123] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5123, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./40/binderfs") = 0 [ 55.141570][ T5124] loop0: detected capacity change from 0 to 2048 [ 55.153849][ T5125] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 55.168268][ T5124] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 55.178286][ T5124] Remounting filesystem read-only [ 55.193949][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 55.202961][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 55.209654][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 55.216953][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 55.225829][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 55.234670][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 55.243681][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 55.250815][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 55.258126][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 55.265404][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 55.272701][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 55.280038][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 55.287023][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./40/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./40/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5126 ./strace-static-x86_64: Process 5126 attached [pid 5126] set_robust_list(0x555555b305e0, 24) = 0 [pid 5126] chdir("./41") = 0 [pid 5126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5126] setpgid(0, 0) = 0 [pid 5126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5126] write(3, "1000", 4) = 4 [pid 5126] close(3) = 0 [pid 5126] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5126] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5126] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5126] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5127], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5127 [pid 5126] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5127 attached [pid 5127] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5127] memfd_create("syzkaller", 0) = 3 [pid 5127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5127] munmap(0x7f2aed789000, 1048576) = 0 [pid 5127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 55.294312][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 55.303382][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 55.312251][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5127] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5127] close(3) = 0 [pid 5127] mkdir("./file2", 0777) = 0 [pid 5127] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5127] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5127] chdir("./file2") = 0 [pid 5127] ioctl(4, LOOP_CLR_FD) = 0 [pid 5127] close(4) = 0 [pid 5127] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5127] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] <... futex resumed>) = 0 [pid 5126] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = 0 [pid 5127] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5126] <... futex resumed>) = 1 [pid 5127] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5126] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = 0 [pid 5127] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5127] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] <... futex resumed>) = 1 [pid 5126] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5126] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = 0 [pid 5126] <... futex resumed>) = 1 [pid 5127] ftruncate(5, 33587199) = 0 [pid 5126] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5127] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = 0 [pid 5126] <... futex resumed>) = 1 [ 55.353015][ T5127] loop0: detected capacity change from 0 to 2048 [ 55.365442][ T5128] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 55.382241][ T27] kauditd_printk_skb: 32 callbacks suppressed [pid 5127] sendfile(4, 5, NULL, 281474978811908 [pid 5126] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5127] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5126] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5127] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5126] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5127] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5126] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5127] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5126] exit_group(0) = ? [pid 5127] +++ exited with 0 +++ [pid 5126] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5126, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./41/binderfs") = 0 [ 55.382251][ T27] audit: type=1800 audit(1687313639.888:84): pid=5127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 55.400375][ T5127] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 55.419284][ T27] audit: type=1800 audit(1687313639.898:85): pid=5127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 55.419859][ T5127] Remounting filesystem read-only [ 55.458165][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 55.467093][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 55.473755][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 55.481070][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 55.490060][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 55.498949][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 55.508152][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 55.514810][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 55.522324][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 55.529693][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 55.537002][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 55.544425][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 55.551427][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./41/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./41/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5129 attached , child_tidptr=0x555555b305d0) = 5129 [pid 5129] set_robust_list(0x555555b305e0, 24) = 0 [pid 5129] chdir("./42") = 0 [pid 5129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5129] setpgid(0, 0) = 0 [pid 5129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5129] write(3, "1000", 4) = 4 [pid 5129] close(3) = 0 [pid 5129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5129] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5129] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5129] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5130 attached [pid 5130] set_robust_list(0x7f2af5ba99e0, 24 [pid 5129] <... clone resumed>, parent_tid=[5130], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5130 [pid 5130] <... set_robust_list resumed>) = 0 [pid 5129] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5130] memfd_create("syzkaller", 0) = 3 [pid 5130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5130] munmap(0x7f2aed789000, 1048576) = 0 [pid 5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 55.558757][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 55.567684][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 55.576551][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5130] close(3) = 0 [pid 5130] mkdir("./file2", 0777) = 0 [pid 5130] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5130] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5130] chdir("./file2") = 0 [pid 5130] ioctl(4, LOOP_CLR_FD) = 0 [pid 5130] close(4) = 0 [pid 5130] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = 1 [pid 5130] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5130] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = 1 [pid 5130] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5130] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = 1 [pid 5130] ftruncate(5, 33587199) = 0 [pid 5130] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = 1 [ 55.628388][ T5130] loop0: detected capacity change from 0 to 2048 [ 55.641074][ T5131] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 55.644212][ T27] audit: type=1800 audit(1687313640.148:86): pid=5130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="file2" dev="loop0" ino=16 res=0 errno=0 [pid 5130] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5130] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = 1 [pid 5130] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5130] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = 1 [pid 5130] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5130] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = 1 [pid 5130] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5130] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5129] exit_group(0) = ? [pid 5130] <... futex resumed>) = ? [pid 5130] +++ exited with 0 +++ [pid 5129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5129, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./42/binderfs") = 0 [ 55.678024][ T5130] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 55.688345][ T5130] Remounting filesystem read-only [ 55.699022][ T27] audit: type=1800 audit(1687313640.178:87): pid=5130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 55.722394][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 55.731335][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 55.738134][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 55.745406][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 55.754572][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 55.763449][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 55.772437][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 55.779112][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 55.786405][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 55.793676][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 55.800967][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 55.808263][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 55.815172][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./42/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./42/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5132 ./strace-static-x86_64: Process 5132 attached [pid 5132] set_robust_list(0x555555b305e0, 24) = 0 [pid 5132] chdir("./43") = 0 [pid 5132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5132] setpgid(0, 0) = 0 [pid 5132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5132] write(3, "1000", 4) = 4 [pid 5132] close(3) = 0 [pid 5132] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5132] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5132] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5132] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5133], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5133 [pid 5132] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5133 attached [pid 5133] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5133] memfd_create("syzkaller", 0) = 3 [pid 5133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5133] munmap(0x7f2aed789000, 1048576) = 0 [pid 5133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 55.822460][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 55.831319][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 55.840200][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5133] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5133] close(3) = 0 [pid 5133] mkdir("./file2", 0777) = 0 [pid 5133] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5133] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5133] chdir("./file2") = 0 [pid 5133] ioctl(4, LOOP_CLR_FD) = 0 [pid 5133] close(4) = 0 [pid 5133] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5133] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5132] <... futex resumed>) = 0 [pid 5132] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = 0 [pid 5133] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5132] <... futex resumed>) = 1 [pid 5132] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] <... open resumed>) = 4 [pid 5133] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5133] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5132] <... futex resumed>) = 0 [pid 5132] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = 0 [pid 5133] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5132] <... futex resumed>) = 1 [pid 5132] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] <... open resumed>) = 5 [pid 5133] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5133] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5132] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] ftruncate(5, 33587199) = 0 [pid 5132] <... futex resumed>) = 0 [pid 5133] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5132] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... futex resumed>) = 0 [ 55.882142][ T5133] loop0: detected capacity change from 0 to 2048 [ 55.897516][ T5134] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5132] <... futex resumed>) = 1 [pid 5133] sendfile(4, 5, NULL, 281474978811908 [pid 5132] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5133] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5132] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5133] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5132] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5133] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5132] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5132] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5133] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5132] exit_group(0) = ? [pid 5133] +++ exited with 0 +++ [pid 5132] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5132, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./43/binderfs") = 0 [ 55.912183][ T27] audit: type=1800 audit(1687313640.418:88): pid=5133 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 55.931911][ T5133] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 55.933489][ T27] audit: type=1800 audit(1687313640.428:89): pid=5133 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 55.943442][ T5133] Remounting filesystem read-only [ 55.981579][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 55.990902][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 55.997730][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 56.005007][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 56.013887][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 56.022754][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 56.031801][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 56.038524][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 56.046137][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 56.053397][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 56.060710][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 56.068011][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 56.074918][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./43/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./43/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5135 ./strace-static-x86_64: Process 5135 attached [pid 5135] set_robust_list(0x555555b305e0, 24) = 0 [pid 5135] chdir("./44") = 0 [pid 5135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5135] setpgid(0, 0) = 0 [pid 5135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5135] write(3, "1000", 4) = 4 [pid 5135] close(3) = 0 [pid 5135] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5135] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5135] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5135] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5136], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5136 [pid 5135] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5136 attached [pid 5136] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5136] memfd_create("syzkaller", 0) = 3 [pid 5136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5136] munmap(0x7f2aed789000, 1048576) = 0 [pid 5136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 56.082221][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 56.091109][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 56.100000][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5136] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5136] close(3) = 0 [pid 5136] mkdir("./file2", 0777) = 0 [pid 5136] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5136] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5136] chdir("./file2") = 0 [pid 5136] ioctl(4, LOOP_CLR_FD) = 0 [pid 5136] close(4) = 0 [pid 5136] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... futex resumed>) = 1 [pid 5136] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5136] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5136] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... futex resumed>) = 0 [pid 5136] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5136] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... futex resumed>) = 1 [pid 5136] ftruncate(5, 33587199) = 0 [pid 5136] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... futex resumed>) = 1 [ 56.154218][ T5136] loop0: detected capacity change from 0 to 2048 [ 56.166440][ T5137] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 56.174359][ T27] audit: type=1800 audit(1687313640.678:90): pid=5136 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="file2" dev="loop0" ino=16 res=0 errno=0 [pid 5136] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5136] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... futex resumed>) = 1 [pid 5136] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5136] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... futex resumed>) = 1 [pid 5136] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5136] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5135] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] <... futex resumed>) = 1 [pid 5136] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5136] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5135] exit_group(0) = ? [pid 5136] <... futex resumed>) = ? [pid 5136] +++ exited with 0 +++ [pid 5135] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5135, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./44/binderfs") = 0 [ 56.197933][ T27] audit: type=1800 audit(1687313640.698:91): pid=5136 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 56.202268][ T5136] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 56.229220][ T5136] Remounting filesystem read-only [ 56.266203][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 56.275091][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 56.282075][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 56.289501][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 56.298401][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 56.307259][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 56.316283][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 56.323025][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 56.330409][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 56.337745][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 56.345027][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 56.352399][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 56.359399][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./44/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./44/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5138 attached , child_tidptr=0x555555b305d0) = 5138 [pid 5138] set_robust_list(0x555555b305e0, 24) = 0 [pid 5138] chdir("./45") = 0 [pid 5138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5138] setpgid(0, 0) = 0 [pid 5138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5138] write(3, "1000", 4) = 4 [pid 5138] close(3) = 0 [pid 5138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5138] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5138] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5138] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5139], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5139 ./strace-static-x86_64: Process 5139 attached [pid 5139] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5139] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5138] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5139] memfd_create("syzkaller", 0) = 3 [pid 5139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5139] munmap(0x7f2aed789000, 1048576) = 0 [pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 56.366714][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 56.375557][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 56.384442][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5139] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5139] close(3) = 0 [pid 5139] mkdir("./file2", 0777) = 0 [pid 5139] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5139] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5139] chdir("./file2") = 0 [pid 5139] ioctl(4, LOOP_CLR_FD) = 0 [pid 5139] close(4) = 0 [pid 5139] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5139] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5138] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... open resumed>) = 4 [pid 5139] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... futex resumed>) = 1 [ 56.446983][ T5139] loop0: detected capacity change from 0 to 2048 [ 56.459105][ T5140] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5139] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5139] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... futex resumed>) = 1 [pid 5139] ftruncate(5, 33587199) = 0 [pid 5139] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... futex resumed>) = 1 [pid 5139] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5139] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000 [pid 5138] <... futex resumed>) = 0 [pid 5138] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5139] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... futex resumed>) = 0 [pid 5139] <... futex resumed>) = 1 [pid 5139] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5138] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5138] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... futex resumed>) = 0 [pid 5139] <... futex resumed>) = 1 [pid 5138] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5138] <... futex resumed>) = 0 [pid 5139] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5138] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... futex resumed>) = 0 [pid 5139] <... futex resumed>) = 1 [pid 5139] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5138] exit_group(0 [pid 5139] <... futex resumed>) = ? [pid 5138] <... exit_group resumed>) = ? [pid 5139] +++ exited with 0 +++ [pid 5138] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5138, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./45/binderfs") = 0 [ 56.478970][ T27] audit: type=1800 audit(1687313640.988:92): pid=5139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 56.499918][ T27] audit: type=1800 audit(1687313641.008:93): pid=5139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 56.504173][ T5139] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 56.531139][ T5139] Remounting filesystem read-only [ 56.550445][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 56.559416][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 56.566113][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 56.573484][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 56.582376][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 56.591269][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 56.600315][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 56.607233][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 56.614497][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 56.621806][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 56.629098][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 56.636408][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 56.643340][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./45/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./45/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5141 ./strace-static-x86_64: Process 5141 attached [pid 5141] set_robust_list(0x555555b305e0, 24) = 0 [pid 5141] chdir("./46") = 0 [pid 5141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5141] setpgid(0, 0) = 0 [pid 5141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5141] write(3, "1000", 4) = 4 [pid 5141] close(3) = 0 [pid 5141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5141] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5141] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5141] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5142], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5142 [pid 5141] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5142 attached [pid 5142] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5142] memfd_create("syzkaller", 