./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor125882028 <...> Warning: Permanently added '10.128.0.212' (ED25519) to the list of known hosts. execve("./syz-executor125882028", ["./syz-executor125882028"], 0x7ffc36be0e20 /* 10 vars */) = 0 brk(NULL) = 0x5555794b1000 brk(0x5555794b1d00) = 0x5555794b1d00 arch_prctl(ARCH_SET_FS, 0x5555794b1380) = 0 set_tid_address(0x5555794b1650) = 5844 set_robust_list(0x5555794b1660, 24) = 0 rseq(0x5555794b1ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor125882028", 4096) = 27 getrandom("\x56\x61\xfe\x88\xa8\x78\x1f\xba", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555794b1d00 brk(0x5555794d2d00) = 0x5555794d2d00 brk(0x5555794d3000) = 0x5555794d3000 mprotect(0x7fae3e5d3000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.kbJivS", 0700) = 0 chmod("./syzkaller.kbJivS", 0777) = 0 chdir("./syzkaller.kbJivS") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5845 attached , child_tidptr=0x5555794b1650) = 5845 [pid 5845] set_robust_list(0x5555794b1660, 24) = 0 [pid 5845] chdir("./0") = 0 [pid 5845] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5845] setpgid(0, 0) = 0 [pid 5845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5845] write(3, "1000", 4) = 4 [pid 5845] close(3) = 0 [pid 5845] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5845] write(1, "executing program\n", 18) = 18 [pid 5845] memfd_create("syzkaller", 0) = 3 [pid 5845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5845] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5845] munmap(0x7fae36000000, 138412032) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5845] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5845] close(3) = 0 [pid 5845] close(4) = 0 [pid 5845] mkdir("./file1", 0777) = 0 [ 92.371933][ T5845] loop0: detected capacity change from 0 to 2048 [pid 5845] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5845] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5845] chdir("./file1") = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 92.439138][ T5845] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5845] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5845] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5845] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5845] exit_group(0) = ? [pid 5845] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5845, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 92.501923][ T5845] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap unlink("./0/binderfs") = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5850 attached , child_tidptr=0x5555794b1650) = 5850 [pid 5850] set_robust_list(0x5555794b1660, 24) = 0 [pid 5850] chdir("./1") = 0 [pid 5850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5850] setpgid(0, 0) = 0 [ 92.568916][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5850] write(3, "1000", 4) = 4 [pid 5850] close(3) = 0 [pid 5850] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5850] write(1, "executing program\n", 18) = 18 [pid 5850] memfd_create("syzkaller", 0) = 3 [pid 5850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5850] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5850] munmap(0x7fae36000000, 138412032) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5850] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5850] close(3) = 0 [pid 5850] close(4) = 0 [pid 5850] mkdir("./file1", 0777) = 0 [ 92.658591][ T5850] loop0: detected capacity change from 0 to 2048 [pid 5850] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5850] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5850] chdir("./file1") = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 92.747047][ T5850] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 92.784587][ T5850] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap [pid 5850] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5850] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5850] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5850] exit_group(0) = ? [pid 5850] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5850, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5853 attached [pid 5853] set_robust_list(0x5555794b1660, 24 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 5853 [pid 5853] <... set_robust_list resumed>) = 0 [pid 5853] chdir("./2") = 0 [pid 5853] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5853] setpgid(0, 0) = 0 [ 92.884823][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5853] write(3, "1000", 4) = 4 [pid 5853] close(3) = 0 [pid 5853] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5853] write(1, "executing program\n", 18) = 18 [pid 5853] memfd_create("syzkaller", 0) = 3 [pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5853] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5853] munmap(0x7fae36000000, 138412032) = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5853] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5853] close(3) = 0 [pid 5853] close(4) = 0 [pid 5853] mkdir("./file1", 0777) = 0 [ 93.002960][ T5853] loop0: detected capacity change from 0 to 2048 [pid 5853] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5853] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5853] chdir("./file1") = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 93.066637][ T5853] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5853] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5853] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5853] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5853] exit_group(0) = ? [pid 5853] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5853, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 93.113801][ T5853] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5856 attached [pid 5856] set_robust_list(0x5555794b1660, 24 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 5856 [pid 5856] <... set_robust_list resumed>) = 0 [pid 5856] chdir("./3") = 0 [pid 5856] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5856] setpgid(0, 0) = 0 [pid 5856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5856] write(3, "1000", 4) = 4 [pid 5856] close(3executing program ) = 0 [pid 5856] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5856] write(1, "executing program\n", 18) = 18 [ 93.159050][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5856] memfd_create("syzkaller", 0) = 3 [pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5856] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5856] munmap(0x7fae36000000, 138412032) = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5856] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5856] close(3) = 0 [pid 5856] close(4) = 0 [pid 5856] mkdir("./file1", 0777) = 0 [ 93.267462][ T5856] loop0: detected capacity change from 0 to 2048 [pid 5856] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5856] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5856] chdir("./file1") = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 93.326073][ T5856] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5856] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5856] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5856] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5856] exit_group(0) = ? [pid 5856] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5856, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 93.369469][ T5856] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5859 attached , child_tidptr=0x5555794b1650) = 5859 [pid 5859] set_robust_list(0x5555794b1660, 24) = 0 [pid 5859] chdir("./4") = 0 [pid 5859] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5859] setpgid(0, 0) = 0 [pid 5859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5859] write(3, "1000", 4) = 4 [pid 5859] close(3) = 0 [pid 5859] symlink("/dev/binderfs", "./binderfs") = 0 [ 93.517817][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. executing program [pid 5859] write(1, "executing program\n", 18) = 18 [pid 5859] memfd_create("syzkaller", 0) = 3 [pid 5859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5859] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5859] munmap(0x7fae36000000, 138412032) = 0 [pid 5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5859] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5859] close(3) = 0 [pid 5859] close(4) = 0 [pid 5859] mkdir("./file1", 0777) = 0 [ 93.625627][ T5859] loop0: detected capacity change from 0 to 2048 [pid 5859] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5859] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5859] chdir("./file1") = 0 [pid 5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5859] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5859] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5859] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5859] exit_group(0) = ? [pid 5859] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5859, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 93.665847][ T5859] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 93.682432][ T5859] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5862 attached [pid 5862] set_robust_list(0x5555794b1660, 24 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 5862 [pid 5862] <... set_robust_list resumed>) = 0 [pid 5862] chdir("./5") = 0 [ 93.773009][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5862] setpgid(0, 0) = 0 [pid 5862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5862] write(3, "1000", 4) = 4 [pid 5862] close(3) = 0 [pid 5862] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5862] write(1, "executing program\n", 18) = 18 [pid 5862] memfd_create("syzkaller", 0) = 3 [pid 5862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5862] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5862] munmap(0x7fae36000000, 138412032) = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5862] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5862] close(3) = 0 [pid 5862] close(4) = 0 [pid 5862] mkdir("./file1", 0777) = 0 [ 93.877693][ T5862] loop0: detected capacity change from 0 to 2048 [pid 5862] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5862] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5862] chdir("./file1") = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 93.918795][ T5862] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5862] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5862] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5862] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5862] exit_group(0) = ? [pid 5862] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5862, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 93.976130][ T5862] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5865 attached , child_tidptr=0x5555794b1650) = 5865 [pid 5865] set_robust_list(0x5555794b1660, 24) = 0 [pid 5865] chdir("./6") = 0 [pid 5865] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5865] setpgid(0, 0) = 0 [ 94.103619][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5865] write(3, "1000", 4) = 4 [pid 5865] close(3) = 0 [pid 5865] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5865] write(1, "executing program\n", 18) = 18 [pid 5865] memfd_create("syzkaller", 0) = 3 [pid 5865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5865] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5865] munmap(0x7fae36000000, 138412032) = 0 [pid 5865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5865] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5865] close(3) = 0 [pid 5865] close(4) = 0 [pid 5865] mkdir("./file1", 0777) = 0 [ 94.247061][ T5865] loop0: detected capacity change from 0 to 2048 [pid 5865] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5865] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5865] chdir("./file1") = 0 [pid 5865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 94.285884][ T5865] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5865] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5865] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5865] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5865] exit_group(0) = ? [pid 5865] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5865, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 94.339893][ T5865] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5868 attached , child_tidptr=0x5555794b1650) = 5868 [pid 5868] set_robust_list(0x5555794b1660, 24) = 0 [pid 5868] chdir("./7") = 0 [pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 94.485258][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5868] setpgid(0, 0) = 0 [pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5868] write(3, "1000", 4) = 4 [pid 5868] close(3) = 0 [pid 5868] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5868] write(1, "executing program\n", 18executing program ) = 18 [pid 5868] memfd_create("syzkaller", 0) = 3 [pid 5868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5868] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5868] munmap(0x7fae36000000, 138412032) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5868] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5868] close(3) = 0 [pid 5868] close(4) = 0 [pid 5868] mkdir("./file1", 0777) = 0 [ 94.584802][ T5868] loop0: detected capacity change from 0 to 2048 [pid 5868] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5868] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5868] chdir("./file1") = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5868] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5868] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5868] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5868] exit_group(0) = ? [pid 5868] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5868, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 94.635932][ T5868] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 94.660357][ T5868] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5871 attached , child_tidptr=0x5555794b1650) = 5871 [pid 5871] set_robust_list(0x5555794b1660, 24) = 0 [pid 5871] chdir("./8") = 0 [pid 5871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5871] setpgid(0, 0) = 0 [pid 5871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5871] write(3, "1000", 4) = 4 [pid 5871] close(3) = 0 [ 94.704363][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5871] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5871] write(1, "executing program\n", 18) = 18 [pid 5871] memfd_create("syzkaller", 0) = 3 [pid 