./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1313969257 <...> no interfaces have a carrier forked to background, child pid 4694 [ 29.295477][ T4695] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.304542][ T4695] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.102' (ED25519) to the list of known hosts. execve("./syz-executor1313969257", ["./syz-executor1313969257"], 0x7ffc73c82e10 /* 10 vars */) = 0 brk(NULL) = 0x555555e39000 brk(0x555555e39d40) = 0x555555e39d40 arch_prctl(ARCH_SET_FS, 0x555555e393c0) = 0 set_tid_address(0x555555e39690) = 5026 set_robust_list(0x555555e396a0, 24) = 0 rseq(0x555555e39ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1313969257", 4096) = 28 getrandom("\x5b\xa3\x3d\x2f\x73\x73\xc0\x67", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555e39d40 brk(0x555555e5ad40) = 0x555555e5ad40 brk(0x555555e5b000) = 0x555555e5b000 mprotect(0x7f0a91605000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5026 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "5026", 4) = 4 close(3) = 0 mkdir("./syzkaller.2MtEnm", 0700) = 0 chmod("./syzkaller.2MtEnm", 0777) = 0 chdir("./syzkaller.2MtEnm") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5027 attached , child_tidptr=0x555555e39690) = 5027 [pid 5027] set_robust_list(0x555555e396a0, 24) = 0 [pid 5027] chdir("./0") = 0 [pid 5027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5027] setpgid(0, 0) = 0 [pid 5027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5027] write(3, "1000", 4) = 4 [pid 5027] close(3) = 0 [pid 5027] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5027] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5027] rt_sigaction(SIGRT_1, {sa_handler=0x7f0a915aba50, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0a9159d390}, NULL, 8) = 0 [pid 5027] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0a9151a000 [pid 5027] mprotect(0x7f0a9151b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5027] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5027] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0a9153a990, parent_tid=0x7f0a9153a990, exit_signal=0, stack=0x7f0a9151a000, stack_size=0x20300, tls=0x7f0a9153a6c0} => {parent_tid=[5028]}, 88) = 5028 [pid 5027] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5027] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5027] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5028 attached [pid 5028] rseq(0x7f0a9153afe0, 0x20, 0, 0x53053053) = 0 [pid 5028] set_robust_list(0x7f0a9153a9a0, 24) = 0 [pid 5028] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5028] memfd_create("syzkaller", 0) = 3 [pid 5028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a8911a000 syzkaller login: [ 52.040268][ T5028] syz-executor131[5028]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5028] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5028] munmap(0x7f0a8911a000, 16777216) = 0 [pid 5028] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5028] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5028] close(3) = 0 [pid 5028] mkdir("./file0", 0777) = 0 [pid 5028] mount("/dev/loop0", "./file0", "jfs", MS_POSIXACL, "discard=0x00000000000001ff,iocharset=cp1250,nodiscard,gid=0x000000000000ee00,noquota,usrquota,quota,") = 0 [pid 5028] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5028] chdir("./file0") = 0 [pid 5028] ioctl(4, LOOP_CLR_FD) = 0 [pid 5028] close(4) = 0 [pid 5028] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5027] <... futex resumed>) = 0 [pid 5027] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_CREAT, 000 [pid 5027] futex(0x7f0a9160b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0a8a0f9000 [pid 5027] mprotect(0x7f0a8a0fa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5028] <... open resumed>) = 4 [pid 5028] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5028] futex(0x7f0a9160b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5027] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5027] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0a8a119990, parent_tid=0x7f0a8a119990, exit_signal=0, stack=0x7f0a8a0f9000, stack_size=0x20300, tls=0x7f0a8a1196c0}./strace-static-x86_64: Process 5030 attached [pid 5030] rseq(0x7f0a8a119fe0, 0x20, 0, 0x53053053 [pid 5027] <... clone3 resumed> => {parent_tid=[5030]}, 88) = 5030 [pid 5030] <... rseq resumed>) = 0 [pid 5027] rt_sigprocmask(SIG_SETMASK, [], [pid 5030] set_robust_list(0x7f0a8a1199a0, 24 [pid 5027] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5030] <... set_robust_list resumed>) = 0 [pid 5027] futex(0x7f0a9160b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] rt_sigprocmask(SIG_SETMASK, [], [pid 