0) = 3 [pid 5142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5142] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5142] munmap(0x7f2aed789000, 1048576) = 0 [pid 5142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 56.650647][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 56.659511][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 56.668368][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5142] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5142] close(3) = 0 [pid 5142] mkdir("./file2", 0777) = 0 [pid 5142] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5142] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5142] chdir("./file2") = 0 [pid 5142] ioctl(4, LOOP_CLR_FD) = 0 [pid 5142] close(4) = 0 [pid 5142] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... futex resumed>) = 1 [pid 5142] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5142] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... futex resumed>) = 1 [pid 5142] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5142] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... futex resumed>) = 1 [pid 5142] ftruncate(5, 33587199) = 0 [pid 5142] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... futex resumed>) = 1 [pid 5142] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5142] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5142] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5142] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5142] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5141] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5141] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... futex resumed>) = 0 [pid 5142] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5142] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5141] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... futex resumed>) = 1 [pid 5142] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5142] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5142] <... futex resumed>) = 1 [pid 5141] exit_group(0) = ? [pid 5142] +++ exited with 0 +++ [pid 5141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5141, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./46/binderfs") = 0 [ 56.724778][ T5142] loop0: detected capacity change from 0 to 2048 [ 56.736957][ T5143] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 56.752110][ T5142] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 56.763078][ T5142] Remounting filesystem read-only [ 56.780896][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 56.789822][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 56.796554][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 56.803841][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 56.812709][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 56.821815][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 56.830834][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 56.837540][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 56.844825][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 56.852205][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 56.859545][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 56.866865][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 56.873809][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./46/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./46/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5144 ./strace-static-x86_64: Process 5144 attached [pid 5144] set_robust_list(0x555555b305e0, 24) = 0 [pid 5144] chdir("./47") = 0 [pid 5144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5144] setpgid(0, 0) = 0 [pid 5144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5144] write(3, "1000", 4) = 4 [pid 5144] close(3) = 0 [pid 5144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5144] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5144] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5145 attached , parent_tid=[5145], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5145 [pid 5145] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5145] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5144] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5145] memfd_create("syzkaller", 0) = 3 [pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5145] munmap(0x7f2aed789000, 1048576) = 0 [pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 56.881110][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 56.889986][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 56.898845][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5145] close(3) = 0 [pid 5145] mkdir("./file2", 0777) = 0 [pid 5145] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5145] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5145] chdir("./file2") = 0 [pid 5145] ioctl(4, LOOP_CLR_FD) = 0 [pid 5145] close(4) = 0 [pid 5145] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... futex resumed>) = 0 [pid 5145] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5145] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5145] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] ftruncate(5, 33587199) = 0 [pid 5145] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5145] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5145] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5145] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5145] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] exit_group(0 [pid 5145] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] <... exit_group resumed>) = ? [pid 5145] <... futex resumed>) = ? [pid 5145] +++ exited with 0 +++ [pid 5144] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5144, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./47/binderfs") = 0 [ 56.950058][ T5145] loop0: detected capacity change from 0 to 2048 [ 56.962049][ T5146] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 56.984330][ T5145] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 56.994478][ T5145] Remounting filesystem read-only [ 57.013195][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 57.022278][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 57.028979][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 57.036289][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.045119][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.054061][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.063095][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 57.070153][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 57.077585][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 57.084886][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 57.092213][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 57.099653][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 57.106621][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./47/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./47/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5147 ./strace-static-x86_64: Process 5147 attached [pid 5147] set_robust_list(0x555555b305e0, 24) = 0 [pid 5147] chdir("./48") = 0 [pid 5147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5147] setpgid(0, 0) = 0 [pid 5147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5147] write(3, "1000", 4) = 4 [pid 5147] close(3) = 0 [pid 5147] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5147] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5147] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5147] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5148 attached , parent_tid=[5148], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5148 [pid 5148] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5148] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5148] <... futex resumed>) = 0 [pid 5147] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5148] memfd_create("syzkaller", 0) = 3 [pid 5148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5148] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5148] munmap(0x7f2aed789000, 1048576) = 0 [pid 5148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 57.113907][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.122783][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.131654][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5148] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5148] close(3) = 0 [pid 5148] mkdir("./file2", 0777) = 0 [pid 5148] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5148] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5148] chdir("./file2") = 0 [pid 5148] ioctl(4, LOOP_CLR_FD) = 0 [pid 5148] close(4) = 0 [pid 5148] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5148] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5148] <... futex resumed>) = 0 [pid 5148] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5147] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... open resumed>) = 4 [pid 5148] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5148] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5148] <... futex resumed>) = 0 [pid 5148] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5147] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... open resumed>) = 5 [pid 5148] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] ftruncate(5, 33587199) = 0 [pid 5148] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 57.190603][ T5148] loop0: detected capacity change from 0 to 2048 [ 57.203086][ T5149] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 57.225982][ T5148] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [pid 5148] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5148] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... futex resumed>) = 1 [pid 5148] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5148] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... futex resumed>) = 1 [pid 5148] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5148] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5147] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5147] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] <... futex resumed>) = 1 [pid 5148] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5148] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5147] exit_group(0) = ? [pid 5148] <... futex resumed>) = ? [pid 5148] +++ exited with 0 +++ [pid 5147] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5147, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./48/binderfs") = 0 [ 57.236184][ T5148] Remounting filesystem read-only [ 57.263064][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 57.271970][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 57.278728][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 57.286024][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.294935][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.303808][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.312757][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 57.319464][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 57.326780][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 57.334038][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 57.341363][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 57.348715][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 57.355716][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./48/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./48/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5150 ./strace-static-x86_64: Process 5150 attached [pid 5150] set_robust_list(0x555555b305e0, 24) = 0 [pid 5150] chdir("./49") = 0 [pid 5150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5150] setpgid(0, 0) = 0 [pid 5150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5150] write(3, "1000", 4) = 4 [pid 5150] close(3) = 0 [pid 5150] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5150] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5150] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5150] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5151 attached [pid 5151] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5151] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] <... clone resumed>, parent_tid=[5151], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5151 [pid 5150] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5150] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5151] memfd_create("syzkaller", 0) = 3 [pid 5151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5151] munmap(0x7f2aed789000, 1048576) = 0 [pid 5151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 57.362993][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.371855][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.380724][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5151] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5151] close(3) = 0 [pid 5151] mkdir("./file2", 0777) = 0 [pid 5151] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5151] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5151] chdir("./file2") = 0 [pid 5151] ioctl(4, LOOP_CLR_FD) = 0 [pid 5151] close(4) = 0 [pid 5151] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] <... futex resumed>) = 0 [pid 5150] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... futex resumed>) = 0 [pid 5151] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5151] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5150] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5151] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5150] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] ftruncate(5, 33587199) = 0 [pid 5151] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5150] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 57.438691][ T5151] loop0: detected capacity change from 0 to 2048 [ 57.449785][ T5152] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 57.477767][ T5151] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [pid 5151] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5151] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = 0 [pid 5150] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... futex resumed>) = 1 [pid 5151] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5151] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = 0 [pid 5150] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... futex resumed>) = 1 [pid 5151] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5151] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5151] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5150] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5150] <... futex resumed>) = 0 [pid 5151] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... futex resumed>) = 0 [pid 5150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5151] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5150] exit_group(0 [pid 5151] <... futex resumed>) = ? [pid 5150] <... exit_group resumed>) = ? [pid 5151] +++ exited with 0 +++ [pid 5150] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5150, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./49/binderfs") = 0 [ 57.487811][ T5151] Remounting filesystem read-only [ 57.526269][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 57.535166][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 57.541968][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 57.549303][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.558278][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.567238][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.576542][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 57.583212][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 57.590777][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 57.598134][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 57.605415][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 57.612725][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 57.619683][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./49/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./49/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5153 ./strace-static-x86_64: Process 5153 attached [pid 5153] set_robust_list(0x555555b305e0, 24) = 0 [pid 5153] chdir("./50") = 0 [pid 5153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5153] setpgid(0, 0) = 0 [pid 5153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5153] write(3, "1000", 4) = 4 [pid 5153] close(3) = 0 [pid 5153] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5153] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5153] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5153] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5154 attached [pid 5154] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5154] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] <... clone resumed>, parent_tid=[5154], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5154 [pid 5153] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5153] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5154] memfd_create("syzkaller", 0) = 3 [pid 5154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5154] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5154] munmap(0x7f2aed789000, 1048576) = 0 [pid 5154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 57.626992][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.635877][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.644702][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5154] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5154] close(3) = 0 [pid 5154] mkdir("./file2", 0777) = 0 [pid 5154] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5154] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5154] chdir("./file2") = 0 [pid 5154] ioctl(4, LOOP_CLR_FD) = 0 [pid 5154] close(4) = 0 [pid 5154] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... futex resumed>) = 0 [pid 5154] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5154] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = 0 [pid 5153] <... futex resumed>) = 1 [pid 5154] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5153] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... open resumed>) = 5 [pid 5154] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5154] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5153] <... futex resumed>) = 0 [pid 5154] ftruncate(5, 33587199 [pid 5153] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... ftruncate resumed>) = 0 [pid 5154] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5154] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5153] <... futex resumed>) = 0 [pid 5154] sendfile(4, 5, NULL, 281474978811908 [ 57.691570][ T5154] loop0: detected capacity change from 0 to 2048 [ 57.703978][ T5155] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 57.730281][ T5154] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [pid 5153] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5154] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5154] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5154] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5153] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5154] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5153] exit_group(0) = ? [pid 5154] +++ exited with 0 +++ [pid 5153] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5153, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./50/binderfs") = 0 [ 57.740356][ T5154] Remounting filesystem read-only [ 57.786194][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 57.795055][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 57.801867][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 57.809473][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.818382][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.827289][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.836321][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 57.842977][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 57.850275][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 57.857579][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 57.864839][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 57.872140][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 57.879094][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./50/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./50/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5156 ./strace-static-x86_64: Process 5156 attached [pid 5156] set_robust_list(0x555555b305e0, 24) = 0 [pid 5156] chdir("./51") = 0 [pid 5156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5156] setpgid(0, 0) = 0 [pid 5156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5156] write(3, "1000", 4) = 4 [pid 5156] close(3) = 0 [pid 5156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5156] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5156] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5156] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5157], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5157 [pid 5156] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5157 attached [pid 5157] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5157] memfd_create("syzkaller", 0) = 3 [pid 5157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5157] munmap(0x7f2aed789000, 1048576) = 0 [pid 5157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 57.886422][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.895350][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.904227][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5157] close(3) = 0 [pid 5157] mkdir("./file2", 0777) = 0 [pid 5157] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5157] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5157] chdir("./file2") = 0 [pid 5157] ioctl(4, LOOP_CLR_FD) = 0 [pid 5157] close(4) = 0 [pid 5157] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] <... futex resumed>) = 0 [pid 5157] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5157] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] <... futex resumed>) = 0 [pid 5157] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5157] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] ftruncate(5, 33587199) = 0 [pid 5157] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 57.949250][ T5157] loop0: detected capacity change from 0 to 2048 [ 57.961008][ T5158] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 57.984582][ T5157] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [pid 5157] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5157] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5157] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5157] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5156] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5157] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5156] exit_group(0) = ? [pid 5157] +++ exited with 0 +++ [pid 5156] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5156, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./51/binderfs") = 0 [ 57.994785][ T5157] Remounting filesystem read-only [ 58.036112][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 58.044970][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 58.051757][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 58.059157][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.068120][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.077031][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.086178][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 58.092837][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 58.100146][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 58.107443][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 58.114697][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 58.122007][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 58.128954][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./51/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./51/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5159 ./strace-static-x86_64: Process 5159 attached [pid 5159] set_robust_list(0x555555b305e0, 24) = 0 [pid 5159] chdir("./52") = 0 [pid 5159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5159] setpgid(0, 0) = 0 [pid 5159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5159] write(3, "1000", 4) = 4 [pid 5159] close(3) = 0 [pid 5159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5159] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5159] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5159] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5160], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5160 [pid 5159] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5160 attached [pid 5160] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5160] memfd_create("syzkaller", 0) = 3 [pid 5160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5160] munmap(0x7f2aed789000, 1048576) = 0 [pid 5160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 