5871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5871] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5871] munmap(0x7fae36000000, 138412032) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5871] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5871] close(3) = 0 [pid 5871] close(4) = 0 [pid 5871] mkdir("./file1", 0777) = 0 [ 94.822997][ T5871] loop0: detected capacity change from 0 to 2048 [pid 5871] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5871] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5871] chdir("./file1") = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 94.897229][ T5871] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5871] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5871] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5871] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [ 94.954842][ T5871] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap [pid 5871] exit_group(0) = ? [pid 5871] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5871, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 95.060741][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./8/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5875 attached , child_tidptr=0x5555794b1650) = 5875 [pid 5875] set_robust_list(0x5555794b1660, 24) = 0 [pid 5875] chdir("./9") = 0 [pid 5875] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5875] setpgid(0, 0) = 0 [pid 5875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5875] write(3, "1000", 4) = 4 [pid 5875] close(3) = 0 [pid 5875] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5875] write(1, "executing program\n", 18) = 18 [pid 5875] memfd_create("syzkaller", 0) = 3 [pid 5875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5875] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5875] munmap(0x7fae36000000, 138412032) = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5875] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5875] close(3) = 0 [pid 5875] close(4) = 0 [ 95.223503][ T5875] loop0: detected capacity change from 0 to 2048 [pid 5875] mkdir("./file1", 0777) = 0 [pid 5875] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5875] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5875] chdir("./file1") = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5875] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5875] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5875] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5875] exit_group(0) = ? [pid 5875] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5875, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 95.307515][ T5875] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 95.329112][ T5875] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 95.365018][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5878 attached [pid 5878] set_robust_list(0x5555794b1660, 24 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 5878 [pid 5878] <... set_robust_list resumed>) = 0 [pid 5878] chdir("./10") = 0 [pid 5878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5878] setpgid(0, 0) = 0 [pid 5878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5878] write(3, "1000", 4) = 4 [pid 5878] close(3) = 0 [pid 5878] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5878] write(1, "executing program\n", 18) = 18 [pid 5878] memfd_create("syzkaller", 0) = 3 [pid 5878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5878] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5878] munmap(0x7fae36000000, 138412032) = 0 [pid 5878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5878] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5878] close(3) = 0 [pid 5878] close(4) = 0 [pid 5878] mkdir("./file1", 0777) = 0 [ 95.585865][ T5878] loop0: detected capacity change from 0 to 2048 [pid 5878] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5878] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5878] chdir("./file1") = 0 [pid 5878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 95.636270][ T5878] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5878] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5878] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5878] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5878] exit_group(0) = ? [pid 5878] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5878, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 95.693325][ T5878] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5881 attached [pid 5881] set_robust_list(0x5555794b1660, 24) = 0 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 5881 [pid 5881] chdir("./11") = 0 [pid 5881] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5881] setpgid(0, 0) = 0 [pid 5881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5881] write(3, "1000", 4) = 4 [pid 5881] close(3) = 0 executing program [pid 5881] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5881] write(1, "executing program\n", 18) = 18 [pid 5881] memfd_create("syzkaller", 0) = 3 [pid 5881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [ 95.818438][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5881] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5881] munmap(0x7fae36000000, 138412032) = 0 [pid 5881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5881] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5881] close(3) = 0 [pid 5881] close(4) = 0 [pid 5881] mkdir("./file1", 0777) = 0 [ 95.909026][ T5881] loop0: detected capacity change from 0 to 2048 [pid 5881] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5881] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5881] chdir("./file1") = 0 [pid 5881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 95.975944][ T5881] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5881] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5881] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5881] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5881] exit_group(0) = ? [pid 5881] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5881, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 96.033213][ T5881] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 [ 96.153577][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5884 attached , child_tidptr=0x5555794b1650) = 5884 [pid 5884] set_robust_list(0x5555794b1660, 24) = 0 [pid 5884] chdir("./12") = 0 [pid 5884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5884] setpgid(0, 0) = 0 [pid 5884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5884] write(3, "1000", 4) = 4 [pid 5884] close(3) = 0 [pid 5884] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5884] write(1, "executing program\n", 18executing program ) = 18 [pid 5884] memfd_create("syzkaller", 0) = 3 [pid 5884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5884] munmap(0x7fae36000000, 138412032) = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5884] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5884] close(3) = 0 [pid 5884] close(4) = 0 [pid 5884] mkdir("./file1", 0777) = 0 [ 96.400914][ T5884] loop0: detected capacity change from 0 to 2048 [pid 5884] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5884] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5884] chdir("./file1") = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5884] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5884] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5884] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5884] exit_group(0) = ? [pid 5884] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5884, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [ 96.456870][ T5884] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 96.478337][ T5884] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 96.544461][ T962] cfg80211: failed to load regulatory.db getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5888 attached [pid 5888] set_robust_list(0x5555794b1660, 24 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 5888 [pid 5888] <... set_robust_list resumed>) = 0 [pid 5888] chdir("./13") = 0 [ 96.656150][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5888] setpgid(0, 0) = 0 [pid 5888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5888] write(3, "1000", 4) = 4 [pid 5888] close(3) = 0 [pid 5888] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5888] write(1, "executing program\n", 18) = 18 [pid 5888] memfd_create("syzkaller", 0) = 3 [pid 5888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5888] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5888] munmap(0x7fae36000000, 138412032) = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5888] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5888] close(3) = 0 [pid 5888] close(4) = 0 [pid 5888] mkdir("./file1", 0777) = 0 [ 96.807643][ T5888] loop0: detected capacity change from 0 to 2048 [pid 5888] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5888] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5888] chdir("./file1") = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 96.886588][ T5888] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5888] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5888] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5888] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5888] exit_group(0) = ? [pid 5888] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5888, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 96.929622][ T5888] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = 0 [ 97.053221][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5891 attached [pid 5891] set_robust_list(0x5555794b1660, 24 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 5891 [pid 5891] <... set_robust_list resumed>) = 0 [pid 5891] chdir("./14") = 0 [pid 5891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5891] setpgid(0, 0) = 0 [pid 5891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5891] write(3, "1000", 4) = 4 [pid 5891] close(3) = 0 [pid 5891] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5891] write(1, "executing program\n", 18executing program ) = 18 [pid 5891] memfd_create("syzkaller", 0) = 3 [pid 5891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5891] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5891] munmap(0x7fae36000000, 138412032) = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5891] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5891] close(3) = 0 [pid 5891] close(4) = 0 [pid 5891] mkdir("./file1", 0777) = 0 [ 97.244935][ T5891] loop0: detected capacity change from 0 to 2048 [pid 5891] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5891] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5891] chdir("./file1") = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5891] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5891] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5891] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5891] exit_group(0) = ? [pid 5891] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5891, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 97.296281][ T5891] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 97.330523][ T5891] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5894 attached [pid 5894] set_robust_list(0x5555794b1660, 24 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 5894 [pid 5894] <... set_robust_list resumed>) = 0 [pid 5894] chdir("./15") = 0 [pid 5894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5894] setpgid(0, 0) = 0 [pid 5894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 97.459984][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5894] write(3, "1000", 4) = 4 [pid 5894] close(3) = 0 [pid 5894] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5894] write(1, "executing program\n", 18) = 18 [pid 5894] memfd_create("syzkaller", 0) = 3 [pid 5894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5894] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5894] munmap(0x7fae36000000, 138412032) = 0 [pid 5894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5894] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5894] close(3) = 0 [pid 5894] close(4) = 0 [pid 5894] mkdir("./file1", 0777) = 0 [ 97.569222][ T5894] loop0: detected capacity change from 0 to 2048 [pid 5894] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5894] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5894] chdir("./file1") = 0 [pid 5894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 97.616035][ T5894] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5894] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5894] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5894] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5894] exit_group(0) = ? [pid 5894] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5894, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 97.662534][ T5894] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5897 attached [pid 5897] set_robust_list(0x5555794b1660, 24) = 0 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 5897 [pid 5897] chdir("./16") = 0 [pid 5897] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 97.811361][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5897] setpgid(0, 0) = 0 [pid 5897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5897] write(3, "1000", 4) = 4 [pid 5897] close(3) = 0 [pid 5897] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5897] write(1, "executing program\n", 18) = 18 [pid 5897] memfd_create("syzkaller", 0) = 3 [pid 5897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5897] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5897] munmap(0x7fae36000000, 138412032) = 0 [pid 5897] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5897] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5897] close(3) = 0 [pid 5897] close(4) = 0 [pid 5897] mkdir("./file1", 0777) = 0 [ 97.974989][ T5897] loop0: detected capacity change from 0 to 2048 [pid 5897] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5897] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5897] chdir("./file1") = 0 [pid 5897] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 98.025815][ T5897] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5897] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5897] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5897] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5897] exit_group(0) = ? [pid 5897] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5897, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 98.092428][ T5897] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 98.237541][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5900 attached [pid 5900] set_robust_list(0x5555794b1660, 24) = 0 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 5900 [pid 5900] chdir("./17") = 0 [pid 5900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5900] setpgid(0, 0) = 0 [pid 5900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5900] write(3, "1000", 4) = 4 [pid 5900] close(3) = 0 [pid 5900] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5900] write(1, "executing program\n", 18executing program ) = 18 [pid 5900] memfd_create("syzkaller", 0) = 3 [pid 5900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5900] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5900] munmap(0x7fae36000000, 138412032) = 0 [pid 5900] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5900] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5900] close(3) = 0 [pid 5900] close(4) = 0 [pid 5900] mkdir("./file1", 0777) = 0 [ 98.530691][ T5900] loop0: detected capacity change from 0 to 2048 [pid 5900] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5900] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5900] chdir("./file1") = 0 [pid 5900] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 98.587041][ T5900] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5900] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5900] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5900] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5900] exit_group(0) = ? [pid 5900] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5900, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [ 98.635341][ T5900] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555794b1650) = 5903 ./strace-static-x86_64: Process 5903 attached [pid 5903] set_robust_list(0x5555794b1660, 24) = 0 [ 98.792886][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5903] chdir("./18") = 0 [pid 5903] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5903] setpgid(0, 0) = 0 [pid 5903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5903] write(3, "1000", 4) = 4 [pid 5903] close(3) = 0 [pid 5903] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5903] write(1, "executing program\n", 18) = 18 [pid 5903] memfd_create("syzkaller", 0) = 3 [pid 5903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5903] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5903] munmap(0x7fae36000000, 138412032) = 0 [pid 5903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5903] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5903] close(3) = 0 [pid 5903] close(4) = 0 [pid 5903] mkdir("./file1", 0777) = 0 [ 98.910560][ T5903] loop0: detected capacity change from 0 to 2048 [pid 5903] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5903] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5903] chdir("./file1") = 0 [pid 5903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 98.965851][ T5903] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5903] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5903] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5903] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5903] exit_group(0) = ? [pid 5903] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5903, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 99.032237][ T5903] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 99.172007][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5906 attached [pid 5906] set_robust_list(0x5555794b1660, 24 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 5906 [pid 5906] <... set_robust_list resumed>) = 0 [pid 5906] chdir("./19") = 0 [pid 5906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5906] setpgid(0, 0) = 0 [pid 5906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5906] write(3, "1000", 4) = 4 [pid 5906] close(3) = 0 [pid 5906] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5906] write(1, "executing program\n", 18executing program ) = 18 [pid 5906] memfd_create("syzkaller", 0) = 3 [pid 5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5906] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5906] munmap(0x7fae36000000, 138412032) = 0 [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5906] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5906] close(3) = 0 [pid 5906] close(4) = 0 [pid 5906] mkdir("./file1", 0777) = 0 [ 99.418222][ T5906] loop0: detected capacity change from 0 to 2048 [pid 5906] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5906] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5906] chdir("./file1") = 0 [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 99.466023][ T5906] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5906] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5906] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5906] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5906] exit_group(0) = ? [pid 5906] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5906, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 99.519601][ T5906] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5909 attached , child_tidptr=0x5555794b1650) = 5909 [pid 5909] set_robust_list(0x5555794b1660, 24) = 0 [pid 5909] chdir("./20") = 0 [pid 5909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5909] setpgid(0, 0) = 0 [ 99.648207][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5909] write(3, "1000", 4) = 4 [pid 5909] close(3) = 0 [pid 5909] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5909] write(1, "executing program\n", 18executing program ) = 18 [pid 5909] memfd_create("syzkaller", 0) = 3 [pid 5909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5909] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5909] munmap(0x7fae36000000, 138412032) = 0 [pid 5909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5909] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5909] close(3) = 0 [pid 5909] close(4) = 0 [pid 5909] mkdir("./file1", 0777) = 0 [ 99.781956][ T5909] loop0: detected capacity change from 0 to 2048 [pid 5909] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5909] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5909] chdir("./file1") = 0 [pid 5909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 99.846888][ T5909] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5909] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5909] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5909] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5909] exit_group(0) = ? [pid 5909] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5909, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 99.894877][ T5909] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5913 attached [pid 5913] set_robust_list(0x5555794b1660, 24 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 5913 [pid 5913] <... set_robust_list resumed>) = 0 [ 100.027651][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5913] chdir("./21") = 0 [pid 5913] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5913] setpgid(0, 0) = 0 [pid 5913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5913] write(3, "1000", 4) = 4 [pid 5913] close(3) = 0 [pid 5913] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5913] write(1, "executing program\n", 18) = 18 [pid 5913] memfd_create("syzkaller", 0) = 3 [pid 5913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5913] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5913] munmap(0x7fae36000000, 138412032) = 0 [pid 5913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5913] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5913] close(3) = 0 [pid 5913] close(4) = 0 [pid 5913] mkdir("./file1", 0777) = 0 [ 100.130909][ T5913] loop0: detected capacity change from 0 to 2048 [pid 5913] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5913] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5913] chdir("./file1") = 0 [pid 5913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5913] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5913] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5913] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5913] exit_group(0) = ? [pid 5913] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5913, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [ 100.188397][ T5913] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 100.205824][ T5913] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 100.348445][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5916 attached [pid 5916] set_robust_list(0x5555794b1660, 24 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 5916 [pid 5916] <... set_robust_list resumed>) = 0 [pid 5916] chdir("./22") = 0 [pid 5916] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5916] setpgid(0, 0) = 0 [pid 5916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5916] write(3, "1000", 4) = 4 [pid 5916] close(3) = 0 [pid 5916] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5916] write(1, "executing program\n", 18) = 18 [pid 5916] memfd_create("syzkaller", 0) = 3 [pid 5916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5916] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5916] munmap(0x7fae36000000, 138412032) = 0 [pid 5916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5916] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5916] close(3) = 0 [pid 5916] close(4) = 0 [pid 5916] mkdir("./file1", 0777) = 0 [ 100.605742][ T5916] loop0: detected capacity change from 0 to 2048 [pid 5916] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5916] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5916] chdir("./file1") = 0 [pid 5916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 100.665840][ T5916] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5916] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5916] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5916] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5916] exit_group(0) = ? [pid 5916] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5916, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 100.722898][ T5916] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 100.867924][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5919 attached , child_tidptr=0x5555794b1650) = 5919 [pid 5919] set_robust_list(0x5555794b1660, 24) = 0 [pid 5919] chdir("./23") = 0 [pid 5919] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5919] setpgid(0, 0) = 0 [pid 5919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5919] write(3, "1000", 4) = 4 [pid 5919] close(3) = 0 [pid 5919] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5919] write(1, "executing program\n", 18executing program ) = 18 [pid 5919] memfd_create("syzkaller", 0) = 3 [pid 5919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5919] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5919] munmap(0x7fae36000000, 138412032) = 0 [pid 5919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5919] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5919] close(3) = 0 [pid 5919] close(4) = 0 [pid 5919] mkdir("./file1", 0777) = 0 [ 101.190297][ T5919] loop0: detected capacity change from 0 to 2048 [pid 5919] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5919] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5919] chdir("./file1") = 0 [pid 5919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 101.246102][ T5919] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5919] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5919] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5919] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5919] exit_group(0) = ? [pid 5919] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5919, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [ 101.290409][ T5919] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5922 attached , child_tidptr=0x5555794b1650) = 5922 [pid 5922] set_robust_list(0x5555794b1660, 24) = 0 [pid 5922] chdir("./24") = 0 [pid 5922] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5922] setpgid(0, 0) = 0 [pid 5922] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5922] write(3, "1000", 4) = 4 [pid 5922] close(3) = 0 [pid 5922] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5922] write(1, "executing program\n", 18) = 18 [pid 5922] memfd_create("syzkaller", 0) = 3 [pid 5922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [ 101.435159][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5922] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5922] munmap(0x7fae36000000, 138412032) = 0 [pid 5922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5922] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5922] close(3) = 0 [pid 5922] close(4) = 0 [pid 5922] mkdir("./file1", 0777) = 0 [pid 5922] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5922] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5922] chdir("./file1") = 0 [ 101.515100][ T5922] loop0: detected capacity change from 0 to 2048 [ 101.548831][ T5922] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5922] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5922] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5922] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5922] exit_group(0) = ? [pid 5922] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5922, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 101.605980][ T5922] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5925 attached [pid 5925] set_robust_list(0x5555794b1660, 24) = 0 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 5925 [pid 5925] chdir("./25") = 0 [pid 5925] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5925] setpgid(0, 0) = 0 [ 101.764666][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5925] write(3, "1000", 4) = 4 [pid 5925] close(3) = 0 [pid 5925] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5925] write(1, "executing program\n", 18) = 18 [pid 5925] memfd_create("syzkaller", 0) = 3 [pid 5925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5925] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5925] munmap(0x7fae36000000, 138412032) = 0 [pid 5925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5925] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5925] close(3) = 0 [pid 5925] close(4) = 0 [pid 5925] mkdir("./file1", 0777) = 0 [ 101.895386][ T5925] loop0: detected capacity change from 0 to 2048 [pid 5925] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5925] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5925] chdir("./file1") = 