5027] <... futex resumed>) = 0 [pid 5030] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5030] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5027] futex(0x7f0a9160b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5030] <... openat resumed>) = 5 [pid 5030] futex(0x7f0a9160b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... futex resumed>) = 0 [pid 5030] <... futex resumed>) = 1 [pid 5027] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] futex(0x7f0a9160b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5027] <... futex resumed>) = 1 [pid 5028] <... futex resumed>) = 0 [pid 5027] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] mknodat(5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = -1 EIO (Input/output error) [pid 5028] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5027] <... futex resumed>) = 0 [pid 5027] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] linkat(-1, NULL, 5, NULL, AT_EMPTY_PATH [pid 5027] <... futex resumed>) = 0 [pid 5027] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5028] <... linkat resumed>) = -1 EFAULT (Bad address) [pid 5028] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5027] <... futex resumed>) = 0 [pid 5027] exit_group(0 [pid 5030] <... futex resumed>) = ? [pid 5030] +++ exited with 0 +++ [pid 5027] <... exit_group resumed>) = ? [pid 5028] +++ exited with 0 +++ [pid 5027] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5027, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=13 /* 0.13 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555e3a730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 52.182688][ T5028] loop0: detected capacity change from 0 to 32768 [ 52.206519][ T5028] find_entry called with index = 0 [ 52.212009][ T5028] read_mapping_page failed! [ 52.216539][ T5028] ERROR: (device loop0): txCommit: [ 52.216539][ T5028] [ 52.224215][ T5028] ERROR: (device loop0): remounting filesystem as read-only umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555e42770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e42770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555555e3a730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5031 attached , child_tidptr=0x555555e39690) = 5031 [pid 5031] set_robust_list(0x555555e396a0, 24) = 0 [pid 5031] chdir("./1") = 0 [pid 5031] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5031] setpgid(0, 0) = 0 [pid 5031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5031] write(3, "1000", 4) = 4 [pid 5031] close(3) = 0 [pid 5031] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5031] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5031] rt_sigaction(SIGRT_1, {sa_handler=0x7f0a915aba50, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0a9159d390}, NULL, 8) = 0 [pid 5031] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0a9151a000 [pid 5031] mprotect(0x7f0a9151b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5031] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5031] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0a9153a990, parent_tid=0x7f0a9153a990, exit_signal=0, stack=0x7f0a9151a000, stack_size=0x20300, tls=0x7f0a9153a6c0} => {parent_tid=[5032]}, 88) = 5032 [pid 5031] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5031] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5031] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5032 attached [pid 5032] rseq(0x7f0a9153afe0, 0x20, 0, 0x53053053) = 0 [pid 5032] set_robust_list(0x7f0a9153a9a0, 24) = 0 [pid 5032] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5032] memfd_create("syzkaller", 0) = 3 [pid 5032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a8911a000 [pid 5032] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5032] munmap(0x7f0a8911a000, 16777216) = 0 [pid 5032] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5032] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5032] close(3) = 0 [pid 5032] mkdir("./file0", 0777) = 0 [pid 5032] mount("/dev/loop0", "./file0", "jfs", MS_POSIXACL, "discard=0x00000000000001ff,iocharset=cp1250,nodiscard,gid=0x000000000000ee00,noquota,usrquota,quota,") = 0 [pid 5032] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5032] chdir("./file0") = 0 [pid 5032] ioctl(4, LOOP_CLR_FD) = 0 [pid 5032] close(4) = 0 [pid 5032] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] futex(0x7f0a9160b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5031] <... futex resumed>) = 0 [pid 5031] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] <... futex resumed>) = 0 [pid 