58.136262][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.145104][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.154047][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5160] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5160] close(3) = 0 [pid 5160] mkdir("./file2", 0777) = 0 [pid 5160] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5160] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5160] chdir("./file2") = 0 [pid 5160] ioctl(4, LOOP_CLR_FD) = 0 [pid 5160] close(4) = 0 [pid 5160] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5160] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5160] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] ftruncate(5, 33587199) = 0 [pid 5160] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 58.198191][ T5160] loop0: detected capacity change from 0 to 2048 [ 58.209944][ T5161] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5160] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5160] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] <... futex resumed>) = 1 [pid 5159] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5160] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5160] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5160] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5159] exit_group(0) = ? [pid 5160] +++ exited with 0 +++ [pid 5159] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5159, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./52/binderfs") = 0 [ 58.238491][ T5160] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 58.248625][ T5160] Remounting filesystem read-only [ 58.296225][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 58.305081][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 58.311807][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 58.319312][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.328211][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.337248][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.346317][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 58.353001][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 58.360307][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 58.367604][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 58.374861][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 58.382164][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 58.389113][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./52/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./52/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5162 ./strace-static-x86_64: Process 5162 attached [pid 5162] set_robust_list(0x555555b305e0, 24) = 0 [pid 5162] chdir("./53") = 0 [pid 5162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5162] setpgid(0, 0) = 0 [pid 5162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5162] write(3, "1000", 4) = 4 [pid 5162] close(3) = 0 [pid 5162] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5162] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5162] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5162] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5163 attached [pid 5163] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5163] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] <... clone resumed>, parent_tid=[5163], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5163 [pid 5162] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5163] memfd_create("syzkaller", 0) = 3 [pid 5163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5162] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5163] munmap(0x7f2aed789000, 1048576) = 0 [pid 5163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 58.396406][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.405247][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.414143][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5163] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5163] close(3) = 0 [pid 5163] mkdir("./file2", 0777) = 0 [pid 5163] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5163] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5163] chdir("./file2") = 0 [pid 5163] ioctl(4, LOOP_CLR_FD) = 0 [pid 5163] close(4) = 0 [pid 5163] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... futex resumed>) = 0 [pid 5163] <... futex resumed>) = 1 [pid 5162] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5163] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... futex resumed>) = 0 [pid 5162] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] <... futex resumed>) = 1 [pid 5163] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5163] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] <... futex resumed>) = 0 [pid 5162] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] ftruncate(5, 33587199) = 0 [pid 5163] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] <... futex resumed>) = 0 [pid 5162] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 58.462857][ T5163] loop0: detected capacity change from 0 to 2048 [ 58.475331][ T5164] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5163] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5163] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] <... futex resumed>) = 0 [pid 5162] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5163] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] <... futex resumed>) = 0 [pid 5162] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5163] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] <... futex resumed>) = 0 [pid 5162] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5163] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] <... futex resumed>) = 0 [pid 5162] exit_group(0) = ? [pid 5163] +++ exited with 0 +++ [pid 5162] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5162, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./53/binderfs") = 0 [ 58.505044][ T5163] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 58.515098][ T5163] Remounting filesystem read-only [ 58.536278][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 58.545153][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 58.551910][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 58.559250][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.568171][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.577063][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.586156][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 58.592855][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 58.600184][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 58.607494][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 58.614762][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 58.622097][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 58.629065][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 58.636426][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.645281][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 umount2("./53/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./53/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5165 ./strace-static-x86_64: Process 5165 attached [pid 5165] set_robust_list(0x555555b305e0, 24) = 0 [pid 5165] chdir("./54") = 0 [pid 5165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5165] setpgid(0, 0) = 0 [pid 5165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5165] write(3, "1000", 4) = 4 [pid 5165] close(3) = 0 [pid 5165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5165] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5165] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5165] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5166], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5166 [pid 5165] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5166 attached [pid 5166] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5166] memfd_create("syzkaller", 0) = 3 [pid 5166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5166] munmap(0x7f2aed789000, 1048576) = 0 [pid 5166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5166] close(3) = 0 [pid 5166] mkdir("./file2", 0777) = 0 [ 58.654171][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.694982][ T5166] loop0: detected capacity change from 0 to 2048 [pid 5166] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5166] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5166] chdir("./file2") = 0 [pid 5166] ioctl(4, LOOP_CLR_FD) = 0 [pid 5166] close(4) = 0 [pid 5166] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5166] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5166] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5166] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5166] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... futex resumed>) = 1 [pid 5166] ftruncate(5, 33587199) = 0 [pid 5166] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... futex resumed>) = 1 [pid 5166] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5166] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5166] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5166] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5165] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5166] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5165] exit_group(0) = ? [pid 5166] +++ exited with 0 +++ [pid 5165] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5165, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./54/binderfs") = 0 [ 58.707463][ T5167] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 58.740908][ T5166] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 58.751182][ T5166] Remounting filesystem read-only [ 58.776314][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 58.785195][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 58.792080][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 58.799442][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.808460][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.817383][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.826423][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 58.833081][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 58.840426][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 58.847737][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 58.855000][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 58.862400][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 58.869551][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./54/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./54/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5168 ./strace-static-x86_64: Process 5168 attached [pid 5168] set_robust_list(0x555555b305e0, 24) = 0 [pid 5168] chdir("./55") = 0 [pid 5168] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5168] setpgid(0, 0) = 0 [pid 5168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5168] write(3, "1000", 4) = 4 [pid 5168] close(3) = 0 [pid 5168] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5168] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5168] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5168] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5169 attached , parent_tid=[5169], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5169 [pid 5169] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5169] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5169] memfd_create("syzkaller", 0 [pid 5168] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5169] <... memfd_create resumed>) = 3 [pid 5169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5169] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5169] munmap(0x7f2aed789000, 1048576) = 0 [pid 5169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 58.876871][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.885757][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.894585][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5169] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5169] close(3) = 0 [pid 5169] mkdir("./file2", 0777) = 0 [pid 5169] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5169] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5169] chdir("./file2") = 0 [pid 5169] ioctl(4, LOOP_CLR_FD) = 0 [pid 5169] close(4) = 0 [pid 5169] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] <... futex resumed>) = 0 [pid 5168] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = 0 [pid 5168] <... futex resumed>) = 1 [pid 5169] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5168] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5169] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5168] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = 0 [pid 5168] <... futex resumed>) = 1 [pid 5169] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5168] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5169] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5168] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = 0 [pid 5168] <... futex resumed>) = 1 [pid 5169] ftruncate(5, 33587199) = 0 [pid 5168] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5169] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5168] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] <... futex resumed>) = 0 [pid 5168] <... futex resumed>) = 1 [pid 5169] sendfile(4, 5, NULL, 281474978811908 [ 58.953075][ T5169] loop0: detected capacity change from 0 to 2048 [ 58.965357][ T5170] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 58.989278][ T5169] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [pid 5168] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5169] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5169] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5168] <... futex resumed>) = 0 [pid 5168] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5168] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5169] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5169] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5168] <... futex resumed>) = 0 [pid 5168] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5168] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5169] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5169] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5168] <... futex resumed>) = 0 [pid 5168] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5168] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5169] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5169] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5168] <... futex resumed>) = 0 [pid 5168] exit_group(0) = ? [pid 5169] +++ exited with 0 +++ [pid 5168] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5168, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./55/binderfs") = 0 [ 58.999468][ T5169] Remounting filesystem read-only [ 59.046600][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 59.055510][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 59.062279][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 59.069686][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.078854][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.087848][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.096941][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 59.103614][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 59.110925][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 59.118228][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 59.125486][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 59.132787][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 59.139738][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./55/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./55/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5171 ./strace-static-x86_64: Process 5171 attached [pid 5171] set_robust_list(0x555555b305e0, 24) = 0 [pid 5171] chdir("./56") = 0 [pid 5171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5171] setpgid(0, 0) = 0 [pid 5171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5171] write(3, "1000", 4) = 4 [pid 5171] close(3) = 0 [pid 5171] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5171] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5171] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5171] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5172], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5172 [pid 5171] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5172 attached [pid 5172] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5172] memfd_create("syzkaller", 0) = 3 [pid 5172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5172] munmap(0x7f2aed789000, 1048576) = 0 [pid 5172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 59.147041][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.155914][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.164733][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5172] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5172] close(3) = 0 [pid 5172] mkdir("./file2", 0777) = 0 [pid 5172] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5172] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5172] chdir("./file2") = 0 [pid 5172] ioctl(4, LOOP_CLR_FD) = 0 [pid 5172] close(4) = 0 [pid 5172] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] <... futex resumed>) = 0 [pid 5171] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5172] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5171] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] <... open resumed>) = 5 [pid 5172] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] ftruncate(5, 33587199 [pid 5171] <... futex resumed>) = 0 [pid 5172] <... ftruncate resumed>) = 0 [pid 5171] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 59.217592][ T5172] loop0: detected capacity change from 0 to 2048 [ 59.230175][ T5173] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 59.253509][ T5172] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [pid 5172] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5172] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5172] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5172] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5172] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5171] exit_group(0) = ? [pid 5172] +++ exited with 0 +++ [pid 5171] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5171, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./56/binderfs") = 0 [ 59.263771][ T5172] Remounting filesystem read-only [ 59.286208][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 59.295056][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 59.301836][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 59.309220][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.318304][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.327353][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.336392][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 59.343045][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 59.350337][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 59.357639][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 umount2("./56/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./56/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5174 ./strace-static-x86_64: Process 5174 attached [pid 5174] set_robust_list(0x555555b305e0, 24) = 0 [pid 5174] chdir("./57") = 0 [pid 5174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5174] setpgid(0, 0) = 0 [pid 5174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5174] write(3, "1000", 4) = 4 [pid 5174] close(3) = 0 [pid 5174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5174] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5174] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5174] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5175 attached , parent_tid=[5175], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5175 [pid 5175] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5175] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5174] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5175] memfd_create("syzkaller", 0 [pid 5174] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5175] <... memfd_create resumed>) = 3 [pid 5175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [ 59.364908][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 59.372213][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 59.379167][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 59.386469][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.395310][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.404178][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5175] munmap(0x7f2aed789000, 1048576) = 0 [pid 5175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5175] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5175] close(3) = 0 [pid 5175] mkdir("./file2", 0777) = 0 [pid 5175] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5175] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5175] chdir("./file2") = 0 [pid 5175] ioctl(4, LOOP_CLR_FD) = 0 [pid 5175] close(4) = 0 [pid 5175] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] <... futex resumed>) = 0 [pid 5174] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5175] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] <... futex resumed>) = 0 [pid 5174] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5174] <... futex resumed>) = 0 [pid 5174] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] <... open resumed>) = 5 [pid 5175] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] <... futex resumed>) = 0 [pid 5175] ftruncate(5, 33587199 [pid 5174] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... ftruncate resumed>) = 0 [pid 5174] <... futex resumed>) = 0 [pid 5175] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] <... futex resumed>) = 0 [pid 5174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5175] sendfile(4, 5, NULL, 281474978811908 [pid 5174] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 59.454469][ T5175] loop0: detected capacity change from 0 to 2048 [ 59.467884][ T5176] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 59.492777][ T5175] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [pid 5174] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5175] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] <... futex resumed>) = 0 [pid 5174] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5175] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] <... futex resumed>) = 0 [pid 5174] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5175] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] <... futex resumed>) = 0 [pid 5174] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5175] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] <... futex resumed>) = 0 [pid 5174] exit_group(0) = ? [pid 5175] +++ exited with 0 +++ [pid 5174] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5174, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./57/binderfs") = 0 [ 59.502850][ T5175] Remounting filesystem read-only [ 59.526306][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 59.535154][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 59.542161][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 59.549537][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.558476][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.567338][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.576392][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 59.583068][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 59.590359][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 59.597676][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 59.604959][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 59.612252][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 59.619199][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./57/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./57/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5177 ./strace-static-x86_64: Process 5177 attached [pid 5177] set_robust_list(0x555555b305e0, 24) = 0 [pid 5177] chdir("./58") = 0 [pid 5177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5177] setpgid(0, 0) = 0 [pid 5177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5177] write(3, "1000", 4) = 4 [pid 5177] close(3) = 0 [pid 5177] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5177] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5177] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5177] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5178 attached [pid 5178] set_robust_list(0x7f2af5ba99e0, 24 [pid 5177] <... clone resumed>, parent_tid=[5178], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5178 [pid 5178] <... set_robust_list resumed>) = 0 [pid 5178] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5178] <... futex resumed>) = 0 [pid 5177] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5178] memfd_create("syzkaller", 0) = 3 [pid 5178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5178] munmap(0x7f2aed789000, 1048576) = 0 [pid 