0 [pid 5925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5925] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5925] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5925] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5925] exit_group(0) = ? [pid 5925] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5925, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [ 101.945871][ T5925] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 101.983129][ T5925] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5928 attached , child_tidptr=0x5555794b1650) = 5928 [pid 5928] set_robust_list(0x5555794b1660, 24) = 0 [pid 5928] chdir("./26") = 0 [pid 5928] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5928] setpgid(0, 0) = 0 [pid 5928] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5928] write(3, "1000", 4) = 4 [pid 5928] close(3) = 0 [pid 5928] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5928] write(1, "executing program\n", 18executing program ) = 18 [pid 5928] memfd_create("syzkaller", 0) = 3 [ 102.115977][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5928] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5928] munmap(0x7fae36000000, 138412032) = 0 [pid 5928] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5928] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5928] close(3) = 0 [pid 5928] close(4) = 0 [pid 5928] mkdir("./file1", 0777) = 0 [ 102.217649][ T5928] loop0: detected capacity change from 0 to 2048 [pid 5928] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5928] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5928] chdir("./file1") = 0 [pid 5928] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 102.265970][ T5928] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5928] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5928] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5928] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5928] exit_group(0) = ? [pid 5928] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5928, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 102.332452][ T5928] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5931 attached [pid 5931] set_robust_list(0x5555794b1660, 24 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 5931 [pid 5931] <... set_robust_list resumed>) = 0 [ 102.470951][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5931] chdir("./27") = 0 [pid 5931] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5931] setpgid(0, 0) = 0 [pid 5931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5931] write(3, "1000", 4) = 4 [pid 5931] close(3) = 0 [pid 5931] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5931] write(1, "executing program\n", 18) = 18 [pid 5931] memfd_create("syzkaller", 0) = 3 [pid 5931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5931] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5931] munmap(0x7fae36000000, 138412032) = 0 [pid 5931] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5931] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5931] close(3) = 0 [pid 5931] close(4) = 0 [pid 5931] mkdir("./file1", 0777) = 0 [ 102.647317][ T5931] loop0: detected capacity change from 0 to 2048 [pid 5931] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5931] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5931] chdir("./file1") = 0 [pid 5931] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 102.707021][ T5931] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5931] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5931] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5931] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5931] exit_group(0) = ? [pid 5931] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5931, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 102.748214][ T5931] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5934 attached [ 102.857805][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. , child_tidptr=0x5555794b1650) = 5934 [pid 5934] set_robust_list(0x5555794b1660, 24) = 0 [pid 5934] chdir("./28") = 0 [pid 5934] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5934] setpgid(0, 0) = 0 [pid 5934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5934] write(3, "1000", 4) = 4 [pid 5934] close(3) = 0 [pid 5934] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5934] write(1, "executing program\n", 18) = 18 [pid 5934] memfd_create("syzkaller", 0) = 3 [pid 5934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5934] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5934] munmap(0x7fae36000000, 138412032) = 0 [pid 5934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5934] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5934] close(3) = 0 [pid 5934] close(4) = 0 [pid 5934] mkdir("./file1", 0777) = 0 [ 102.961446][ T5934] loop0: detected capacity change from 0 to 2048 [pid 5934] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5934] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5934] chdir("./file1") = 0 [pid 5934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 103.015920][ T5934] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5934] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5934] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5934] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5934] exit_group(0) = ? [pid 5934] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5934, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 103.062507][ T5934] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5937 attached [pid 5937] set_robust_list(0x5555794b1660, 24) = 0 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 5937 [pid 5937] chdir("./29") = 0 [pid 5937] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5937] setpgid(0, 0) = 0 [pid 5937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5937] write(3, "1000", 4) = 4 [ 103.181232][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5937] close(3) = 0 [pid 5937] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5937] write(1, "executing program\n", 18) = 18 [pid 5937] memfd_create("syzkaller", 0) = 3 [pid 5937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5937] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5937] munmap(0x7fae36000000, 138412032) = 0 [pid 5937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5937] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5937] close(3) = 0 [pid 5937] close(4) = 0 [pid 5937] mkdir("./file1", 0777) = 0 [ 103.274079][ T5937] loop0: detected capacity change from 0 to 2048 [pid 5937] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5937] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5937] chdir("./file1") = 0 [pid 5937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 103.326321][ T5937] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5937] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5937] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5937] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5937] exit_group(0) = ? [ 103.380724][ T5937] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap [pid 5937] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5937, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5940 attached , child_tidptr=0x5555794b1650) = 5940 [pid 5940] set_robust_list(0x5555794b1660, 24) = 0 [pid 5940] chdir("./30") = 0 [pid 5940] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5940] setpgid(0, 0) = 0 [pid 5940] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 103.523305][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5940] write(3, "1000", 4) = 4 [pid 5940] close(3) = 0 [pid 5940] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5940] write(1, "executing program\n", 18) = 18 [pid 5940] memfd_create("syzkaller", 0) = 3 [pid 5940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5940] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5940] munmap(0x7fae36000000, 138412032) = 0 [pid 5940] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5940] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5940] close(3) = 0 [pid 5940] close(4) = 0 [pid 5940] mkdir("./file1", 0777) = 0 [ 103.669788][ T5940] loop0: detected capacity change from 0 to 2048 [pid 5940] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5940] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5940] chdir("./file1") = 0 [pid 5940] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 103.716167][ T5940] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5940] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5940] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5940] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5940] exit_group(0) = ? [pid 5940] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5940, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 103.763233][ T5940] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 103.872514][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5943 attached [pid 5943] set_robust_list(0x5555794b1660, 24 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 5943 [pid 5943] <... set_robust_list resumed>) = 0 [pid 5943] chdir("./31") = 0 [pid 5943] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5943] setpgid(0, 0) = 0 [pid 5943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5943] write(3, "1000", 4) = 4 [pid 5943] close(3) = 0 [pid 5943] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5943] write(1, "executing program\n", 18) = 18 [pid 5943] memfd_create("syzkaller", 0) = 3 [pid 5943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5943] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5943] munmap(0x7fae36000000, 138412032) = 0 [pid 5943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5943] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5943] close(3) = 0 [pid 5943] close(4) = 0 [pid 5943] mkdir("./file1", 0777) = 0 [ 104.084516][ T5943] loop0: detected capacity change from 0 to 2048 [pid 5943] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5943] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5943] chdir("./file1") = 0 [pid 5943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 104.127701][ T5943] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5943] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5943] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5943] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5943] exit_group(0) = ? [pid 5943] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5943, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5946 attached , child_tidptr=0x5555794b1650) = 5946 [ 104.184002][ T5943] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap [ 104.224331][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5946] set_robust_list(0x5555794b1660, 24) = 0 [pid 5946] chdir("./32") = 0 [pid 5946] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5946] setpgid(0, 0) = 0 [pid 5946] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5946] write(3, "1000", 4) = 4 [pid 5946] close(3) = 0 [pid 5946] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5946] write(1, "executing program\n", 18executing program ) = 18 [pid 5946] memfd_create("syzkaller", 0) = 3 [pid 5946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5946] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5946] munmap(0x7fae36000000, 138412032) = 0 [pid 5946] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5946] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5946] close(3) = 0 [pid 5946] close(4) = 0 [pid 5946] mkdir("./file1", 0777) = 0 [pid 5946] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5946] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5946] chdir("./file1") = 0 [pid 5946] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 104.314420][ T5946] loop0: detected capacity change from 0 to 2048 [pid 5946] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5946] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5946] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5946] exit_group(0) = ? [pid 5946] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5946, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 104.371204][ T5946] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5949 attached , child_tidptr=0x5555794b1650) = 5949 [pid 5949] set_robust_list(0x5555794b1660, 24) = 0 [pid 5949] chdir("./33") = 0 [pid 5949] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5949] setpgid(0, 0) = 0 [pid 5949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5949] write(3, "1000", 4) = 4 [pid 5949] close(3) = 0 [pid 5949] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5949] write(1, "executing program\n", 18) = 18 [pid 5949] memfd_create("syzkaller", 0) = 3 [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5949] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5949] munmap(0x7fae36000000, 138412032) = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5949] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5949] close(3) = 0 [pid 5949] close(4) = 0 [pid 5949] mkdir("./file1", 0777) = 0 [ 104.580741][ T5949] loop0: detected capacity change from 0 to 2048 [pid 5949] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5949] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5949] chdir("./file1") = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5949] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5949] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5949] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5949] exit_group(0) = ? [pid 5949] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5949, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 104.690265][ T5949] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5952 attached , child_tidptr=0x5555794b1650) = 5952 [pid 5952] set_robust_list(0x5555794b1660, 24) = 0 [pid 5952] chdir("./34") = 0 [pid 5952] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5952] setpgid(0, 0) = 0 [pid 5952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5952] write(3, "1000", 4) = 4 [pid 5952] close(3) = 0 [pid 5952] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5952] write(1, "executing program\n", 18executing program ) = 18 [pid 5952] memfd_create("syzkaller", 0) = 3 [pid 5952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5952] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5952] munmap(0x7fae36000000, 138412032) = 0 [pid 5952] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5952] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5952] close(3) = 0 [pid 5952] close(4) = 0 [pid 5952] mkdir("./file1", 