5032] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_CREAT, 000 [pid 5031] futex(0x7f0a9160b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0a8a0f9000 [pid 5031] mprotect(0x7f0a8a0fa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5031] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5031] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0a8a119990, parent_tid=0x7f0a8a119990, exit_signal=0, stack=0x7f0a8a0f9000, stack_size=0x20300, tls=0x7f0a8a1196c0} => {parent_tid=[5033]}, 88) = 5033 ./strace-static-x86_64: Process 5033 attached [pid 5031] rt_sigprocmask(SIG_SETMASK, [], [pid 5032] <... open resumed>) = 4 [pid 5031] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5031] futex(0x7f0a9160b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5031] futex(0x7f0a9160b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5032] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] rseq(0x7f0a8a119fe0, 0x20, 0, 0x53053053) = 0 [pid 5033] set_robust_list(0x7f0a8a1199a0, 24 [pid 5032] <... futex resumed>) = 0 [pid 5033] <... set_robust_list resumed>) = 0 [pid 5033] rt_sigprocmask(SIG_SETMASK, [], [pid 5032] futex(0x7f0a9160b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5033] openat(AT_FDCWD, "./file0", O_RDONLY) = 5 [pid 5033] futex(0x7f0a9160b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5031] <... futex resumed>) = 0 [pid 5033] futex(0x7f0a9160b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5031] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = 0 [pid 5031] <... futex resumed>) = 1 [pid 5032] mknodat(5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [ 52.433459][ T5032] loop0: detected capacity change from 0 to 32768 [ 52.460959][ T5032] find_entry called with index = 0 [ 52.467281][ T5032] read_mapping_page failed! [ 52.471988][ T5032] ERROR: (device loop0): txCommit: [ 52.471988][ T5032] [pid 5031] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5032] <... mknodat resumed>) = -1 EIO (Input/output error) [pid 5032] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] futex(0x7f0a9160b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5031] <... futex resumed>) = 0 [pid 5031] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = 0 [pid 5031] <... futex resumed>) = 1 [pid 5032] linkat(-1, NULL, 5, NULL, AT_EMPTY_PATH [pid 5031] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5032] <... linkat resumed>) = -1 EFAULT (Bad address) [pid 5032] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5031] <... futex resumed>) = 0 [pid 5032] futex(0x7f0a9160b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5031] exit_group(0 [pid 5033] <... futex resumed>) = ? [pid 5032] <... futex resumed>) = ? [pid 5031] <... exit_group resumed>) = ? [pid 5033] +++ exited with 0 +++ [pid 5032] +++ exited with 0 +++ [pid 5031] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5031, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=9 /* 0.09 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555e3a730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 52.479566][ T5032] ERROR: (device loop0): remounting filesystem as read-only umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555e42770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e42770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555555e3a730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5034 attached , child_tidptr=0x555555e39690) = 5034 [pid 5034] set_robust_list(0x555555e396a0, 24) = 0 [pid 5034] chdir("./2") = 0 [pid 5034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5034] setpgid(0, 0) = 0 [pid 5034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5034] write(3, "1000", 4) = 4 [pid 5034] close(3) = 0 [pid 5034] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5034] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] rt_sigaction(SIGRT_1, {sa_handler=0x7f0a915aba50, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0a9159d390}, NULL, 8) = 0 [pid 5034] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0a9151a000 [pid 5034] mprotect(0x7f0a9151b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0a9153a990, parent_tid=0x7f0a9153a990, exit_signal=0, stack=0x7f0a9151a000, stack_size=0x20300, tls=0x7f0a9153a6c0} => {parent_tid=[5035]}, 88) = 5035 [pid 5034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5034] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5035 attached [pid 5035] rseq(0x7f0a9153afe0, 0x20, 0, 0x53053053) = 0 [pid 5035] set_robust_list(0x7f0a9153a9a0, 24) = 0 [pid 5035] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5035] memfd_create("syzkaller", 0) = 3 [pid 