5178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 59.626494][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.635335][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.644339][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5178] close(3) = 0 [pid 5178] mkdir("./file2", 0777) = 0 [pid 5178] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5178] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5178] chdir("./file2") = 0 [pid 5178] ioctl(4, LOOP_CLR_FD) = 0 [pid 5178] close(4) = 0 [pid 5178] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5178] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5178] <... futex resumed>) = 0 [pid 5178] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5177] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... open resumed>) = 4 [pid 5178] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... futex resumed>) = 1 [pid 5178] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5178] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... futex resumed>) = 1 [pid 5178] ftruncate(5, 33587199) = 0 [pid 5178] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... futex resumed>) = 1 [pid 5178] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5178] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5178] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... futex resumed>) = 0 [pid 5178] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5178] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5177] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5177] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5178] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5178] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5177] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5177] <... futex resumed>) = 0 [pid 5178] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5178] <... futex resumed>) = 0 [pid 5178] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5177] exit_group(0) = ? [pid 5178] <... futex resumed>) = ? [pid 5178] +++ exited with 0 +++ [pid 5177] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5177, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./58/binderfs") = 0 [ 59.689355][ T5178] loop0: detected capacity change from 0 to 2048 [ 59.701706][ T5179] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 59.719460][ T5178] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 59.729502][ T5178] Remounting filesystem read-only [ 59.745026][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 59.753915][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 59.760669][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 59.768327][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.777298][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.786184][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.795176][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 59.801888][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 59.809229][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 59.816534][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 59.823811][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 59.831111][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 59.838062][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./58/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./58/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5180 ./strace-static-x86_64: Process 5180 attached [pid 5180] set_robust_list(0x555555b305e0, 24) = 0 [pid 5180] chdir("./59") = 0 [pid 5180] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5180] setpgid(0, 0) = 0 [pid 5180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5180] write(3, "1000", 4) = 4 [pid 5180] close(3) = 0 [pid 5180] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5180] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5180] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5180] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5181], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5181 [pid 5180] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5181 attached [pid 5181] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5181] memfd_create("syzkaller", 0) = 3 [pid 5181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5181] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5181] munmap(0x7f2aed789000, 1048576) = 0 [pid 5181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 59.845318][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.854179][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.863047][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5181] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5181] close(3) = 0 [pid 5181] mkdir("./file2", 0777) = 0 [pid 5181] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5181] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5181] chdir("./file2") = 0 [pid 5181] ioctl(4, LOOP_CLR_FD) = 0 [pid 5181] close(4) = 0 [pid 5181] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] <... futex resumed>) = 0 [pid 5181] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... futex resumed>) = 0 [pid 5181] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5181] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5181] <... futex resumed>) = 1 [pid 5180] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5181] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5180] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... futex resumed>) = 1 [pid 5181] ftruncate(5, 33587199) = 0 [pid 5181] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5180] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... futex resumed>) = 1 [ 59.910891][ T5181] loop0: detected capacity change from 0 to 2048 [ 59.923453][ T5182] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5181] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5181] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5180] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... futex resumed>) = 1 [pid 5181] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5181] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5180] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... futex resumed>) = 1 [pid 5181] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5181] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5180] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] <... futex resumed>) = 1 [pid 5180] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5181] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] <... futex resumed>) = 0 [pid 5181] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] exit_group(0) = ? [pid 5181] <... futex resumed>) = ? [pid 5181] +++ exited with 0 +++ [pid 5180] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5180, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./59/binderfs") = 0 [ 59.951945][ T5181] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 59.962100][ T5181] Remounting filesystem read-only [ 59.978558][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 59.987492][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 59.994167][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 60.001504][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.010445][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.019601][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.028629][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 60.035285][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 60.042597][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 60.049951][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 60.057266][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 60.064548][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 60.071530][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 60.079122][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.087995][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 umount2("./59/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./59/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 60.096876][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 rmdir("./59/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5183 ./strace-static-x86_64: Process 5183 attached [pid 5183] set_robust_list(0x555555b305e0, 24) = 0 [pid 5183] chdir("./60") = 0 [pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5183] setpgid(0, 0) = 0 [pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5183] write(3, "1000", 4) = 4 [pid 5183] close(3) = 0 [pid 5183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5183] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5183] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5183] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5184 attached [pid 5184] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5184] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] <... clone resumed>, parent_tid=[5184], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5184 [pid 5183] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] <... futex resumed>) = 0 [pid 5184] memfd_create("syzkaller", 0 [pid 5183] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5184] <... memfd_create resumed>) = 3 [pid 5184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5184] munmap(0x7f2aed789000, 1048576) = 0 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5184] close(3) = 0 [pid 5184] mkdir("./file2", 0777) = 0 [pid 5184] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5184] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5184] chdir("./file2") = 0 [pid 5184] ioctl(4, LOOP_CLR_FD) = 0 [pid 5184] close(4) = 0 [pid 5184] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5184] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5184] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] ftruncate(5, 33587199 [pid 5183] <... futex resumed>) = 0 [pid 5184] <... ftruncate resumed>) = 0 [pid 5183] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5184] <... futex resumed>) = 0 [pid 5183] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] sendfile(4, 5, NULL, 281474978811908 [pid 5183] <... futex resumed>) = 0 [ 60.205340][ T5184] loop0: detected capacity change from 0 to 2048 [ 60.218661][ T5185] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5183] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5184] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5184] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5183] <... futex resumed>) = 0 [pid 5184] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000 [pid 5183] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5184] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5184] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5183] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5183] <... futex resumed>) = 0 [pid 5184] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... futex resumed>) = 0 [pid 5183] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5183] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5183] <... futex resumed>) = 0 [pid 5184] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5183] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5183] exit_group(0 [pid 5184] <... futex resumed>) = ? [pid 5183] <... exit_group resumed>) = ? [pid 5184] +++ exited with 0 +++ [pid 5183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5183, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./60/binderfs") = 0 [ 60.248032][ T5184] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 60.258171][ T5184] Remounting filesystem read-only [ 60.272301][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 60.281199][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 60.287894][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 60.295177][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.304049][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.312907][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.321946][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 60.328619][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 60.335934][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 60.343211][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 60.350522][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 60.357846][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 60.364791][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 60.372306][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.381738][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 umount2("./60/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./60/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5186 ./strace-static-x86_64: Process 5186 attached [pid 5186] set_robust_list(0x555555b305e0, 24) = 0 [pid 5186] chdir("./61") = 0 [pid 5186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5186] setpgid(0, 0) = 0 [pid 5186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5186] write(3, "1000", 4) = 4 [pid 5186] close(3) = 0 [pid 5186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5186] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5186] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5186] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5187], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5187 [pid 5186] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5187 attached [pid 5186] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5187] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5187] memfd_create("syzkaller", 0) = 3 [pid 5187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5187] munmap(0x7f2aed789000, 1048576) = 0 [pid 5187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 60.390621][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5187] close(3) = 0 [pid 5187] mkdir("./file2", 0777) = 0 [pid 5187] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5187] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5187] chdir("./file2") = 0 [pid 5187] ioctl(4, LOOP_CLR_FD) = 0 [pid 5187] close(4) = 0 [pid 5187] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5187] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5186] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... open resumed>) = 4 [pid 5187] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 60.436705][ T5187] loop0: detected capacity change from 0 to 2048 [ 60.448401][ T5188] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 60.467093][ T27] kauditd_printk_skb: 30 callbacks suppressed [pid 5187] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5187] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5186] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5186] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5187] ftruncate(5, 33587199 [pid 5186] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... ftruncate resumed>) = 0 [pid 5187] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5186] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5187] sendfile(4, 5, NULL, 281474978811908 [pid 5186] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5187] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] <... futex resumed>) = 0 [pid 5187] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000 [pid 5186] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5186] <... futex resumed>) = 0 [pid 5187] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5187] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5186] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5186] <... futex resumed>) = 0 [pid 5187] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5187] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5186] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5186] <... futex resumed>) = 0 [pid 5187] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5187] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] exit_group(0 [pid 5187] <... futex resumed>) = ? [pid 5186] <... exit_group resumed>) = ? [pid 5187] +++ exited with 0 +++ [pid 5186] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5186, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./61/binderfs") = 0 [ 60.467103][ T27] audit: type=1800 audit(1687313644.978:124): pid=5187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 60.496216][ T27] audit: type=1800 audit(1687313645.008:125): pid=5187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 60.520281][ T5187] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 60.530474][ T5187] Remounting filesystem read-only [ 60.544945][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 60.553842][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 60.560531][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 60.567824][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.576727][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.585581][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.594633][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 60.601336][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 60.608656][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 60.615981][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 60.623253][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 60.630552][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 60.637512][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./61/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./61/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5189 attached [pid 5189] set_robust_list(0x555555b305e0, 24) = 0 [pid 5189] chdir("./62" [pid 4999] <... clone resumed>, child_tidptr=0x555555b305d0) = 5189 [pid 5189] <... chdir resumed>) = 0 [pid 5189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5189] setpgid(0, 0) = 0 [pid 5189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5189] write(3, "1000", 4) = 4 [pid 5189] close(3) = 0 [pid 5189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5189] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5189] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5189] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5190], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5190 [pid 5189] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5190 attached [pid 5190] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5190] memfd_create("syzkaller", 0) = 3 [pid 5190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5190] munmap(0x7f2aed789000, 1048576) = 0 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 60.644859][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.653719][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.662575][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5190] close(3) = 0 [pid 5190] mkdir("./file2", 0777) = 0 [pid 5190] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5190] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5190] chdir("./file2") = 0 [pid 5190] ioctl(4, LOOP_CLR_FD) = 0 [ 60.717810][ T5190] loop0: detected capacity change from 0 to 2048 [ 60.731575][ T5191] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 60.744528][ T27] audit: type=1800 audit(1687313645.258:126): pid=5190 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="file2" dev="loop0" ino=16 res=0 errno=0 [pid 5190] close(4) = 0 [pid 5190] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5190] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5189] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... open resumed>) = 4 [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5190] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5189] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] <... open resumed>) = 5 [pid 5190] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] <... futex resumed>) = 1 [pid 5189] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] ftruncate(5, 33587199) = 0 [pid 5190] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5190] sendfile(4, 5, NULL, 281474978811908 [pid 5189] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5190] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5190] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5190] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5189] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5189] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5190] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5190] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5189] exit_group(0) = ? [pid 5190] +++ exited with 0 +++ [pid 5189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5189, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./62/binderfs") = 0 [ 60.746576][ T5190] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 60.765493][ T27] audit: type=1800 audit(1687313645.258:127): pid=5190 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 60.780494][ T5190] Remounting filesystem read-only [ 60.813855][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 60.822792][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 60.829516][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 60.836817][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.845717][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.854562][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.863580][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 60.870604][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 60.877911][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 60.885185][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 60.892495][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 60.899796][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 60.906753][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./62/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./62/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5192 ./strace-static-x86_64: Process 5192 attached [pid 5192] set_robust_list(0x555555b305e0, 24) = 0 [pid 5192] chdir("./63") = 0 [pid 5192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5192] setpgid(0, 0) = 0 [pid 5192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5192] write(3, "1000", 4) = 4 [ 60.914041][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.922903][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.931769][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5192] close(3) = 0 [pid 5192] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5192] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5192] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5192] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5193 attached [pid 5193] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5193] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] <... clone resumed>, parent_tid=[5193], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5193 [pid 5192] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5192] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5193] memfd_create("syzkaller", 0) = 3 [pid 5193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5193] munmap(0x7f2aed789000, 1048576) = 0 [pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5193] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5193] close(3) = 0 [pid 5193] mkdir("./file2", 0777) = 0 [pid 5193] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5193] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5193] chdir("./file2") = 0 [pid 5193] ioctl(4, LOOP_CLR_FD) = 0 [pid 5193] close(4) = 0 [pid 5193] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... futex resumed>) = 1 [pid 5193] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5193] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... futex resumed>) = 1 [pid 5193] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5193] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 60.994350][ T5193] loop0: detected capacity change from 0 to 2048 [ 61.006223][ T5194] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 61.023780][ T27] audit: type=1800 audit(1687313645.528:128): pid=5193 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="file2" dev="loop0" ino=16 res=0 errno=0 [pid 5193] ftruncate(5, 33587199) = 0 [pid 5193] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5193] sendfile(4, 5, NULL, 281474978811908 [pid 5192] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5193] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5193] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5193] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5192] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5193] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5192] exit_group(0) = ? [pid 5193] +++ exited with 0 +++ [pid 5192] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5192, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./63/binderfs") = 0 [ 61.049914][ T5193] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 61.055823][ T27] audit: type=1800 audit(1687313645.558:129): pid=5193 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 61.060880][ T5193] Remounting filesystem read-only [ 61.116296][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 61.125163][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 