0777) = 0 [pid 5952] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [ 104.937701][ T5952] loop0: detected capacity change from 0 to 2048 [pid 5952] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5952] chdir("./file1") = 0 [pid 5952] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5952] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5952] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5952] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5952] exit_group(0) = ? [pid 5952] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5952, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 105.030281][ T5952] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5955 attached , child_tidptr=0x5555794b1650) = 5955 [pid 5955] set_robust_list(0x5555794b1660, 24) = 0 [pid 5955] chdir("./35") = 0 [pid 5955] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5955] setpgid(0, 0) = 0 [pid 5955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5955] write(3, "1000", 4) = 4 [pid 5955] close(3) = 0 [pid 5955] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5955] write(1, "executing program\n", 18executing program ) = 18 [pid 5955] memfd_create("syzkaller", 0) = 3 [pid 5955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5955] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5955] munmap(0x7fae36000000, 138412032) = 0 [pid 5955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5955] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5955] close(3) = 0 [pid 5955] close(4) = 0 [pid 5955] mkdir("./file1", 0777) = 0 [ 105.260136][ T5955] loop0: detected capacity change from 0 to 2048 [pid 5955] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5955] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5955] chdir("./file1") = 0 [pid 5955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5955] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5955] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5955] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5955] exit_group(0) = ? [pid 5955] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5955, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 105.330506][ T5955] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5958 attached , child_tidptr=0x5555794b1650) = 5958 [pid 5958] set_robust_list(0x5555794b1660, 24) = 0 [pid 5958] chdir("./36") = 0 [pid 5958] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5958] setpgid(0, 0) = 0 [pid 5958] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5958] write(3, "1000", 4) = 4 [pid 5958] close(3) = 0 [pid 5958] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5958] write(1, "executing program\n", 18) = 18 [pid 5958] memfd_create("syzkaller", 0) = 3 [pid 5958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5958] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5958] munmap(0x7fae36000000, 138412032) = 0 [pid 5958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5958] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5958] close(3) = 0 [pid 5958] close(4) = 0 [pid 5958] mkdir("./file1", 0777) = 0 [pid 5958] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5958] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 105.476169][ T5958] loop0: detected capacity change from 0 to 2048 [pid 5958] chdir("./file1") = 0 [pid 5958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5958] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5958] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5958] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5958] exit_group(0) = ? [pid 5958] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5958, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 105.541094][ T5958] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5962 attached [pid 5962] set_robust_list(0x5555794b1660, 24) = 0 [pid 5962] chdir("./37" [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 5962 [pid 5962] <... chdir resumed>) = 0 [pid 5962] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5962] setpgid(0, 0) = 0 [pid 5962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5962] write(3, "1000", 4) = 4 [pid 5962] close(3) = 0 [pid 5962] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5962] write(1, "executing program\n", 18) = 18 [pid 5962] memfd_create("syzkaller", 0) = 3 [pid 5962] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5962] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5962] munmap(0x7fae36000000, 138412032) = 0 [pid 5962] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5962] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5962] close(3) = 0 [pid 5962] close(4) = 0 [pid 5962] mkdir("./file1", 0777) = 0 [pid 5962] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5962] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5962] chdir("./file1") = 0 [pid 5962] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 105.781512][ T5962] loop0: detected capacity change from 0 to 2048 [pid 5962] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5962] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5962] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5962] exit_group(0) = ? [pid 5962] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5962, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 105.849703][ T5962] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5965 attached [pid 5965] set_robust_list(0x5555794b1660, 24) = 0 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 5965 [pid 5965] chdir("./38") = 0 [pid 5965] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5965] setpgid(0, 0) = 0 [pid 5965] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5965] write(3, "1000", 4) = 4 [pid 5965] close(3) = 0 [pid 5965] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5965] write(1, "executing program\n", 18executing program ) = 18 [pid 5965] memfd_create("syzkaller", 0) = 3 [pid 5965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5965] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5965] munmap(0x7fae36000000, 138412032) = 0 [pid 5965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5965] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5965] close(3) = 0 [pid 5965] close(4) = 0 [pid 5965] mkdir("./file1", 0777) = 0 [ 106.083337][ T5965] loop0: detected capacity change from 0 to 2048 [pid 5965] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5965] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5965] chdir("./file1") = 0 [pid 5965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5965] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5965] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5965] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5965] exit_group(0) = ? [pid 5965] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5965, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 106.161317][ T5965] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5968 attached , child_tidptr=0x5555794b1650) = 5968 [pid 5968] set_robust_list(0x5555794b1660, 24) = 0 [pid 5968] chdir("./39") = 0 [pid 5968] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5968] setpgid(0, 0) = 0 [pid 5968] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5968] write(3, "1000", 4) = 4 [pid 5968] close(3) = 0 [pid 5968] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5968] write(1, "executing program\n", 18executing program ) = 18 [pid 5968] memfd_create("syzkaller", 0) = 3 [pid 5968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5968] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5968] munmap(0x7fae36000000, 138412032) = 0 [pid 5968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5968] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5968] close(3) = 0 [pid 5968] close(4) = 0 [pid 5968] mkdir("./file1", 0777) = 0 [ 106.442285][ T5968] loop0: detected capacity change from 0 to 2048 [pid 5968] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5968] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5968] chdir("./file1") = 0 [pid 5968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5968] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5968] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5968] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5968] exit_group(0) = ? [pid 5968] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5968, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 106.541318][ T5968] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5971 attached , child_tidptr=0x5555794b1650) = 5971 [pid 5971] set_robust_list(0x5555794b1660, 24) = 0 [pid 5971] chdir("./40") = 0 [pid 5971] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5971] setpgid(0, 0) = 0 [pid 5971] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5971] write(3, "1000", 4) = 4 [pid 5971] close(3) = 0 [pid 5971] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5971] write(1, "executing program\n", 18) = 18 [pid 5971] memfd_create("syzkaller", 0) = 3 [pid 5971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5971] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5971] munmap(0x7fae36000000, 138412032) = 0 [pid 5971] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5971] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5971] close(3) = 0 [pid 5971] close(4) = 0 [pid 5971] mkdir("./file1", 0777) = 0 [ 106.759645][ T5971] loop0: detected capacity change from 0 to 2048 [pid 5971] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5971] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5971] chdir("./file1") = 0 [pid 5971] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5971] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5971] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5971] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5971] exit_group(0) = ? [pid 5971] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5971, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [ 106.849124][ T5971] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5974 attached , child_tidptr=0x5555794b1650) = 5974 [pid 5974] set_robust_list(0x5555794b1660, 24) = 0 [pid 5974] chdir("./41") = 0 [pid 5974] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5974] setpgid(0, 0) = 0 [pid 5974] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5974] write(3, "1000", 4) = 4 [pid 5974] close(3) = 0 [pid 5974] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5974] write(1, "executing program\n", 18executing program ) = 18 [pid 5974] memfd_create("syzkaller", 0) = 3 [pid 5974] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5974] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5974] munmap(0x7fae36000000, 138412032) = 0 [pid 5974] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5974] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5974] close(3) = 0 [pid 5974] close(4) = 0 [pid 5974] mkdir("./file1", 0777) = 0 [pid 5974] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [ 107.227416][ T5974] loop0: detected capacity change from 0 to 2048 [pid 5974] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5974] chdir("./file1") = 0 [pid 5974] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5974] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5974] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5974] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5974] exit_group(0) = ? [pid 5974] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5974, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 107.330369][ T5974] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5977 attached [pid 5977] set_robust_list(0x5555794b1660, 24) = 0 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 5977 [pid 5977] chdir("./42") = 0 [pid 5977] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5977] setpgid(0, 0) = 0 [pid 5977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5977] write(3, "1000", 4) = 4 [pid 5977] close(3) = 0 [pid 5977] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5977] write(1, "executing program\n", 18executing program ) = 18 [pid 5977] memfd_create("syzkaller", 0) = 3 [pid 5977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5977] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5977] munmap(0x7fae36000000, 138412032) = 0 [pid 5977] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5977] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5977] close(3) = 0 [pid 5977] close(4) = 0 [pid 5977] mkdir("./file1", 0777) = 0 [pid 5977] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5977] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5977] chdir("./file1") = 0 [pid 5977] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 107.566846][ T5977] loop0: detected capacity change from 0 to 2048 [pid 5977] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5977] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5977] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5977] exit_group(0) = ? [pid 5977] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5977, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 107.621730][ T5977] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5981 attached [pid 5981] set_robust_list(0x5555794b1660, 24) = 0 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 5981 [pid 5981] chdir("./43") = 0 [pid 5981] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5981] setpgid(0, 0) = 0 [pid 5981] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5981] write(3, "1000", 4) = 4 [pid 5981] close(3) = 0 [pid 5981] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5981] write(1, "executing program\n", 18) = 18 [pid 5981] memfd_create("syzkaller", 0) = 3 [pid 5981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5981] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5981] munmap(0x7fae36000000, 138412032) = 0 [pid 5981] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5981] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5981] close(3) = 0 [pid 5981] close(4) = 0 [pid 5981] mkdir("./file1", 0777) = 0 [ 107.855654][ T5981] loop0: detected capacity change from 0 to 2048 [pid 5981] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5981] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5981] chdir("./file1") = 0 [pid 5981] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5981] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5981] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5981] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5981] exit_group(0) = ? [pid 5981] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5981, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 107.946210][ T5981] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5984 attached , child_tidptr=0x5555794b1650) = 5984 [pid 5984] set_robust_list(0x5555794b1660, 24) = 0 [pid 5984] chdir("./44") = 0 [pid 5984] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5984] setpgid(0, 0) = 0 [pid 5984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5984] write(3, "1000", 4) = 4 [pid 5984] close(3) = 0 [pid 5984] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5984] write(1, "executing program\n", 18executing program ) = 18 [pid 5984] memfd_create("syzkaller", 0) = 3 [pid 5984] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5984] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5984] munmap(0x7fae36000000, 138412032) = 0 [pid 5984] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5984] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5984] close(3) = 0 [pid 5984] close(4) = 0 [pid 5984] mkdir("./file1", 0777) = 0 [pid 5984] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5984] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5984] chdir("./file1") = 0 [pid 5984] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 108.281052][ T5984] loop0: detected capacity change from 0 to 2048 [pid 5984] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5984] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5984] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5984] exit_group(0) = ? [pid 5984] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5984, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 108.330410][ T5984] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5988 attached [pid 5988] set_robust_list(0x5555794b1660, 24 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 5988 [pid 5988] <... set_robust_list resumed>) = 0 [pid 5988] chdir("./45") = 0 [pid 5988] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5988] setpgid(0, 0) = 0 [pid 5988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5988] write(3, "1000", 4) = 4 [pid 5988] close(3) = 0 [pid 5988] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5988] write(1, "executing program\n", 18executing program ) = 18 [pid 5988] memfd_create("syzkaller", 0) = 3 [pid 5988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5988] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5988] munmap(0x7fae36000000, 138412032) = 0 [pid 5988] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5988] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5988] close(3) = 0 [pid 5988] close(4) = 0 [pid 5988] mkdir("./file1", 0777) = 0 [pid 5988] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5988] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 108.496819][ T5988] loop0: detected capacity change from 0 to 2048 [pid 5988] chdir("./file1") = 0 [pid 5988] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5988] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5988] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5988] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5988] exit_group(0) = ? [pid 5988] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5988, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 108.579960][ T5988] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5991 attached , child_tidptr=0x5555794b1650) = 5991 [pid 5991] set_robust_list(0x5555794b1660, 24) = 0 [pid 5991] chdir("./46") = 0 [pid 5991] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5991] setpgid(0, 0) = 0 [pid 5991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5991] write(3, "1000", 4) = 4 [pid 5991] close(3) = 0 [pid 5991] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5991] write(1, "executing program\n", 18executing program ) = 18 [pid 5991] memfd_create("syzkaller", 0) = 3 [pid 5991] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5991] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5991] munmap(0x7fae36000000, 138412032) = 0 [pid 5991] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5991] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5991] close(3) = 0 [pid 5991] close(4) = 0 [pid 5991] mkdir("./file1", 0777) = 0 [ 108.894371][ T5991] loop0: detected capacity change from 0 to 2048 [pid 5991] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5991] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5991] chdir("./file1") = 0 [pid 5991] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5991] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5991] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5991] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5991] exit_group(0) = ? [pid 5991] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5991, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 109.001556][ T5991] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5994 attached , child_tidptr=0x5555794b1650) = 5994 [pid 5994] set_robust_list(0x5555794b1660, 24) = 0 [pid 5994] chdir("./47") = 0 [pid 5994] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5994] setpgid(0, 0) = 0 [pid 5994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5994] write(3, "1000", 4) = 4 [pid 5994] close(3) = 0 [pid 5994] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5994] write(1, "executing program\n", 18) = 18 [pid 5994] memfd_create("syzkaller", 0) = 3 [pid 5994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5994] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5994] munmap(0x7fae36000000, 138412032) = 0 [pid 5994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5994] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5994] close(3) = 0 [pid 5994] close(4) = 0 [pid 5994] mkdir("./file1", 0777) = 0 [pid 5994] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [ 109.436864][ T5994] loop0: detected capacity change from 0 to 2048 [pid 5994] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5994] chdir("./file1") = 0 [pid 5994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5994] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5994] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5994] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5994] exit_group(0) = ? [pid 5994] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5994, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 109.521381][ T5994] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5997 attached [pid 5997] set_robust_list(0x5555794b1660, 24) = 0 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 5997 [pid 5997] chdir("./48") = 0 [pid 5997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5997] setpgid(0, 0) = 0 [pid 5997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5997] write(3, "1000", 4) = 4 [pid 5997] close(3) = 0 [pid 5997] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5997] write(1, "executing program\n", 18executing program ) = 18 [pid 5997] memfd_create("syzkaller", 0) = 3 [pid 5997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 5997] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5997] munmap(0x7fae36000000, 138412032) = 0 [pid 5997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5997] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5997] close(3) = 0 [pid 5997] close(4) = 0 [pid 5997] mkdir("./file1", 0777) = 0 [pid 5997] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5997] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 109.733960][ T5997] loop0: detected capacity change from 0 to 2048 [pid 5997] chdir("./file1") = 0 [pid 5997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5997] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5997] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5997] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5997] exit_group(0) = ? [pid 5997] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5997, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 109.801162][ T5997] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6000 attached [pid 6000] set_robust_list(0x5555794b1660, 24 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 6000 [pid 6000] <... set_robust_list resumed>) = 0 [pid 6000] chdir("./49") = 0 [pid 6000] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6000] setpgid(0, 0) = 0 [pid 6000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6000] write(3, "1000", 4) = 4 [pid 6000] close(3) = 0 [pid 6000] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6000] write(1, "executing program\n", 18executing program ) = 18 [pid 6000] memfd_create("syzkaller", 0) = 3 [pid 6000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 6000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6000] munmap(0x7fae36000000, 138412032) = 0 [pid 6000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6000] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6000] close(3) = 0 [pid 6000] close(4) = 0 [pid 6000] mkdir("./file1", 0777) = 0 [ 110.236995][ T6000] loop0: detected capacity change from 0 to 2048 [pid 6000] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 6000] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6000] chdir("./file1") = 0 [pid 6000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6000] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 6000] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6000] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 6000] exit_group(0) = ? [ 110.342034][ T6000] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap [pid 6000] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6000, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6003 attached , child_tidptr=0x5555794b1650) = 6003 [pid 6003] set_robust_list(0x5555794b1660, 24) = 0 [pid 6003] chdir("./50") = 0 [pid 6003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6003] setpgid(0, 0) = 0 [pid 6003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6003] write(3, "1000", 4) = 4 [pid 6003] close(3) = 0 [pid 6003] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6003] write(1, "executing program\n", 18executing program ) = 18 [pid 6003] memfd_create("syzkaller", 0) = 3 [pid 6003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 6003] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6003] munmap(0x7fae36000000, 138412032) = 0 [pid 6003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6003] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6003] close(3) = 0 [pid 6003] close(4) = 0 [pid 6003] mkdir("./file1", 0777) = 0 [pid 6003] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [ 110.626615][ T6003] loop0: detected capacity change from 0 to 2048 [pid 6003] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6003] chdir("./file1") = 0 [pid 6003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6003] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 6003] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6003] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 6003] exit_group(0) = ? [pid 6003] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6003, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 110.690465][ T6003] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6006 attached , child_tidptr=0x5555794b1650) = 6006 [pid 6006] set_robust_list(0x5555794b1660, 24) = 0 [pid 6006] chdir("./51") = 0 [pid 6006] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6006] setpgid(0, 0) = 0 [pid 6006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6006] write(3, "1000", 4) = 4 executing program [pid 6006] close(3) = 0 [pid 6006] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6006] write(1, "executing program\n", 18) = 18 [pid 6006] memfd_create("syzkaller", 0) = 3 [pid 6006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 6006] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6006] munmap(0x7fae36000000, 138412032) = 0 [pid 6006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6006] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6006] close(3) = 0 [pid 6006] close(4) = 0 [pid 6006] mkdir("./file1", 0777) = 0 [ 110.921048][ T6006] loop0: detected capacity change from 0 to 2048 [pid 6006] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 6006] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6006] chdir("./file1") = 0 [pid 6006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6006] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 6006] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6006] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 6006] exit_group(0) = ? [pid 6006] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6006, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [ 111.008991][ T6006] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6009 attached [pid 6009] set_robust_list(0x5555794b1660, 24 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 6009 [pid 6009] <... set_robust_list resumed>) = 0 [pid 6009] chdir("./52") = 0 [pid 6009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6009] setpgid(0, 0) = 0 [pid 6009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6009] write(3, "1000", 4) = 4 [pid 6009] close(3) = 0 [pid 6009] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6009] write(1, "executing program\n", 18) = 18 [pid 6009] memfd_create("syzkaller", 0) = 3 [pid 6009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 6009] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6009] munmap(0x7fae36000000, 138412032) = 0 [pid 6009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6009] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6009] close(3) = 0 [pid 6009] close(4) = 0 [pid 6009] mkdir("./file1", 0777) = 0 [pid 6009] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 6009] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6009] chdir("./file1") = 0 [pid 6009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 111.457121][ T6009] loop0: detected capacity change from 0 to 2048 [pid 6009] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 6009] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6009] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 6009] exit_group(0) = ? [pid 6009] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6009, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 111.510810][ T6009] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6012 attached , child_tidptr=0x5555794b1650) = 6012 [pid 6012] set_robust_list(0x5555794b1660, 24) = 0 [pid 6012] chdir("./53") = 0 [pid 6012] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6012] setpgid(0, 0) = 0 [pid 6012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6012] write(3, "1000", 4) = 4 [pid 6012] close(3) = 0 [pid 6012] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6012] write(1, "executing