5035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a8911a000 [pid 5035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5035] munmap(0x7f0a8911a000, 16777216) = 0 [pid 5035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5035] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5035] close(3) = 0 [pid 5035] mkdir("./file0", 0777) = 0 [pid 5035] mount("/dev/loop0", "./file0", "jfs", MS_POSIXACL, "discard=0x00000000000001ff,iocharset=cp1250,nodiscard,gid=0x000000000000ee00,noquota,usrquota,quota,") = 0 [pid 5035] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5035] chdir("./file0") = 0 [pid 5035] ioctl(4, LOOP_CLR_FD) = 0 [pid 5035] close(4) = 0 [pid 5035] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5034] <... futex resumed>) = 0 [pid 5035] futex(0x7f0a9160b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5034] <... futex resumed>) = 0 [pid 5035] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_CREAT, 000 [pid 5034] futex(0x7f0a9160b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0a8a0f9000 [pid 5034] mprotect(0x7f0a8a0fa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5035] <... open resumed>) = 4 [pid 5034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5035] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0a8a119990, parent_tid=0x7f0a8a119990, exit_signal=0, stack=0x7f0a8a0f9000, stack_size=0x20300, tls=0x7f0a8a1196c0} [pid 5035] <... futex resumed>) = 0 [pid 5035] futex(0x7f0a9160b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] <... clone3 resumed> => {parent_tid=[5036]}, 88) = 5036 [pid 5034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5034] futex(0x7f0a9160b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5036 attached [pid 5034] futex(0x7f0a9160b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5036] rseq(0x7f0a8a119fe0, 0x20, 0, 0x53053053) = 0 [pid 5036] set_robust_list(0x7f0a8a1199a0, 24) = 0 [pid 5036] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5036] openat(AT_FDCWD, "./file0", O_RDONLY) = 5 [pid 5036] futex(0x7f0a9160b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5034] <... futex resumed>) = 0 [pid 5036] futex(0x7f0a9160b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... futex resumed>) = 0 [pid 5035] mknodat(5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 5034] <... futex resumed>) = 1 [ 52.958583][ T5035] loop0: detected capacity change from 0 to 32768 [ 52.989591][ T5035] find_entry called with index = 0 [ 52.996128][ T5035] read_mapping_page failed! [ 53.000929][ T5035] ERROR: (device loop0): txCommit: [ 53.000929][ T5035] [pid 5034] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... mknodat resumed>) = -1 EIO (Input/output error) [pid 5035] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5034] <... futex resumed>) = 0 [pid 5035] linkat(-1, NULL, 5, NULL, AT_EMPTY_PATH [pid 5034] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... linkat resumed>) = -1 EFAULT (Bad address) [pid 5034] <... futex resumed>) = 0 [pid 5035] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... futex resumed>) = 0 [pid 5034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5035] futex(0x7f0a9160b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5034] exit_group(0 [pid 5036] <... futex resumed>) = ? [pid 5035] <... futex resumed>) = ? [pid 5034] <... exit_group resumed>) = ? [pid 5035] +++ exited with 0 +++ [pid 5036] +++ exited with 0 +++ [pid 5034] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5034, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555e3a730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 53.009258][ T5035] ERROR: (device loop0): remounting filesystem as read-only umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555e42770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e42770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555555e3a730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5037 attached [pid 5037] set_robust_list(0x555555e396a0, 24) = 0 [pid 5037] chdir("./3") = 0 [pid 5037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5037] setpgid(0, 0) = 0 [pid 5026] <... clone resumed>, child_tidptr=0x555555e39690) = 5037 [pid 5037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5037] write(3, "1000", 4) = 4 [pid 5037] close(3) = 0 [pid 5037] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5037] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] rt_sigaction(SIGRT_1, {sa_handler=0x7f0a915aba50, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0a9159d390}, NULL, 8) = 0 [pid 5037] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0a9151a000 [pid 