61.131983][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 61.139326][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.148189][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.157056][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.166059][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 61.172715][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 61.180039][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 61.187444][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 61.194704][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 61.202250][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 61.209215][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./63/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./63/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5195 ./strace-static-x86_64: Process 5195 attached [pid 5195] set_robust_list(0x555555b305e0, 24) = 0 [pid 5195] chdir("./64") = 0 [pid 5195] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5195] setpgid(0, 0) = 0 [pid 5195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5195] write(3, "1000", 4) = 4 [pid 5195] close(3) = 0 [pid 5195] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5195] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5195] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5195] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5196 attached [pid 5196] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5196] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] <... clone resumed>, parent_tid=[5196], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5196 [pid 5195] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5196] <... futex resumed>) = 0 [pid 5195] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5196] memfd_create("syzkaller", 0) = 3 [pid 5196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5196] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5196] munmap(0x7f2aed789000, 1048576) = 0 [pid 5196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 61.216536][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.225363][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.234314][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5196] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5196] close(3) = 0 [pid 5196] mkdir("./file2", 0777) = 0 [pid 5196] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5196] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5196] chdir("./file2") = 0 [pid 5196] ioctl(4, LOOP_CLR_FD) = 0 [pid 5196] close(4) = 0 [pid 5196] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5196] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... futex resumed>) = 0 [ 61.284873][ T5196] loop0: detected capacity change from 0 to 2048 [ 61.297624][ T5197] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 61.314487][ T27] audit: type=1800 audit(1687313645.818:130): pid=5196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="file2" dev="loop0" ino=16 res=0 errno=0 [pid 5196] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5196] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... futex resumed>) = 1 [pid 5196] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5196] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... futex resumed>) = 1 [pid 5196] ftruncate(5, 33587199) = 0 [pid 5196] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... futex resumed>) = 1 [pid 5196] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5196] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5196] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5196] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5196] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5195] exit_group(0) = ? [pid 5196] +++ exited with 0 +++ [pid 5195] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5195, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./64/binderfs") = 0 [ 61.329474][ T5196] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 61.336015][ T27] audit: type=1800 audit(1687313645.838:131): pid=5196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 61.345626][ T5196] Remounting filesystem read-only [ 61.384273][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 61.393240][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 61.399949][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 61.407354][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.416378][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.425216][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.434267][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 61.441004][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 61.448320][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 61.455618][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 61.462946][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 61.470274][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 61.477237][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./64/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./64/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5198 ./strace-static-x86_64: Process 5198 attached [pid 5198] set_robust_list(0x555555b305e0, 24) = 0 [pid 5198] chdir("./65") = 0 [pid 5198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5198] setpgid(0, 0) = 0 [pid 5198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5198] write(3, "1000", 4) = 4 [pid 5198] close(3) = 0 [pid 5198] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5198] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5198] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5198] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5199 attached , parent_tid=[5199], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5199 [pid 5199] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5199] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] <... futex resumed>) = 0 [pid 5199] memfd_create("syzkaller", 0) = 3 [pid 5199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5198] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 61.484531][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.493391][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.502262][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5199] munmap(0x7f2aed789000, 1048576) = 0 [pid 5199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5199] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5199] close(3) = 0 [pid 5199] mkdir("./file2", 0777) = 0 [pid 5199] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5199] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5199] chdir("./file2") = 0 [pid 5199] ioctl(4, LOOP_CLR_FD) = 0 [pid 5199] close(4) = 0 [pid 5199] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] <... futex resumed>) = 0 [pid 5199] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5198] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] <... open resumed>) = 4 [pid 5199] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] <... futex resumed>) = 1 [pid 5199] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5199] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] <... futex resumed>) = 1 [pid 5199] ftruncate(5, 33587199) = 0 [pid 5199] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] <... futex resumed>) = 1 [ 61.551327][ T5199] loop0: detected capacity change from 0 to 2048 [ 61.563375][ T5200] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5199] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5199] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5199] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5199] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5199] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5198] exit_group(0) = ? [pid 5199] +++ exited with 0 +++ [pid 5198] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5198, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./65/binderfs") = 0 [ 61.587306][ T27] audit: type=1800 audit(1687313646.098:132): pid=5199 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 61.596850][ T5199] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 61.608302][ T27] audit: type=1800 audit(1687313646.098:133): pid=5199 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 61.618268][ T5199] Remounting filesystem read-only [ 61.656480][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 61.665382][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 61.672104][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 61.679435][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.688305][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.697198][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.706217][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 61.712873][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 61.720183][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 61.727482][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 61.734743][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 61.742057][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 61.749014][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./65/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./65/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5201 ./strace-static-x86_64: Process 5201 attached [pid 5201] set_robust_list(0x555555b305e0, 24) = 0 [pid 5201] chdir("./66") = 0 [pid 5201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5201] setpgid(0, 0) = 0 [pid 5201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5201] write(3, "1000", 4) = 4 [pid 5201] close(3) = 0 [pid 5201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5201] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5201] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5201] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5202 attached , parent_tid=[5202], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5202 [pid 5202] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5202] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] <... futex resumed>) = 0 [pid 5201] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5202] memfd_create("syzkaller", 0) = 3 [pid 5202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5202] munmap(0x7f2aed789000, 1048576) = 0 [pid 5202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 61.756320][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.765163][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.774030][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5202] close(3) = 0 [pid 5202] mkdir("./file2", 0777) = 0 [pid 5202] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5202] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5202] chdir("./file2") = 0 [pid 5202] ioctl(4, LOOP_CLR_FD) = 0 [pid 5202] close(4) = 0 [pid 5202] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... open resumed>) = 4 [pid 5202] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5201] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... open resumed>) = 5 [pid 5202] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5202] ftruncate(5, 33587199 [pid 5201] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... ftruncate resumed>) = 0 [pid 5202] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 61.829920][ T5202] loop0: detected capacity change from 0 to 2048 [ 61.841400][ T5203] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 61.867765][ T5202] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [pid 5202] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5202] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5202] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5202] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5201] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5201] <... futex resumed>) = 0 [pid 5202] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... futex resumed>) = 0 [pid 5201] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5201] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5202] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5202] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] exit_group(0) = ? [pid 5202] <... futex resumed>) = ? [pid 5202] +++ exited with 0 +++ [pid 5201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5201, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./66/binderfs") = 0 [ 61.877863][ T5202] Remounting filesystem read-only [ 61.902852][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 61.911880][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 61.918589][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 61.925930][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.934773][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.943642][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.952656][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 61.959360][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 61.966665][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 61.973921][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 61.981227][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 61.988533][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 61.995531][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./66/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./66/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5204 ./strace-static-x86_64: Process 5204 attached [pid 5204] set_robust_list(0x555555b305e0, 24) = 0 [pid 5204] chdir("./67") = 0 [pid 5204] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5204] setpgid(0, 0) = 0 [pid 5204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5204] write(3, "1000", 4) = 4 [pid 5204] close(3) = 0 [pid 5204] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5204] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5204] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5204] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5205 attached , parent_tid=[5205], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5205 [pid 5205] set_robust_list(0x7f2af5ba99e0, 24 [pid 5204] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5205] <... set_robust_list resumed>) = 0 [pid 5205] memfd_create("syzkaller", 0) = 3 [pid 5205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5205] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5205] munmap(0x7f2aed789000, 1048576) = 0 [pid 5205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 62.002842][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.011704][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.020574][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5205] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5205] close(3) = 0 [pid 5205] mkdir("./file2", 0777) = 0 [pid 5205] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5205] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5205] chdir("./file2") = 0 [pid 5205] ioctl(4, LOOP_CLR_FD) = 0 [pid 5205] close(4) = 0 [pid 5205] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] <... futex resumed>) = 0 [pid 5204] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... futex resumed>) = 1 [pid 5205] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5205] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] <... futex resumed>) = 0 [pid 5204] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... futex resumed>) = 1 [pid 5205] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5205] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] <... futex resumed>) = 0 [pid 5204] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... futex resumed>) = 1 [pid 5205] ftruncate(5, 33587199) = 0 [pid 5205] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] <... futex resumed>) = 0 [pid 5204] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... futex resumed>) = 1 [pid 5205] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5205] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5204] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5205] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5204] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5205] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5204] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5205] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5204] exit_group(0) = ? [pid 5205] +++ exited with 0 +++ [pid 5204] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5204, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./67/binderfs") = 0 [ 62.058140][ T5205] loop0: detected capacity change from 0 to 2048 [ 62.070352][ T5206] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 62.083589][ T5205] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 62.094247][ T5205] Remounting filesystem read-only [ 62.112561][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 62.121575][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 62.128272][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 62.135572][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.144458][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.153374][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.162447][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 62.169144][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 62.176487][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 62.183780][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 62.191109][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 62.198428][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 62.205340][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./67/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./67/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5207 ./strace-static-x86_64: Process 5207 attached [pid 5207] set_robust_list(0x555555b305e0, 24) = 0 [pid 5207] chdir("./68") = 0 [pid 5207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5207] setpgid(0, 0) = 0 [pid 5207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5207] write(3, "1000", 4) = 4 [pid 5207] close(3) = 0 [pid 5207] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5207] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5207] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5207] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5208], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5208 [pid 5207] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5208 attached [pid 5208] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5208] memfd_create("syzkaller", 0) = 3 [pid 5208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5208] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5208] munmap(0x7f2aed789000, 1048576) = 0 [pid 5208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 62.212721][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.221588][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.230466][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5208] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5208] close(3) = 0 [pid 5208] mkdir("./file2", 0777) = 0 [pid 5208] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5208] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5208] chdir("./file2") = 0 [pid 5208] ioctl(4, LOOP_CLR_FD) = 0 [pid 5208] close(4) = 0 [pid 5208] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... futex resumed>) = 1 [pid 5208] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5208] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... futex resumed>) = 1 [pid 5208] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5208] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... futex resumed>) = 1 [pid 5208] ftruncate(5, 33587199) = 0 [pid 5208] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... futex resumed>) = 1 [pid 5208] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5208] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5208] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5208] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5208] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5207] exit_group(0) = ? [pid 5208] +++ exited with 0 +++ [pid 5207] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5207, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./68/binderfs") = 0 [ 62.280314][ T5208] loop0: detected capacity change from 0 to 2048 [ 62.292117][ T5209] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 62.304388][ T5208] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 62.314889][ T5208] Remounting filesystem read-only [ 62.333371][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 62.342305][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 62.349000][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 62.356316][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.365138][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.374010][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.382989][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 62.389681][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 62.396989][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 62.404248][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 62.411549][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 62.418849][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 62.425813][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./68/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./68/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5210 attached , child_tidptr=0x555555b305d0) = 5210 [pid 5210] set_robust_list(0x555555b305e0, 24) = 0 [pid 5210] chdir("./69") = 0 [pid 5210] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5210] setpgid(0, 0) = 0 [pid 5210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5210] write(3, "1000", 4) = 4 [pid 5210] close(3) = 0 [pid 5210] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5210] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5210] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5210] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5211], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5211 [pid 5210] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5211 attached [pid 5211] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5211] memfd_create("syzkaller", 0) = 3 [pid 5211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5211] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5211] munmap(0x7f2aed789000, 1048576) = 0 [pid 5211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 62.433104][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.442010][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.450896][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5211] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5211] close(3) = 0 [pid 5211] mkdir("./file2", 0777) = 0 [pid 5211] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5211] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5211] chdir("./file2") = 0 [pid 5211] ioctl(4, LOOP_CLR_FD) = 0 [pid 5211] close(4) = 0 [pid 5211] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5211] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] <... futex resumed>) = 0 [pid 5210] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5210] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] <... futex resumed>) = 0 [pid 5211] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5211] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] <... futex resumed>) = 0 [pid 5210] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] <... futex resumed>) = 1 [pid 5211] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5211] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5210] <... futex resumed>) = 0 [pid 5210] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] ftruncate(5, 33587199) = 0 [pid 5211] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5210] <... futex resumed>) = 0 [pid 5210] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 62.509403][ T5211] loop0: detected capacity change from 0 to 2048 [ 62.521653][ T5212] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 62.546354][ T5211] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [pid 5211] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5211] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5210] <... futex resumed>) = 0 [pid 5211] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000 [pid 5210] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5211] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5210] <... futex resumed>) = 0 [pid 5210] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5211] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5210] <... futex resumed>) = 0 [pid 5210] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5211] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5210] <... futex resumed>) = 0 [pid 5210] exit_group(0) = ? [pid 5211] +++ exited with 0 +++ [pid 5210] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5210, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./69/binderfs") = 0 [ 62.556602][ T5211] Remounting filesystem read-only [ 62.572495][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 62.581405][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 