program\n", 18executing program ) = 18 [pid 6012] memfd_create("syzkaller", 0) = 3 [pid 6012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 6012] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6012] munmap(0x7fae36000000, 138412032) = 0 [pid 6012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6012] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6012] close(3) = 0 [pid 6012] close(4) = 0 [pid 6012] mkdir("./file1", 0777) = 0 [ 111.781154][ T6012] loop0: detected capacity change from 0 to 2048 [pid 6012] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 6012] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6012] chdir("./file1") = 0 [pid 6012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6012] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 6012] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6012] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 6012] exit_group(0) = ? [pid 6012] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6012, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 111.878704][ T6012] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6015 attached , child_tidptr=0x5555794b1650) = 6015 [pid 6015] set_robust_list(0x5555794b1660, 24) = 0 [pid 6015] chdir("./54") = 0 [pid 6015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6015] setpgid(0, 0) = 0 [pid 6015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6015] write(3, "1000", 4) = 4 [pid 6015] close(3) = 0 [pid 6015] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6015] write(1, "executing program\n", 18) = 18 [pid 6015] memfd_create("syzkaller", 0) = 3 [pid 6015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 6015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6015] munmap(0x7fae36000000, 138412032) = 0 [pid 6015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6015] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6015] close(3) = 0 [pid 6015] close(4) = 0 [pid 6015] mkdir("./file1", 0777) = 0 [pid 6015] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 6015] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6015] chdir("./file1") = 0 [pid 6015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 112.155330][ T6015] loop0: detected capacity change from 0 to 2048 [pid 6015] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 6015] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6015] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 6015] exit_group(0) = ? [pid 6015] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6015, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 112.202638][ T6015] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6018 attached [pid 6018] set_robust_list(0x5555794b1660, 24 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 6018 [pid 6018] <... set_robust_list resumed>) = 0 [pid 6018] chdir("./55") = 0 [pid 6018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6018] setpgid(0, 0) = 0 [pid 6018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6018] write(3, "1000", 4) = 4 [pid 6018] close(3) = 0 [pid 6018] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6018] write(1, "executing program\n", 18executing program ) = 18 [pid 6018] memfd_create("syzkaller", 0) = 3 [pid 6018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 6018] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6018] munmap(0x7fae36000000, 138412032) = 0 [pid 6018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6018] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6018] close(3) = 0 [pid 6018] close(4) = 0 [pid 6018] mkdir("./file1", 0777) = 0 [pid 6018] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 6018] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 112.424820][ T6018] loop0: detected capacity change from 0 to 2048 [pid 6018] chdir("./file1") = 0 [pid 6018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6018] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 6018] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6018] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 6018] exit_group(0) = ? [pid 6018] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6018, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 112.512346][ T6018] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6021 attached , child_tidptr=0x5555794b1650) = 6021 [pid 6021] set_robust_list(0x5555794b1660, 24) = 0 [pid 6021] chdir("./56") = 0 [pid 6021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6021] setpgid(0, 0) = 0 [pid 6021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6021] write(3, "1000", 4) = 4 [pid 6021] close(3) = 0 [pid 6021] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6021] write(1, "executing program\n", 18) = 18 [pid 6021] memfd_create("syzkaller", 0) = 3 [pid 6021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 6021] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6021] munmap(0x7fae36000000, 138412032) = 0 [pid 6021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6021] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6021] close(3) = 0 [pid 6021] close(4) = 0 [pid 6021] mkdir("./file1", 0777) = 0 [ 112.839281][ T6021] loop0: detected capacity change from 0 to 2048 [pid 6021] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 6021] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6021] chdir("./file1") = 0 [pid 6021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6021] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 6021] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6021] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 6021] exit_group(0) = ? [pid 6021] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6021, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [ 112.910457][ T6021] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6024 attached [pid 6024] set_robust_list(0x5555794b1660, 24) = 0 [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 6024 [pid 6024] chdir("./57") = 0 [pid 6024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6024] setpgid(0, 0) = 0 [pid 6024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6024] write(3, "1000", 4) = 4 [pid 6024] close(3) = 0 [pid 6024] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6024] write(1, "executing program\n", 18) = 18 [pid 6024] memfd_create("syzkaller", 0) = 3 [pid 6024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 6024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6024] munmap(0x7fae36000000, 138412032) = 0 [pid 6024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6024] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6024] close(3) = 0 [pid 6024] close(4) = 0 [pid 6024] mkdir("./file1", 0777) = 0 [pid 6024] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [ 113.135043][ T6024] loop0: detected capacity change from 0 to 2048 [pid 6024] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6024] chdir("./file1") = 0 [pid 6024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6024] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 6024] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6024] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 6024] exit_group(0) = ? [pid 6024] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6024, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 113.211808][ T6024] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6027 attached [pid 6027] set_robust_list(0x5555794b1660, 24) = 0 [pid 6027] chdir("./58" [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 6027 [pid 6027] <... chdir resumed>) = 0 [pid 6027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6027] setpgid(0, 0) = 0 [pid 6027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6027] write(3, "1000", 4) = 4 [pid 6027] close(3) = 0 [pid 6027] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6027] write(1, "executing program\n", 18) = 18 [pid 6027] memfd_create("syzkaller", 0) = 3 [pid 6027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 6027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6027] munmap(0x7fae36000000, 138412032) = 0 [pid 6027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6027] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6027] close(3) = 0 [pid 6027] close(4) = 0 [pid 6027] mkdir("./file1", 0777) = 0 [ 113.450030][ T6027] loop0: detected capacity change from 0 to 2048 [pid 6027] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 6027] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6027] chdir("./file1") = 0 [pid 6027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6027] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 6027] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6027] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 6027] exit_group(0) = ? [pid 6027] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6027, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [ 113.545400][ T6027] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555794b1650) = 6030 ./strace-static-x86_64: Process 6030 attached [pid 6030] set_robust_list(0x5555794b1660, 24) = 0 [pid 6030] chdir("./59") = 0 [pid 6030] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6030] setpgid(0, 0) = 0 [pid 6030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6030] write(3, "1000", 4) = 4 [pid 6030] close(3) = 0 [pid 6030] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6030] write(1, "executing program\n", 18) = 18 [pid 6030] memfd_create("syzkaller", 0) = 3 [pid 6030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 6030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6030] munmap(0x7fae36000000, 138412032) = 0 [pid 6030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6030] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6030] close(3) = 0 [pid 6030] close(4) = 0 [pid 6030] mkdir("./file1", 0777) = 0 [ 113.871320][ T6030] loop0: detected capacity change from 0 to 2048 [pid 6030] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 6030] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6030] chdir("./file1") = 0 [pid 6030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6030] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 6030] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6030] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 6030] exit_group(0) = ? [pid 6030] +++ exited with 0 +++ [ 113.967958][ T6030] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6030, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555794b1650) = 6034 ./strace-static-x86_64: Process 6034 attached [pid 6034] set_robust_list(0x5555794b1660, 24) = 0 [pid 6034] chdir("./60") = 0 [pid 6034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6034] setpgid(0, 0) = 0 [pid 6034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6034] write(3, "1000", 4) = 4 [pid 6034] close(3) = 0 executing program [pid 6034] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6034] write(1, "executing program\n", 18) = 18 [pid 6034] memfd_create("syzkaller", 0) = 3 [pid 6034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 6034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6034] munmap(0x7fae36000000, 138412032) = 0 [pid 6034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6034] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6034] close(3) = 0 [pid 6034] close(4) = 0 [pid 6034] mkdir("./file1", 0777) = 0 [ 114.214559][ T6034] loop0: detected capacity change from 0 to 2048 [pid 6034] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 6034] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6034] chdir("./file1") = 0 [pid 6034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6034] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 6034] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6034] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 6034] exit_group(0) = ? [pid 6034] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6034, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 114.301614][ T6034] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6037 attached [pid 6037] set_robust_list(0x5555794b1660, 24) = 0 [pid 6037] chdir("./61" [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 6037 [pid 6037] <... chdir resumed>) = 0 [pid 6037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6037] setpgid(0, 0) = 0 [pid 6037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6037] write(3, "1000", 4) = 4 [pid 6037] close(3) = 0 [pid 6037] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6037] write(1, "executing program\n", 18executing program ) = 18 [pid 6037] memfd_create("syzkaller", 0) = 3 [pid 6037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 6037] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6037] munmap(0x7fae36000000, 138412032) = 0 [pid 6037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6037] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6037] close(3) = 0 [pid 6037] close(4) = 0 [pid 6037] mkdir("./file1", 0777) = 0 [ 114.522466][ T6037] loop0: detected capacity change from 0 to 2048 [pid 6037] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 6037] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6037] chdir("./file1") = 0 [pid 6037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6037] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 6037] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6037] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 6037] exit_group(0) = ? [pid 6037] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6037, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [ 114.642329][ T6037] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6040 attached [pid 6040] set_robust_list(0x5555794b1660, 24) = 0 [pid 6040] chdir("./62" [pid 5844] <... clone resumed>, child_tidptr=0x5555794b1650) = 6040 [pid 6040] <... chdir resumed>) = 0 [pid 6040] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6040] setpgid(0, 0) = 0 [pid 6040] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6040] write(3, "1000", 4) = 4 [pid 6040] close(3) = 0 [pid 6040] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6040] write(1, "executing program\n", 18executing program ) = 18 [pid 6040] memfd_create("syzkaller", 0) = 3 [pid 6040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 6040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6040] munmap(0x7fae36000000, 138412032) = 0 [pid 6040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6040] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6040] close(3) = 0 [pid 6040] close(4) = 0 [pid 6040] mkdir("./file1", 0777) = 0 [ 114.913025][ T6040] loop0: detected capacity change from 0 