5037] mprotect(0x7f0a9151b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5037] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0a9153a990, parent_tid=0x7f0a9153a990, exit_signal=0, stack=0x7f0a9151a000, stack_size=0x20300, tls=0x7f0a9153a6c0} => {parent_tid=[5038]}, 88) = 5038 [pid 5037] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5037] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5038 attached [pid 5038] rseq(0x7f0a9153afe0, 0x20, 0, 0x53053053) = 0 [pid 5038] set_robust_list(0x7f0a9153a9a0, 24) = 0 [pid 5038] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5038] memfd_create("syzkaller", 0) = 3 [pid 5038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a8911a000 [pid 5038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5038] munmap(0x7f0a8911a000, 16777216) = 0 [pid 5038] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5038] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5038] close(3) = 0 [pid 5038] mkdir("./file0", 0777) = 0 [pid 5038] mount("/dev/loop0", "./file0", "jfs", MS_POSIXACL, "discard=0x00000000000001ff,iocharset=cp1250,nodiscard,gid=0x000000000000ee00,noquota,usrquota,quota,") = 0 [pid 5038] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5038] chdir("./file0") = 0 [pid 5038] ioctl(4, LOOP_CLR_FD) = 0 [pid 5038] close(4) = 0 [pid 5038] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... futex resumed>) = 0 [pid 5037] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] futex(0x7f0a9160b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0a8a0f9000 [pid 5037] mprotect(0x7f0a8a0fa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5037] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5038] <... futex resumed>) = 1 [pid 5037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0a8a119990, parent_tid=0x7f0a8a119990, exit_signal=0, stack=0x7f0a8a0f9000, stack_size=0x20300, tls=0x7f0a8a1196c0} [pid 5038] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_CREAT, 000 [pid 5037] <... clone3 resumed> => {parent_tid=[5039]}, 88) = 5039 [pid 5037] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5037] futex(0x7f0a9160b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] futex(0x7f0a9160b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5038] <... open resumed>) = 4 [pid 5038] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] futex(0x7f0a9160b6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5039 attached [pid 5039] rseq(0x7f0a8a119fe0, 0x20, 0, 0x53053053) = 0 [pid 5039] set_robust_list(0x7f0a8a1199a0, 24) = 0 [pid 5039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5039] openat(AT_FDCWD, "./file0", O_RDONLY) = 5 [pid 5039] futex(0x7f0a9160b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... futex resumed>) = 0 [pid 5039] <... futex resumed>) = 1 [pid 5037] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5037] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] futex(0x7f0a9160b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] <... futex resumed>) = 0 [pid 5038] mknodat(5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = -1 EIO (Input/output error) [pid 5038] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... futex resumed>) = 0 [pid 5038] <... futex resumed>) = 1 [pid 5037] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] linkat(-1, NULL, 5, NULL, AT_EMPTY_PATH [pid 5037] <... futex resumed>) = 0 [pid 5038] <... linkat resumed>) = -1 EFAULT (Bad address) [pid 5037] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5038] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5038] futex(0x7f0a9160b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] <... futex resumed>) = 0 [pid 5037] exit_group(0 [pid 5039] <... futex resumed>) = ? [pid 5039] +++ exited with 0 +++ [pid 5038] <... futex resumed>) = ? [pid 5037] <... exit_group resumed>) = ? [pid 5038] +++ exited with 0 +++ [pid 5037] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5037, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555e3a730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 53.479814][ T5038] loop0: detected capacity change from 0 to 32768 [ 53.503030][ T5038] find_entry called with index = 0 [ 53.508444][ T5038] read_mapping_page failed! [ 53.513279][ T5038] ERROR: (device loop0): txCommit: [ 53.513279][ T5038] [ 53.521122][ T5038] ERROR: (device loop0): remounting filesystem as read-only umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555e42770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e42770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555555e3a730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5040 attached [pid 5040] set_robust_list(0x555555e396a0, 