62.588108][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 62.595498][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.604364][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.613319][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.622351][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 62.629026][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 62.636332][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 62.643616][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 62.650921][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 umount2("./69/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./69/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5213 ./strace-static-x86_64: Process 5213 attached [pid 5213] set_robust_list(0x555555b305e0, 24) = 0 [pid 5213] chdir("./70") = 0 [pid 5213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5213] setpgid(0, 0) = 0 [pid 5213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5213] write(3, "1000", 4) = 4 [pid 5213] close(3) = 0 [pid 5213] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5213] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5213] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5213] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5214], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5214 ./strace-static-x86_64: Process 5214 attached [pid 5214] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5214] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5213] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5213] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5214] memfd_create("syzkaller", 0) = 3 [pid 5214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [ 62.658242][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 62.665171][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 62.672485][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.681357][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.690262][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5214] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5214] munmap(0x7f2aed789000, 1048576) = 0 [pid 5214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5214] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5214] close(3) = 0 [pid 5214] mkdir("./file2", 0777) = 0 [pid 5214] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5214] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5214] chdir("./file2") = 0 [pid 5214] ioctl(4, LOOP_CLR_FD) = 0 [pid 5214] close(4) = 0 [pid 5214] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... futex resumed>) = 0 [pid 5214] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5214] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = 0 [pid 5214] <... futex resumed>) = 1 [pid 5213] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5214] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = 0 [pid 5214] <... futex resumed>) = 1 [pid 5213] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] ftruncate(5, 33587199) = 0 [pid 5214] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 62.746008][ T5214] loop0: detected capacity change from 0 to 2048 [ 62.757732][ T5215] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 62.785067][ T5214] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [pid 5214] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5214] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... futex resumed>) = 0 [pid 5214] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5214] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... futex resumed>) = 1 [pid 5214] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5214] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... futex resumed>) = 1 [pid 5214] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5214] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] <... futex resumed>) = 0 [pid 5214] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5213] exit_group(0) = ? [pid 5214] <... futex resumed>) = ? [pid 5214] +++ exited with 0 +++ [pid 5213] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5213, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./70/binderfs") = 0 [ 62.795168][ T5214] Remounting filesystem read-only [ 62.816405][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 62.825256][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 62.831977][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 62.839272][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.848132][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.856992][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.866028][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 62.872688][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 62.879983][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 62.887272][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 62.894530][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 62.901830][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 62.908785][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./70/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./70/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5216 attached , child_tidptr=0x555555b305d0) = 5216 [pid 5216] set_robust_list(0x555555b305e0, 24) = 0 [pid 5216] chdir("./71") = 0 [pid 5216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5216] setpgid(0, 0) = 0 [pid 5216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5216] write(3, "1000", 4) = 4 [pid 5216] close(3) = 0 [pid 5216] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5216] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5216] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5216] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5217 attached [pid 5217] set_robust_list(0x7f2af5ba99e0, 24 [pid 5216] <... clone resumed>, parent_tid=[5217], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5217 [pid 5217] <... set_robust_list resumed>) = 0 [pid 5216] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5217] memfd_create("syzkaller", 0) = 3 [pid 5217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5217] munmap(0x7f2aed789000, 1048576) = 0 [pid 5217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 62.916240][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.925112][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.934323][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5217] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5217] close(3) = 0 [pid 5217] mkdir("./file2", 0777) = 0 [pid 5217] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5217] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5217] chdir("./file2") = 0 [pid 5217] ioctl(4, LOOP_CLR_FD) = 0 [pid 5217] close(4) = 0 [pid 5217] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... futex resumed>) = 0 [pid 5216] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... futex resumed>) = 1 [pid 5217] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5217] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... futex resumed>) = 0 [pid 5216] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... futex resumed>) = 1 [pid 5217] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5217] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... futex resumed>) = 0 [pid 5216] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... futex resumed>) = 1 [pid 5217] ftruncate(5, 33587199) = 0 [pid 5217] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... futex resumed>) = 0 [pid 5216] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... futex resumed>) = 1 [pid 5217] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5217] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] <... futex resumed>) = 0 [pid 5216] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5217] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5217] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5216] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... futex resumed>) = 0 [pid 5217] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5217] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... futex resumed>) = 0 [pid 5217] <... futex resumed>) = 1 [pid 5216] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5217] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5216] exit_group(0) = ? [pid 5217] +++ exited with 0 +++ [pid 5216] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5216, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./71/binderfs") = 0 [ 62.990039][ T5217] loop0: detected capacity change from 0 to 2048 [ 63.002282][ T5218] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 63.015143][ T5217] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 63.025478][ T5217] Remounting filesystem read-only [ 63.046957][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 63.055948][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 63.062600][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 63.069912][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.078769][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.087627][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.096593][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 63.103249][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 63.110544][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 63.117836][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 63.125091][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 63.132387][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 63.139329][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./71/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./71/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5219 ./strace-static-x86_64: Process 5219 attached [pid 5219] set_robust_list(0x555555b305e0, 24) = 0 [pid 5219] chdir("./72") = 0 [pid 5219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5219] setpgid(0, 0) = 0 [pid 5219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5219] write(3, "1000", 4) = 4 [pid 5219] close(3) = 0 [pid 5219] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5219] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5219] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5219] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5220 attached [pid 5220] set_robust_list(0x7f2af5ba99e0, 24 [pid 5219] <... clone resumed>, parent_tid=[5220], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5220 [pid 5220] <... set_robust_list resumed>) = 0 [pid 5219] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] memfd_create("syzkaller", 0 [pid 5219] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5220] <... memfd_create resumed>) = 3 [pid 5220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5220] munmap(0x7f2aed789000, 1048576) = 0 [pid 5220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 63.146618][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.155455][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.164473][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5220] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5220] close(3) = 0 [pid 5220] mkdir("./file2", 0777) = 0 [pid 5220] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5220] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5220] chdir("./file2") = 0 [pid 5220] ioctl(4, LOOP_CLR_FD) = 0 [pid 5220] close(4) = 0 [pid 5220] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5220] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5219] <... futex resumed>) = 0 [pid 5220] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5219] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... open resumed>) = 4 [pid 5220] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5220] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5219] <... futex resumed>) = 0 [pid 5220] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5219] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... open resumed>) = 5 [pid 5220] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5220] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5219] <... futex resumed>) = 0 [pid 5220] ftruncate(5, 33587199 [pid 5219] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... ftruncate resumed>) = 0 [pid 5220] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 0 [pid 5220] <... futex resumed>) = 1 [pid 5219] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] sendfile(4, 5, NULL, 281474978811908 [pid 5219] <... futex resumed>) = 0 [ 63.209226][ T5220] loop0: detected capacity change from 0 to 2048 [ 63.220896][ T5221] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 63.246728][ T5220] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [pid 5219] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5220] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5220] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000 [pid 5219] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5219] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5220] <... futex resumed>) = 0 [pid 5219] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5219] <... futex resumed>) = 0 [pid 5220] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5219] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5220] <... futex resumed>) = 0 [pid 5219] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5219] <... futex resumed>) = 0 [pid 5220] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5219] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5220] <... futex resumed>) = 0 [pid 5220] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] exit_group(0 [pid 5220] <... futex resumed>) = ? [pid 5219] <... exit_group resumed>) = ? [pid 5220] +++ exited with 0 +++ [pid 5219] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5219, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./72/binderfs") = 0 [ 63.256793][ T5220] Remounting filesystem read-only [ 63.270831][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 63.279838][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 63.286569][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 63.293864][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.302763][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.311625][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.320668][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 63.327344][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 63.334603][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 63.341904][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 63.349204][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 umount2("./72/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./72/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5222 ./strace-static-x86_64: Process 5222 attached [pid 5222] set_robust_list(0x555555b305e0, 24) = 0 [pid 5222] chdir("./73") = 0 [pid 5222] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5222] setpgid(0, 0) = 0 [pid 5222] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5222] write(3, "1000", 4) = 4 [pid 5222] close(3) = 0 [pid 5222] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5222] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5222] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5222] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5223], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5223 [pid 5222] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5223 attached [pid 5223] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5223] memfd_create("syzkaller", 0) = 3 [pid 5223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5223] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5223] munmap(0x7f2aed789000, 1048576) = 0 [pid 5223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 63.356523][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 63.363448][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 63.370764][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.379633][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.388499][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5223] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5223] close(3) = 0 [pid 5223] mkdir("./file2", 0777) = 0 [pid 5223] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5223] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5223] chdir("./file2") = 0 [pid 5223] ioctl(4, LOOP_CLR_FD) = 0 [pid 5223] close(4) = 0 [pid 5223] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... futex resumed>) = 0 [pid 5222] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] <... futex resumed>) = 1 [pid 5223] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5223] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... futex resumed>) = 0 [pid 5222] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] <... futex resumed>) = 1 [pid 5223] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5223] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... futex resumed>) = 0 [pid 5222] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] <... futex resumed>) = 1 [pid 5223] ftruncate(5, 33587199) = 0 [pid 5223] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... futex resumed>) = 0 [pid 5222] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] <... futex resumed>) = 1 [pid 5223] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5223] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5222] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5223] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5222] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5223] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5222] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5223] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5222] exit_group(0) = ? [pid 5223] +++ exited with 0 +++ [pid 5222] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5222, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./73/binderfs") = 0 [ 63.435304][ T5223] loop0: detected capacity change from 0 to 2048 [ 63.447679][ T5224] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 63.461845][ T5223] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 63.472056][ T5223] Remounting filesystem read-only [ 63.490693][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 63.499752][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 63.506496][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 63.513770][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.522880][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.532138][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.541299][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 63.547979][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 63.555235][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 63.562575][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 63.569923][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 63.577248][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 63.584182][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./73/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./73/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5225 ./strace-static-x86_64: Process 5225 attached [pid 5225] set_robust_list(0x555555b305e0, 24) = 0 [pid 5225] chdir("./74") = 0 [pid 5225] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5225] setpgid(0, 0) = 0 [pid 5225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5225] write(3, "1000", 4) = 4 [pid 5225] close(3) = 0 [pid 5225] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5225] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5225] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5225] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5226], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5226 [pid 5225] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5226 attached [pid 5226] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5226] memfd_create("syzkaller", 0) = 3 [pid 5226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5226] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5226] munmap(0x7f2aed789000, 1048576) = 0 [pid 5226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 63.591489][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.600384][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.609272][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5226] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5226] close(3) = 0 [pid 5226] mkdir("./file2", 0777) = 0 [pid 5226] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5226] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5226] chdir("./file2") = 0 [pid 5226] ioctl(4, LOOP_CLR_FD) = 0 [pid 5226] close(4) = 0 [pid 5226] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = 0 [pid 5225] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... futex resumed>) = 1 [pid 5226] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5226] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = 0 [pid 5225] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... futex resumed>) = 1 [pid 5226] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5226] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = 0 [pid 5225] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... futex resumed>) = 1 [pid 5226] ftruncate(5, 33587199) = 0 [pid 5226] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = 0 [pid 5225] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... futex resumed>) = 1 [pid 5226] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5226] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5225] <... futex resumed>) = 0 [pid 5225] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5226] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5225] <... futex resumed>) = 0 [pid 5226] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5225] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5225] <... futex resumed>) = 0 [pid 5225] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5226] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5225] <... futex resumed>) = 0 [pid 5225] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5225] <... futex resumed>) = 0 [pid 5225] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5225] exit_group(0) = ? [pid 5226] <... futex resumed>) = ? [pid 5226] +++ exited with 0 +++ [pid 5225] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5225, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./74/binderfs") = 0 [ 63.650579][ T5226] loop0: detected capacity change from 0 to 2048 [ 63.662665][ T5227] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 63.680561][ T5226] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 63.690594][ T5226] Remounting filesystem read-only [ 63.705208][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 63.714146][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 63.721120][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 63.728449][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.737310][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.746191][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.755237][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 63.761934][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 63.769234][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 63.776558][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 63.783924][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 63.791290][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 63.798275][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./74/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./74/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5228 ./strace-static-x86_64: Process 5228 attached [pid 5228] set_robust_list(0x555555b305e0, 24) = 0 [pid 5228] chdir("./75") = 0 [pid 5228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5228] setpgid(0, 0) = 0 [pid 5228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5228] write(3, "1000", 4) = 4 [pid 5228] close(3) = 0 [pid 5228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5228] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5228] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5228] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5229], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5229 [pid 5228] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5229 attached [pid 5229] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5229] memfd_create("syzkaller", 0) = 3 [pid 5229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5229] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5229] munmap(0x7f2aed789000, 1048576) = 0 [pid 5229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 63.805543][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.814425][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.823307][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5229] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5229] close(3) = 0 [pid 5229] mkdir("./file2", 0777) = 0 [pid 5229] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5229] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5229] chdir("./file2") = 0 [pid 