to 2048 [pid 6040] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 6040] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6040] chdir("./file1") = 0 [pid 6040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6040] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 6040] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6040] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 6040] exit_group(0) = ? [pid 6040] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6040, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 115.009221][ T6040] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6043 attached , child_tidptr=0x5555794b1650) = 6043 [pid 6043] set_robust_list(0x5555794b1660, 24) = 0 [pid 6043] chdir("./63") = 0 [pid 6043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6043] setpgid(0, 0) = 0 [pid 6043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6043] write(3, "1000", 4) = 4 [pid 6043] close(3) = 0 [pid 6043] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6043] write(1, "executing program\n", 18) = 18 [pid 6043] memfd_create("syzkaller", 0) = 3 [pid 6043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 6043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6043] munmap(0x7fae36000000, 138412032) = 0 [pid 6043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6043] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6043] close(3) = 0 [pid 6043] close(4) = 0 [pid 6043] mkdir("./file1", 0777) = 0 [pid 6043] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 6043] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6043] chdir("./file1") = 0 [pid 6043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 115.215867][ T6043] loop0: detected capacity change from 0 to 2048 [pid 6043] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 6043] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6043] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 6043] exit_group(0) = ? [pid 6043] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6043, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555794b26f0 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 115.270984][ T6043] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555794ba730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555794ba730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file1") = 0 getdents64(3, 0x5555794b26f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6046 attached , child_tidptr=0x5555794b1650) = 6046 [pid 6046] set_robust_list(0x5555794b1660, 24) = 0 [pid 6046] chdir("./64") = 0 [pid 6046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6046] setpgid(0, 0) = 0 [pid 6046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6046] write(3, "1000", 4) = 4 [pid 6046] close(3) = 0 [pid 6046] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6046] write(1, "executing program\n", 18) = 18 [pid 6046] memfd_create("syzkaller", 0) = 3 [pid 6046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fae36000000 [pid 6046] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6046] munmap(0x7fae36000000, 138412032) = 0 [pid 6046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6046] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6046] close(3) = 0 [pid 6046] close(4) = 0 [pid 6046] mkdir("./file1", 0777) = 0 [pid 6046] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [ 115.538763][ T6046] loop0: detected capacity change from 0 to 2048 [pid 6046] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6046] chdir("./file1") = 0 [pid 6046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6046] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 6046] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 115.640600][ T6046] EXT4-fs error (device loop0): ext4_validate_block_bitmap:431: comm syz-executor125: bg 0: block 52: invalid block bitmap [ 115.666756][ T6046] ------------[ cut here ]------------ [ 115.672242][ T6046] Looking for class "&ei->i_data_sem" with key __key.0, but found a different class "&ei->i_data_sem" with the same key [ 115.684952][ T6046] WARNING: CPU: 0 PID: 6046 at kernel/locking/lockdep.c:936 look_up_lock_class+0x140/0x150 [ 115.695008][ T6046] Modules linked in: [ 115.698934][ T6046] CPU: 0 UID: 0 PID: 6046 Comm: syz-executor125 Not tainted 6.12.0-rc5-syzkaller-00299-g11066801dd4b #0 [ 115.710055][ T6046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 115.720117][ T6046] RIP: 0010:look_up_lock_class+0x140/0x150 [ 115.725948][ T6046] Code: c7 c7 60 cf 6c 8b e8 6f 1a 2d f6 90 0f 0b 90 90 90 31 db eb be c6 05 f7 e0 26 05 01 90 48 c7 c7 40 d2 6c 8b e8 51 1a 2d f6 90 <0f> 0b 90 90 e9 58 ff ff ff 0f 1f 80 00 00 00 00 90 90 90 90 90 90 [ 115.745593][ T6046] RSP: 0018:ffffc900033ef850 EFLAGS: 00010086 [ 115.751688][ T6046] RAX: 0000000000000000 RBX: ffffffff96e7b588 RCX: ffffffff814e6dd9 [ 115.759681][ T6046] RDX: ffff88802ad6bc00 RSI: ffffffff814e6de6 RDI: 0000000000000001 [ 115.767678][ T6046] RBP: ffffffff9a8f4301 R08: 0000000000000001 R09: 0000000000000000 [ 115.775670][ T6046] R10: 0000000000000000 R11: 20676e696b6f6f4c R12: ffff888072116f80 [ 115.783663][ T6046] R13: 0000000000000000 R14: 0000000000000001 R15: ffffffff9a825820 [ 115.791656][ T6046] FS: 00005555794b1380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 115.800612][ T6046] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.807216][ T6046] CR2: 00007fae3e5d70f8 CR3: 00000000284b0000 CR4: 0000000000350ef0 [ 115.815208][ T6046] Call Trace: [ 115.818496][ T6046] [ 115.821438][ T6046] ? __warn+0xea/0x3d0 [ 115.825558][ T6046] ? look_up_lock_class+0x140/0x150 [ 115.830784][ T6046] ? report_bug+0x3c0/0x580 [ 115.835314][ T6046] ? handle_bug+0x54/0xa0 [ 115.839674][ T6046] ? exc_invalid_op+0x17/0x50 [ 115.844381][ T6046] ? asm_exc_invalid_op+0x1a/0x20 [ 115.849457][ T6046] ? __warn_printk+0x199/0x350 [ 115.854262][ T6046] ? __warn_printk+0x1a6/0x350 [ 115.859068][ T6046] ? look_up_lock_class+0x140/0x150 [ 115.864292][ T6046] ? __pfx_mark_lock+0x10/0x10 [ 115.869080][ T6046] register_lock_class+0xb1/0x1240 [ 115.874220][ T6046] ? register_lock_class+0xb1/0x1240 [ 115.879532][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 115.885196][ T6046] ? register_lock_class+0xb1/0x1240 [ 115.890510][ T6046] ? __pfx_register_lock_class+0x10/0x10 [ 115.896171][ T6046] ? truncate_inode_pages_range+0x622/0xe80 [ 115.902107][ T6046] ? __pfx_register_lock_class+0x10/0x10 [ 115.907765][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 115.913432][ T6046] __lock_acquire+0x135/0x3ce0 [ 115.918237][ T6046] ? __pfx___lock_acquire+0x10/0x10 [ 115.923474][ T6046] lock_acquire.part.0+0x11b/0x380 [ 115.928614][ T6046] ? ext4_double_down_write_data_sem+0x42/0x80 [ 115.934801][ T6046] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 115.940458][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 115.946121][ T6046] ? rcu_is_watching+0x12/0xc0 [ 115.950919][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 115.956580][ T6046] ? trace_lock_acquire+0x14a/0x1d0 [ 115.961814][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 115.967476][ T6046] ? ext4_double_down_write_data_sem+0x42/0x80 [ 115.973665][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 115.979328][ T6046] ? lock_acquire+0x2f/0xb0 [ 115.983853][ T6046] ? ext4_double_down_write_data_sem+0x42/0x80 [ 115.990043][ T6046] down_write_nested+0x97/0x210 [ 115.994926][ T6046] ? ext4_double_down_write_data_sem+0x42/0x80 [ 116.001113][ T6046] ? __pfx_down_write_nested+0x10/0x10 [ 116.006604][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.012266][ T6046] ? ext4_journal_check_start+0x1b4/0x2b0 [ 116.018021][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.023686][ T6046] ext4_double_down_write_data_sem+0x42/0x80 [ 116.029700][ T6046] __ext4_ioctl+0x2a01/0x4630 [ 116.034413][ T6046] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 116.040453][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.046114][ T6046] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 116.052058][ T6046] ? __pfx___ext4_ioctl+0x10/0x10 [ 116.057117][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.062780][ T6046] ? do_vfs_ioctl+0x513/0x1990 [ 116.067578][ T6046] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 116.072637][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.078297][ T6046] ? do_raw_spin_lock+0x12d/0x2c0 [ 116.083367][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.089045][ T6046] ? __pfx_ext4_ioctl+0x10/0x10 [ 116.093930][ T6046] __x64_sys_ioctl+0x192/0x220 [ 116.098730][ T6046] do_syscall_64+0xcd/0x250 [ 116.103353][ T6046] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.109298][ T6046] RIP: 0033:0x7fae3e55e229 [ 116.113734][ T6046] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 116.133369][ T6046] RSP: 002b:00007ffcd2ff81b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 116.141811][ T6046] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007fae3e55e229 [ 116.149803][ T6046] RDX: 0000000000000000 RSI: 0000000000006611 RDI: 0000000000000004 [ 116.157792][ T6046] RBP: 0000000000000000 R08: 00007ffcd2ff81f0 R09: 00007ffcd2ff81f0 [ 116.165783][ T6046] R10: 00007ffcd2ff81f0 R11: 0000000000000246 R12: 00007ffcd2ff81dc [ 116.173777][ T6046] R13: 0000000000000040 R14: 431bde82d7b634db R15: 00007ffcd2ff8210 [ 116.181778][ T6046] [ 116.184815][ T6046] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 116.192109][ T6046] CPU: 0 UID: 0 PID: 6046 Comm: syz-executor125 Not tainted 6.12.0-rc5-syzkaller-00299-g11066801dd4b #0 [ 116.203333][ T6046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 116.213429][ T6046] Call Trace: [ 116.216717][ T6046] [ 116.219658][ T6046] dump_stack_lvl+0x3d/0x1f0 [ 116.224282][ T6046] panic+0x71d/0x800 [ 116.228236][ T6046] ? __pfx_panic+0x10/0x10 [ 116.232733][ T6046] ? show_trace_log_lvl+0x29d/0x3d0 [ 116.237971][ T6046] ? check_panic_on_warn+0x1f/0xb0 [ 116.243135][ T6046] ? look_up_lock_class+0x140/0x150 [ 116.248362][ T6046] check_panic_on_warn+0xab/0xb0 [ 116.253383][ T6046] __warn+0xf6/0x3d0 [ 116.257326][ T6046] ? look_up_lock_class+0x140/0x150 [ 116.262551][ T6046] report_bug+0x3c0/0x580 [ 116.266916][ T6046] handle_bug+0x54/0xa0 [ 116.271109][ T6046] exc_invalid_op+0x17/0x50 [ 116.275645][ T6046] asm_exc_invalid_op+0x1a/0x20 [ 116.280544][ T6046] RIP: 0010:look_up_lock_class+0x140/0x150 [ 116.286376][ T6046] Code: c7 c7 60 cf 6c 8b e8 6f 1a 2d f6 90 0f 0b 90 90 90 31 db eb be c6 05 f7 e0 26 05 01 90 48 c7 c7 40 d2 6c 8b e8 51 1a 2d f6 90 <0f> 0b 90 90 e9 58 ff ff ff 0f 1f 80 00 00 00 00 90 90 90 90 90 90 [ 116.306017][ T6046] RSP: 0018:ffffc900033ef850 EFLAGS: 00010086 [ 116.312114][ T6046] RAX: 0000000000000000 RBX: ffffffff96e7b588 RCX: ffffffff814e6dd9 [ 116.320113][ T6046] RDX: ffff88802ad6bc00 RSI: ffffffff814e6de6 RDI: 0000000000000001 [ 116.328109][ T6046] RBP: ffffffff9a8f4301 R08: 0000000000000001 R09: 0000000000000000 [ 116.336100][ T6046] R10: 0000000000000000 R11: 20676e696b6f6f4c R12: ffff888072116f80 [ 116.344125][ T6046] R13: 0000000000000000 R14: 0000000000000001 R15: ffffffff9a825820 [ 116.352125][ T6046] ? __warn_printk+0x199/0x350 [ 116.356935][ T6046] ? __warn_printk+0x1a6/0x350 [ 116.361746][ T6046] ? __pfx_mark_lock+0x10/0x10 [ 116.366710][ T6046] register_lock_class+0xb1/0x1240 [ 116.371849][ T6046] ? register_lock_class+0xb1/0x1240 [ 116.377163][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.382831][ T6046] ? register_lock_class+0xb1/0x1240 [ 116.388146][ T6046] ? __pfx_register_lock_class+0x10/0x10 [ 116.393805][ T6046] ? truncate_inode_pages_range+0x622/0xe80 [ 116.399738][ T6046] ? __pfx_register_lock_class+0x10/0x10 [ 116.405398][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.411067][ T6046] __lock_acquire+0x135/0x3ce0 [ 116.415864][ T6046] ? __pfx___lock_acquire+0x10/0x10 [ 116.421097][ T6046] lock_acquire.part.0+0x11b/0x380 [ 116.426236][ T6046] ? ext4_double_down_write_data_sem+0x42/0x80 [ 116.432429][ T6046] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 116.438089][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.443757][ T6046] ? rcu_is_watching+0x12/0xc0 [ 116.448556][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.454221][ T6046] ? trace_lock_acquire+0x14a/0x1d0 [ 116.459460][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.465123][ T6046] ? ext4_double_down_write_data_sem+0x42/0x80 [ 116.471314][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.476980][ T6046] ? lock_acquire+0x2f/0xb0 [ 116.481509][ T6046] ? ext4_double_down_write_data_sem+0x42/0x80 [ 116.487698][ T6046] down_write_nested+0x97/0x210 [ 116.492580][ T6046] ? ext4_double_down_write_data_sem+0x42/0x80 [ 116.498770][ T6046] ? __pfx_down_write_nested+0x10/0x10 [ 116.504267][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.509932][ T6046] ? ext4_journal_check_start+0x1b4/0x2b0 [ 116.515679][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.521345][ T6046] ext4_double_down_write_data_sem+0x42/0x80 [ 116.527360][ T6046] __ext4_ioctl+0x2a01/0x4630 [ 116.532075][ T6046] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 116.538111][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.543773][ T6046] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 116.549745][ T6046] ? __pfx___ext4_ioctl+0x10/0x10 [ 116.554823][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.560488][ T6046] ? do_vfs_ioctl+0x513/0x1990 [ 116.565291][ T6046] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 116.570351][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.576015][ T6046] ? do_raw_spin_lock+0x12d/0x2c0 [ 116.581088][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.586853][ T6046] ? __pfx_ext4_ioctl+0x10/0x10 [ 116.591739][ T6046] __x64_sys_ioctl+0x192/0x220 [ 116.596538][ T6046] do_syscall_64+0xcd/0x250 [ 116.601073][ T6046] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.607015][ T6046] RIP: 0033:0x7fae3e55e229 [ 116.611463][ T6046] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 116.631110][ T6046] RSP: 002b:00007ffcd2ff81b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 116.639555][ T6046] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007fae3e55e229 [ 116.647546][ T6046] RDX: 0000000000000000 RSI: 0000000000006611 RDI: 0000000000000004 [ 116.655558][ T6046] RBP: 0000000000000000 R08: 00007ffcd2ff81f0 R09: 00007ffcd2ff81f0 [ 116.663563][ T6046] R10: 00007ffcd2ff81f0 R11: 0000000000000246 R12: 00007ffcd2ff81dc [ 116.671557][ T6046] R13: 0000000000000040 R14: 431bde82d7b634db R15: 00007ffcd2ff8210 [ 116.679567][ T6046] [ 116.682944][ T6046] Kernel Offset: disabled [ 116.687281][ T6046] Rebooting in 86400 seconds..