5229] ioctl(4, LOOP_CLR_FD) = 0 [pid 5229] close(4) = 0 [pid 5229] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5228] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5229] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5228] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5229] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5228] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] ftruncate(5, 33587199) = 0 [pid 5229] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] <... futex resumed>) = 0 [pid 5228] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] <... futex resumed>) = 1 [pid 5229] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5229] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5228] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5229] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5228] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5229] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5228] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5228] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5229] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] <... futex resumed>) = 0 [pid 5228] exit_group(0) = ? [pid 5229] +++ exited with 0 +++ [pid 5228] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5228, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./75/binderfs") = 0 [ 63.876173][ T5229] loop0: detected capacity change from 0 to 2048 [ 63.889021][ T5230] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 63.901600][ T5229] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 63.911683][ T5229] Remounting filesystem read-only [ 63.929815][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 63.938980][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 63.945643][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 63.953029][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.962002][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.970917][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.979990][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 63.986701][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 63.993967][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 64.001295][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 64.008639][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 64.015996][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 64.022936][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./75/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./75/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5231 ./strace-static-x86_64: Process 5231 attached [pid 5231] set_robust_list(0x555555b305e0, 24) = 0 [pid 5231] chdir("./76") = 0 [pid 5231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5231] setpgid(0, 0) = 0 [pid 5231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5231] write(3, "1000", 4) = 4 [pid 5231] close(3) = 0 [pid 5231] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5231] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5231] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5231] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5232 attached [pid 5232] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5232] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] <... clone resumed>, parent_tid=[5232], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5232 [pid 5231] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5231] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5232] memfd_create("syzkaller", 0) = 3 [pid 5232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [ 64.030282][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.039168][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.048126][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5232] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5232] munmap(0x7f2aed789000, 1048576) = 0 [pid 5232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5232] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5232] close(3) = 0 [pid 5232] mkdir("./file2", 0777) = 0 [pid 5232] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5232] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5232] chdir("./file2") = 0 [pid 5232] ioctl(4, LOOP_CLR_FD) = 0 [pid 5232] close(4) = 0 [pid 5232] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] <... futex resumed>) = 0 [pid 5231] <... futex resumed>) = 1 [pid 5232] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5231] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] <... futex resumed>) = 0 [pid 5231] <... futex resumed>) = 1 [pid 5232] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5231] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... open resumed>) = 5 [pid 5232] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] <... futex resumed>) = 0 [pid 5231] <... futex resumed>) = 1 [pid 5232] ftruncate(5, 33587199) = 0 [pid 5231] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5232] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5231] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] sendfile(4, 5, NULL, 281474978811908 [pid 5231] <... futex resumed>) = 0 [ 64.118563][ T5232] loop0: detected capacity change from 0 to 2048 [ 64.131503][ T5233] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 64.157874][ T5232] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [pid 5231] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5232] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... futex resumed>) = 1 [pid 5232] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5232] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... futex resumed>) = 1 [pid 5232] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5232] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] <... futex resumed>) = 1 [pid 5232] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5232] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... futex resumed>) = 0 [pid 5231] exit_group(0) = ? [pid 5232] <... futex resumed>) = ? [pid 5232] +++ exited with 0 +++ [pid 5231] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5231, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./76/binderfs") = 0 [ 64.167980][ T5232] Remounting filesystem read-only [ 64.183681][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 64.192892][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 64.199937][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 64.207259][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.216152][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.224982][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.234074][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 64.240803][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 64.248151][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 64.255441][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 umount2("./76/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./76/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5234 ./strace-static-x86_64: Process 5234 attached [pid 5234] set_robust_list(0x555555b305e0, 24) = 0 [pid 5234] chdir("./77") = 0 [pid 5234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5234] setpgid(0, 0) = 0 [pid 5234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5234] write(3, "1000", 4) = 4 [pid 5234] close(3) = 0 [pid 5234] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5234] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5234] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5234] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5235], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5235 [pid 5234] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5234] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5235 attached [pid 5235] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5235] memfd_create("syzkaller", 0) = 3 [pid 5235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5235] munmap(0x7f2aed789000, 1048576) = 0 [pid 5235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 64.262794][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 64.270137][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 64.277118][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 64.284395][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.293330][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.302291][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5235] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5235] close(3) = 0 [pid 5235] mkdir("./file2", 0777) = 0 [pid 5235] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5235] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5235] chdir("./file2") = 0 [pid 5235] ioctl(4, LOOP_CLR_FD) = 0 [pid 5235] close(4) = 0 [pid 5235] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... futex resumed>) = 0 [pid 5234] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5234] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] <... futex resumed>) = 1 [pid 5235] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5235] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... futex resumed>) = 0 [pid 5234] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5234] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] <... futex resumed>) = 1 [pid 5235] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5235] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... futex resumed>) = 0 [pid 5234] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5234] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] <... futex resumed>) = 1 [pid 5235] ftruncate(5, 33587199) = 0 [pid 5235] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... futex resumed>) = 0 [pid 5234] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5234] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] <... futex resumed>) = 1 [pid 5235] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5235] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] <... futex resumed>) = 0 [pid 5234] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5234] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5235] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] <... futex resumed>) = 0 [pid 5234] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5234] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5235] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] <... futex resumed>) = 0 [pid 5234] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5234] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5235] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] <... futex resumed>) = 0 [pid 5234] exit_group(0) = ? [pid 5235] +++ exited with 0 +++ [pid 5234] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5234, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./77/binderfs") = 0 [ 64.349291][ T5235] loop0: detected capacity change from 0 to 2048 [ 64.361770][ T5236] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 64.376889][ T5235] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 64.387023][ T5235] Remounting filesystem read-only [ 64.414745][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 64.423766][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 64.430477][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 64.437775][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.446640][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.455492][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.464526][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 64.471268][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 64.479342][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 64.486700][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 64.494161][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 64.501487][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 umount2("./77/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./77/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5237 ./strace-static-x86_64: Process 5237 attached [pid 5237] set_robust_list(0x555555b305e0, 24) = 0 [pid 5237] chdir("./78") = 0 [pid 5237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5237] setpgid(0, 0) = 0 [pid 5237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5237] write(3, "1000", 4) = 4 [pid 5237] close(3) = 0 [pid 5237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5237] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5237] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5237] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5238], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5238 ./strace-static-x86_64: Process 5238 attached [pid 5238] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5238] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5237] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5237] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5238] memfd_create("syzkaller", 0) = 3 [pid 5238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5238] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5238] munmap(0x7f2aed789000, 1048576) = 0 [pid 5238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 64.508445][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 64.515923][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.524846][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.534025][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5238] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5238] close(3) = 0 [pid 5238] mkdir("./file2", 0777) = 0 [pid 5238] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5238] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5238] chdir("./file2") = 0 [pid 5238] ioctl(4, LOOP_CLR_FD) = 0 [pid 5238] close(4) = 0 [pid 5238] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = 0 [pid 5237] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... futex resumed>) = 1 [pid 5238] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5238] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = 0 [pid 5237] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... futex resumed>) = 1 [pid 5238] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5238] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = 0 [pid 5237] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... futex resumed>) = 1 [pid 5238] ftruncate(5, 33587199) = 0 [pid 5238] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = 0 [pid 5237] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... futex resumed>) = 1 [ 64.591771][ T5238] loop0: detected capacity change from 0 to 2048 [ 64.608742][ T5239] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5238] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5238] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = 0 [pid 5237] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... futex resumed>) = 1 [pid 5238] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5238] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = 0 [pid 5237] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... futex resumed>) = 1 [pid 5238] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5238] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = 0 [pid 5237] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5237] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5238] <... futex resumed>) = 1 [pid 5238] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5238] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = 0 [pid 5237] exit_group(0) = ? [pid 5238] <... futex resumed>) = ? [pid 5238] +++ exited with 0 +++ [pid 5237] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5237, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./78/binderfs") = 0 [ 64.639003][ T5238] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 64.649724][ T5238] Remounting filesystem read-only [ 64.673410][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 64.682443][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 64.689254][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 64.696649][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.705518][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.714415][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.723474][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 64.730177][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 64.737515][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 64.744793][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 64.752092][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 64.759406][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 64.766437][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 64.773719][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.782625][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 umount2("./78/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./78/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5240 ./strace-static-x86_64: Process 5240 attached [pid 5240] set_robust_list(0x555555b305e0, 24) = 0 [pid 5240] chdir("./79") = 0 [pid 5240] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5240] setpgid(0, 0) = 0 [pid 5240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5240] write(3, "1000", 4) = 4 [pid 5240] close(3) = 0 [pid 5240] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5240] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5240] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5240] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5241 attached , parent_tid=[5241], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5241 [pid 5240] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5240] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5241] memfd_create("syzkaller", 0) = 3 [pid 5241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5241] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5241] munmap(0x7f2aed789000, 1048576) = 0 [pid 5241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 64.791567][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5241] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5241] close(3) = 0 [pid 5241] mkdir("./file2", 0777) = 0 [pid 5241] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5241] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5241] chdir("./file2") = 0 [pid 5241] ioctl(4, LOOP_CLR_FD) = 0 [pid 5241] close(4) = 0 [pid 5241] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... futex resumed>) = 0 [pid 5241] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5241] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... futex resumed>) = 1 [pid 5241] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5241] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... futex resumed>) = 1 [pid 5241] ftruncate(5, 33587199) = 0 [pid 5241] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... futex resumed>) = 1 [pid 5241] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5241] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5241] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5240] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5240] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... futex resumed>) = 0 [pid 5241] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5241] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] <... futex resumed>) = 0 [pid 5240] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5241] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] <... futex resumed>) = 0 [pid 5240] exit_group(0) = ? [pid 5241] +++ exited with 0 +++ [pid 5240] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5240, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./79/binderfs") = 0 [ 64.841493][ T5241] loop0: detected capacity change from 0 to 2048 [ 64.853786][ T5242] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 64.871766][ T5241] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 64.882209][ T5241] Remounting filesystem read-only [ 64.902232][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 64.911189][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 64.917914][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 64.925281][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.934229][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.943210][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.952347][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 64.959032][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 64.966330][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 64.973606][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 64.980938][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 64.988274][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 64.995398][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./79/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./79/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5243 ./strace-static-x86_64: Process 5243 attached [pid 5243] set_robust_list(0x555555b305e0, 24) = 0 [pid 5243] chdir("./80") = 0 [pid 5243] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5243] setpgid(0, 0) = 0 [pid 5243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5243] write(3, "1000", 4) = 4 [pid 5243] close(3) = 0 [pid 5243] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5243] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5243] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5243] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5244 attached , parent_tid=[5244], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5244 [pid 5244] set_robust_list(0x7f2af5ba99e0, 24 [pid 5243] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5244] <... set_robust_list resumed>) = 0 [pid 5244] memfd_create("syzkaller", 0) = 3 [pid 5244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5244] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5244] munmap(0x7f2aed789000, 1048576) = 0 [pid 5244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 65.002747][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.011686][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.020590][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5244] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5244] close(3) = 0 [pid 5244] mkdir("./file2", 0777) = 0 [pid 5244] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5244] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5244] chdir("./file2") = 0 [pid 5244] ioctl(4, LOOP_CLR_FD) = 0 [pid 5244] close(4) = 0 [pid 5244] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5243] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5244] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5244] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] ftruncate(5, 33587199) = 0 [pid 5244] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 65.073941][ T5244] loop0: detected capacity change from 0 to 2048 [ 65.086899][ T5245] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 65.109484][ T5244] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [pid 5244] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5244] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] <... futex resumed>) = 1 [pid 5244] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5244] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] <... futex resumed>) = 1 [pid 5244] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5244] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] <... futex resumed>) = 0 [pid 5243] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5244] <... futex resumed>) = 1 [pid 5244] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5244] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] <... futex resumed>) = 0 [pid 5243] exit_group(0) = ? [pid 5244] <... futex resumed>) = ? [pid 5244] +++ exited with 0 +++ [pid 5243] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5243, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./80/binderfs") = 0 [ 65.119529][ T5244] Remounting filesystem read-only [ 65.156082][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 65.164956][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 65.171898][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 65.179235][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.188117][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.196987][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.205959][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 65.212657][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 65.220047][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 65.227373][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 65.234658][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 65.241987][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 65.249015][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./80/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./80/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5246 ./strace-static-x86_64: Process 5246 attached [pid 5246] set_robust_list(0x555555b305e0, 24) = 0 [pid 5246] chdir("./81") = 0 [pid 5246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5246] setpgid(0, 0) = 0 [pid 5246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5246] write(3, "1000", 4) = 4 [pid 5246] close(3) = 0 [pid 5246] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5246] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5246] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5246] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5247 attached [pid 5247] set_robust_list(0x7f2af5ba99e0, 24 [pid 5246] <... clone resumed>, parent_tid=[5247], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5247 [pid 5247] <... set_robust_list resumed>) = 0 [pid 5247] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5246] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5246] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5247] memfd_create("syzkaller", 0) = 3 [pid 5247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5247] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5247] munmap(0x7f2aed789000, 1048576) = 0 [pid 5247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 65.256467][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.265309][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.274193][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5247] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5247] close(3) = 0 [pid 5247] mkdir("./file2", 0777) = 0 [pid 5247] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5247] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5247] chdir("./file2") = 0 [pid 5247] ioctl(4, LOOP_CLR_FD) = 0 [pid 5247] close(4) = 0 [pid 5247] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5247] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000 [pid 5246] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... open resumed>) = 4 [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5247] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5246] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... open resumed>) = 5 [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5247] ftruncate(5, 33587199 [pid 5246] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... ftruncate resumed>) = 0 [pid 5246] <... futex resumed>) = 0 [pid 5247] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] <... futex resumed>) = 0 [pid 5246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5247] sendfile(4, 5, NULL, 281474978811908 [pid 5246] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5247] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5247] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5247] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5246] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5246] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5247] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5246] <... futex resumed>) = 0 [pid 5246] exit_group(0) = ? [pid 5247] +++ exited with 0 +++ [pid 5246] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5246, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./81/binderfs") = 0 [ 65.332646][ T5247] loop0: detected capacity change from 0 to 2048 [ 65.346159][ T5248] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 65.358894][ T5247] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 65.370598][ T5247] Remounting filesystem read-only [ 65.389582][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 65.398644][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 65.405299][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 65.412997][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.422129][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.431004][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.440008][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 65.446703][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 65.454002][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 65.461314][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 65.468640][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 65.476427][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 umount2("./81/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./81/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5249 ./strace-static-x86_64: Process 5249 attached [pid 5249] set_robust_list(0x555555b305e0, 24) = 0 [pid 5249] chdir("./82") = 0 [pid 5249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5249] setpgid(0, 0) = 0 [pid 5249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5249] write(3, "1000", 4) = 4 [pid 5249] close(3) = 0 [pid 5249] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5249] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5249] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5249] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5250 attached , parent_tid=[5250], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5250 [pid 5250] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5250] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5249] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5250] memfd_create("syzkaller", 0 [pid 5249] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5250] <... memfd_create resumed>) = 3 [pid 5250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5250] munmap(0x7f2aed789000, 1048576) = 0 [pid 5250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 65.483380][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 65.490734][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.499638][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.508540][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5250] close(3) = 0 [pid 5250] mkdir("./file2", 0777) = 0 [pid 5250] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5250] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5250] chdir("./file2") = 0 [pid 5250] ioctl(4, LOOP_CLR_FD) = 0 [pid 5250] close(4) = 0 [pid 5250] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5250] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... futex resumed>) = 1 [pid 5250] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5250] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... futex resumed>) = 1 [pid 5250] ftruncate(5, 33587199) = 0 [pid 5250] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... futex resumed>) = 1 [ 65.558374][ T5250] loop0: detected capacity change from 0 to 2048 [ 65.571923][ T5251] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 65.579332][ T5250] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 65.590091][ T27] kauditd_printk_skb: 32 callbacks suppressed [pid 5250] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5250] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... futex resumed>) = 1 [pid 5250] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5250] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... futex resumed>) = 1 [pid 5250] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5250] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... futex resumed>) = 0 [pid 5249] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5250] <... futex resumed>) = 1 [pid 5250] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5250] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... futex resumed>) = 0 [pid 5249] exit_group(0) = ? [pid 5250] <... futex resumed>) = ? [pid 5250] +++ exited with 0 +++ [pid 5249] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5249, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./82/binderfs") = 0 [ 65.590102][ T27] audit: type=1800 audit(1687313650.078:166): pid=5250 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 65.592793][ T5250] Remounting filesystem read-only [ 65.599656][ T27] audit: type=1800 audit(1687313650.078:167): pid=5250 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 65.646440][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 65.655303][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 65.662152][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 65.669464][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.678353][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.687214][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.696197][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 65.702856][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 65.710167][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 65.717529][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 65.724801][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 65.732136][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 65.739195][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 65.746517][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 umount2("./82/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./82/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b305d0) = 5252 ./strace-static-x86_64: Process 5252 attached [pid 5252] set_robust_list(0x555555b305e0, 24) = 0 [pid 5252] chdir("./83") = 0 [pid 5252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5252] setpgid(0, 0) = 0 [pid 5252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5252] write(3, "1000", 4) = 4 [pid 5252] close(3) = 0 [pid 5252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5252] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5252] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5252] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5253], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5253 [pid 5252] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5253 attached [pid 5253] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5253] memfd_create("syzkaller", 0) = 3 [pid 5253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5253] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5253] munmap(0x7f2aed789000, 1048576) = 0 [pid 5253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 65.755388][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.764277][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5253] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5253] close(3) = 0 [pid 5253] mkdir("./file2", 0777) = 0 [pid 5253] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5253] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5253] chdir("./file2") = 0 [pid 5253] ioctl(4, LOOP_CLR_FD) = 0 [pid 5253] close(4) = 0 [pid 5253] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] <... futex resumed>) = 0 [pid 5252] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... futex resumed>) = 0 [ 65.802588][ T5253] loop0: detected capacity change from 0 to 2048 [ 65.817066][ T5254] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5253] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5253] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5253] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5252] <... futex resumed>) = 0 [pid 5253] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5252] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... open resumed>) = 5 [pid 5253] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5252] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... futex resumed>) = 1 [pid 5253] ftruncate(5, 33587199) = 0 [pid 5253] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5252] <... futex resumed>) = 0 [pid 5252] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... futex resumed>) = 1 [pid 5253] sendfile(4, 5, NULL, 281474978811908) = -1 EIO (Input/output error) [pid 5253] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5252] <... futex resumed>) = 0 [pid 5252] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] <... futex resumed>) = 0 [pid 5253] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = -1 EROFS (Read-only file system) [pid 5253] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5252] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] write(-1, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512) = -1 EBADF (Bad file descriptor) [pid 5253] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5252] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5253] write(-1, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = -1 EBADF (Bad file descriptor) [pid 5253] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] <... futex resumed>) = 0 [pid 5252] exit_group(0) = ? [pid 5253] +++ exited with 0 +++ [pid 5252] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5252, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555b31620 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./83/binderfs") = 0 [ 65.835616][ T27] audit: type=1800 audit(1687313650.338:168): pid=5253 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 65.858867][ T27] audit: type=1800 audit(1687313650.368:169): pid=5253 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 65.868067][ T5253] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 65.890097][ T5253] Remounting filesystem read-only [ 65.907192][ T4999] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 65.916155][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 65.922845][ T4999] NILFS (loop0): discard dirty block: blocknr=18, size=1024 [ 65.930195][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.939081][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.947983][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.957005][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 65.963664][ T4999] NILFS (loop0): discard dirty block: blocknr=35, size=1024 [ 65.971014][ T4999] NILFS (loop0): discard dirty block: blocknr=36, size=1024 [ 65.978342][ T4999] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 65.985635][ T4999] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 65.993040][ T4999] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 66.000017][ T4999] NILFS (loop0): discard dirty block: blocknr=39, size=1024 umount2("./83/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./83/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555b39660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555b39660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file2") = 0 getdents64(3, 0x555555b31620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5255 attached [pid 5255] set_robust_list(0x555555b305e0, 24) = 0 [pid 5255] chdir("./84" [pid 4999] <... clone resumed>, child_tidptr=0x555555b305d0) = 5255 [pid 5255] <... chdir resumed>) = 0 [pid 5255] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5255] setpgid(0, 0) = 0 [pid 5255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5255] write(3, "1000", 4) = 4 [pid 5255] close(3) = 0 [pid 5255] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5255] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2af5b89000 [pid 5255] mprotect(0x7f2af5b8a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5255] clone(child_stack=0x7f2af5ba93f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5256], tls=0x7f2af5ba9700, child_tidptr=0x7f2af5ba99d0) = 5256 [pid 5255] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5256 attached [pid 5256] set_robust_list(0x7f2af5ba99e0, 24) = 0 [pid 5256] memfd_create("syzkaller", 0) = 3 [pid 5256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2aed789000 [pid 5256] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5256] munmap(0x7f2aed789000, 1048576) = 0 [pid 5256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 66.007346][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.016448][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.025305][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5256] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5256] close(3) = 0 [pid 5256] mkdir("./file2", 0777) = 0 [pid 5256] mount("/dev/loop0", "./file2", "nilfs2", MS_I_VERSION, "") = 0 [pid 5256] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5256] chdir("./file2") = 0 [pid 5256] ioctl(4, LOOP_CLR_FD) = 0 [pid 5256] close(4) = 0 [pid 5256] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... futex resumed>) = 1 [pid 5256] open("./file2", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC, 000) = 4 [pid 5256] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... futex resumed>) = 1 [ 66.081204][ T5256] loop0: detected capacity change from 0 to 2048 [ 66.093558][ T5257] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 66.106475][ T27] audit: type=1800 audit(1687313650.598:170): pid=5256 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="file2" dev="loop0" ino=16 res=0 errno=0 [pid 5256] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5 [pid 5256] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... futex resumed>) = 1 [pid 5256] ftruncate(5, 33587199) = 0 [pid 5256] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... futex resumed>) = 1 [pid 5256] sendfile(4, 5, NULL, 281474978811908 [pid 5255] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5255] futex(0x7f2af5c837bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2aed868000 [pid 5255] mprotect(0x7f2aed869000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5255] clone(child_stack=0x7f2aed8883f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5258], tls=0x7f2aed888700, child_tidptr=0x7f2aed8889d0) = 5258 [pid 5255] futex(0x7f2af5c837b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5255] futex(0x7f2af5c837bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5258 attached [pid 5258] set_robust_list(0x7f2aed8889e0, 24) = 0 [pid 5258] open("./file0", O_RDWR|O_CREAT|O_EXCL|O_DIRECT, 000) = 6 [ 66.107468][ T5256] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 66.137480][ T27] audit: type=1800 audit(1687313650.618:171): pid=5256 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 66.159774][ T5256] Remounting filesystem read-only [pid 5258] futex(0x7f2af5c837bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... sendfile resumed>) = -1 EIO (Input/output error) [pid 5256] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] <... futex resumed>) = 0 [pid 5255] futex(0x7f2af5c837a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] futex(0x7f2af5c837ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5256] <... futex resumed>) = 0 [pid 5256] write(6, "\x34\xfd\x98\xaa\x1d\x0e\x7a\xde\xc9\x37\xa5\xf3\x31\xa7\x5f\x48\x79\x34\xf5\x02\x42\xa0\x75\x19\x44\x93\x69\x72\x89\x6c\x29\xa5\x06\x8c\x8e\xcb\xa1\xaa\x0a\x4e\x2a\x63\x1b\x51\x80\xe1\xfb\xde\x79\xf4\x50\x2d\xc4\xc4\xa1\xfb\xa9\xdc\xd9\xed\x83\xe6\x39\xae\xfa\x1b\x87\x63\x1c\x33\xd1\xa8\x2c\xb0\xc0\x03\x56\x76\xdd\xfe\xb0\xfe\x79\x84\xd7\x51\x9b\x0f\x83\x9d\x49\x7f\xc9\xd6\x4e\xf1\x4d\x1d\xe2\x22"..., 512 [pid 5258] <... futex resumed>) = 1 [pid 5258] futex(0x7f2af5c837b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5255] futex(0x7f2af5c837b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] futex(0x7f2af5c837bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] <... futex resumed>) = 0 [ 66.159947][ T27] audit: type=1800 audit(1687313650.668:172): pid=5258 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor334" name="file0" dev="loop0" ino=19 res=0 errno=0 [ 66.181073][ T5256] NILFS (loop0): discard dirty page: offset=0, ino=19 [ 66.192584][ T5256] NILFS (loop0): discard dirty block: blocknr=0, size=1024 [ 66.199821][ T5256] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.208694][ T5256] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.217590][ T5256] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5258] write(6, "\x16\x00\x00\x00\x98\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x30\x00\x00\x00\x1b\x00\x7f\xff\x00\x00\x60\x00\x95\xa0\x91\xf4\x74\xa7\xff\x3e\x35\x65\x73\x26\x68\x1e\x04\xee\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x3f\x01\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160 [pid 5256] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5256] futex(0x7f2af5c837ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.226797][ T5258] NILFS (loop0): nilfs_get_block (ino=19): a race condition while inserting a data block at offset=0 [ 66.238023][ T5258] ------------[ cut here ]------------ [ 66.243476][ T5258] kernel BUG at fs/buffer.c:2741! [ 66.248595][ T5258] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 66.254663][ T5258] CPU: 0 PID: 5258 Comm: syz-executor334 Not tainted 6.4.0-rc7-syzkaller-00019-g99ec1ed7c2ed #0 [ 66.265062][ T5258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 66.275118][ T5258] RIP: 0010:submit_bh_wbc+0x519/0x650 [ 66.280510][ T5258] Code: 83 fd 01 0f 85 a6 fc ff ff e8 03 a1 8d ff be 08 00 00 00 48 89 df e8 d6 72 e0 ff f0 80 63 01 fb e9 8a fc ff ff e8 e7 a0 8d ff <0f> 0b e8 e0 a0 8d ff 0f 0b e8 d9 a0 8d ff 0f 0b e8 d2 a0 8d ff 0f [ 66.300126][ T5258] RSP: 0018:ffffc90003fcf9a8 EFLAGS: 00010293 [ 66.306183][ T5258] RAX: 0000000000000000 RBX: ffff888071c78488 RCX: 0000000000000000 [ 66.314138][ T5258] RDX: ffff88802b83d940 RSI: ffffffff81f6a5f9 RDI: 0000000000000001 [ 66.322094][ T5258] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 66.330050][ T5258] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 [ 66.338021][ T5258] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 66.345985][ T5258] FS: 00007f2aed888700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 66.354906][ T5258] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 66.361649][ T5258] CR2: 00007f2af5baa000 CR3: 000000002a024000 CR4: 0000000000350ef0 [ 66.369607][ T5258] Call Trace: [ 66.372920][ T5258] [ 66.375861][ T5258] ? die+0x32/0x90 [ 66.379596][ T5258] ? do_trap+0x1b2/0x3f0 [ 66.383835][ T5258] ? submit_bh_wbc+0x519/0x650 [ 66.388604][ T5258] ? submit_bh_wbc+0x519/0x650 [ 66.393367][ T5258] ? do_error_trap+0xb1/0x170 [ 66.398041][ T5258] ? submit_bh_wbc+0x519/0x650 [ 66.402802][ T5258] ? handle_invalid_op+0x2c/0x30 [ 66.407739][ T5258] ? submit_bh_wbc+0x519/0x650 [ 66.412595][ T5258] ? exc_invalid_op+0x2f/0x50 [ 66.417284][ T5258] ? asm_exc_invalid_op+0x1a/0x20 [ 66.422313][ T5258] ? submit_bh_wbc+0x519/0x650 [ 66.427079][ T5258] ? submit_bh_wbc+0x519/0x650 [ 66.431842][ T5258] ? submit_bh_wbc+0x519/0x650 [ 66.436610][ T5258] __bh_read+0xa7/0x1f0 [ 66.440758][ T5258] __block_write_begin_int+0x11d6/0x14b0 [ 66.446385][ T5258] ? __nilfs_mark_inode_dirty+0x240/0x240 [ 66.452105][ T5258] ? invalidate_bh_lrus_cpu+0x140/0x140 [ 66.457638][ T5258] ? folio_flags.constprop.0+0x53/0x150 [ 66.463208][ T5258] ? __nilfs_mark_inode_dirty+0x240/0x240 [ 66.468938][ T5258] block_write_begin+0xb9/0x4d0 [ 66.473786][ T5258] nilfs_write_begin+0xa0/0x1a0 [ 66.478639][ T5258] generic_perform_write+0x256/0x570 [ 66.483969][ T5258] ? generic_file_readonly_mmap+0x180/0x180 [ 66.489869][ T5258] ? iov_iter_revert+0x1c/0x60 [ 66.494629][ T5258] ? generic_file_direct_write+0x170/0x560 [ 66.500433][ T5258] __generic_file_write_iter+0x39d/0x500 [ 66.506068][ T5258] generic_file_write_iter+0xe3/0x350 [ 66.511523][ T5258] vfs_write+0x945/0xd50 [ 66.515750][ T5258] ? kernel_write+0x670/0x670 [ 66.520414][ T5258] ? recalc_sigpending_tsk+0x18b/0x1d0 [ 66.525868][ T5258] ksys_write+0x12b/0x250 [ 66.530220][ T5258] ? __ia32_sys_read+0xb0/0xb0 [ 66.534994][ T5258] ? lockdep_hardirqs_on+0x7d/0x100 [ 66.540188][ T5258] ? _raw_spin_unlock_irq+0x2e/0x50 [ 66.545381][ T5258] ? ptrace_notify+0xfe/0x140 [ 66.550056][ T5258] do_syscall_64+0x39/0xb0 [ 66.554458][ T5258] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 66.560356][ T5258] RIP: 0033:0x7f2af5bfdcd9 [ 66.564771][ T5258] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 66.584367][ T5258] RSP: 002b:00007f2aed8882f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 66.592764][ T5258] RAX: ffffffffffffffda RBX: 00007f2af5c837b0 RCX: 00007f2af5bfdcd9 [ 66.600722][ T5258] RDX: 00000000000000a0 RSI: 0000000020000380 RDI: 0000000000000006 [ 66.608674][ T5258] RBP: 00007f2af5c4fd1c R08: 00000000ffffff7f R09: 0000000000000000 [ 66.616629][ T5258] R10: 000000000000001b R11: 0000000000000246 R12: 00007f2af5c4fb18 [ 66.624605][ T5258] R13: 3f00000000000000 R14: 0400000000000000 R15: 00007f2af5c837b8 [pid 5256] futex(0x7f2af5c837a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5255] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 66.632590][ T5258] [ 66.635600][ T5258] Modules linked in: [ 66.641823][ T5258] ---[ end trace 0000000000000000 ]--- [ 66.647379][ T5258] RIP: 0010:submit_bh_wbc+0x519/0x650 [ 66.652821][ T5258] Code: 83 fd 01 0f 85 a6 fc ff ff e8 03 a1 8d ff be 08 00 00 00 48 89 df e8 d6 72 e0 ff f0 80 63 01 fb e9 8a fc ff ff e8 e7 a0 8d ff <0f> 0b e8 e0 a0 8d ff 0f 0b e8 d9 a0 8d ff 0f 0b e8 d2 a0 8d ff 0f [ 66.672670][ T5258] RSP: 0018:ffffc90003fcf9a8 EFLAGS: 00010293 [ 66.678793][ T5258] RAX: 0000000000000000 RBX: ffff888071c78488 RCX: 0000000000000000 [ 66.686791][ T5258] RDX: ffff88802b83d940 RSI: ffffffff81f6a5f9 RDI: 0000000000000001 [ 66.694746][ T5258] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 66.702751][ T5258] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 [ 66.710744][ T5258] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 66.718736][ T5258] FS: 00007f2aed888700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 66.727717][ T5258] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 66.734285][ T5258] CR2: 00007f2af5c40f40 CR3: 000000002a024000 CR4: 0000000000350ef0 [ 66.742327][ T5258] Kernel panic - not syncing: Fatal exception [ 66.749274][ T5258] Kernel Offset: disabled [ 66.753579][ T5258] Rebooting in 86400 seconds..