24) = 0 [pid 5040] chdir("./4") = 0 [pid 5040] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5040] setpgid(0, 0) = 0 [pid 5026] <... clone resumed>, child_tidptr=0x555555e39690) = 5040 [pid 5040] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5040] write(3, "1000", 4) = 4 [pid 5040] close(3) = 0 [pid 5040] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5040] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5040] rt_sigaction(SIGRT_1, {sa_handler=0x7f0a915aba50, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0a9159d390}, NULL, 8) = 0 [pid 5040] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5040] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0a9151a000 [pid 5040] mprotect(0x7f0a9151b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5040] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5040] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0a9153a990, parent_tid=0x7f0a9153a990, exit_signal=0, stack=0x7f0a9151a000, stack_size=0x20300, tls=0x7f0a9153a6c0} => {parent_tid=[5041]}, 88) = 5041 ./strace-static-x86_64: Process 5041 attached [pid 5040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5040] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5040] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5041] rseq(0x7f0a9153afe0, 0x20, 0, 0x53053053) = 0 [pid 5041] set_robust_list(0x7f0a9153a9a0, 24) = 0 [pid 5041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5041] memfd_create("syzkaller", 0) = 3 [pid 5041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a8911a000 [pid 5041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5041] munmap(0x7f0a8911a000, 16777216) = 0 [pid 5041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5041] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5041] close(3) = 0 [pid 5041] mkdir("./file0", 0777) = 0 [pid 5041] mount("/dev/loop0", "./file0", "jfs", MS_POSIXACL, "discard=0x00000000000001ff,iocharset=cp1250,nodiscard,gid=0x000000000000ee00,noquota,usrquota,quota,") = 0 [pid 5041] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5041] chdir("./file0") = 0 [pid 5041] ioctl(4, LOOP_CLR_FD) = 0 [pid 5041] close(4) = 0 [pid 5041] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... futex resumed>) = 0 [pid 5040] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... futex resumed>) = 1 [pid 5040] <... futex resumed>) = 0 [pid 5041] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_CREAT, 000 [pid 5040] futex(0x7f0a9160b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5040] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0a8a0f9000 [pid 5040] mprotect(0x7f0a8a0fa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5040] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5041] <... open resumed>) = 4 [pid 5040] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0a8a119990, parent_tid=0x7f0a8a119990, exit_signal=0, stack=0x7f0a8a0f9000, stack_size=0x20300, tls=0x7f0a8a1196c0} [pid 5041] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5041] futex(0x7f0a9160b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5040] <... clone3 resumed> => {parent_tid=[5042]}, 88) = 5042 [pid 5040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5040] futex(0x7f0a9160b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5040] futex(0x7f0a9160b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5042 attached [pid 5042] rseq(0x7f0a8a119fe0, 0x20, 0, 0x53053053) = 0 [pid 5042] set_robust_list(0x7f0a8a1199a0, 24) = 0 [pid 5042] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5042] openat(AT_FDCWD, "./file0", O_RDONLY) = 5 [pid 5042] futex(0x7f0a9160b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5042] futex(0x7f0a9160b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5040] <... futex resumed>) = 0 [pid 5040] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... futex resumed>) = 0 [pid 5040] <... futex resumed>) = 1 [pid 5041] mknodat(5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [ 54.000261][ T5041] loop0: detected capacity change from 0 to 32768 [ 54.025238][ T5041] find_entry called with index = 0 [ 54.030996][ T5041] read_mapping_page failed! [ 54.035874][ T5041] ERROR: (device loop0): txCommit: [ 54.035874][ T5041] [pid 5040] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] <... mknodat resumed>) = -1 EIO (Input/output error) [pid 5041] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5040] <... futex resumed>) = 0 [pid 5041] futex(0x7f0a9160b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5040] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5040] <... futex resumed>) = 0 [pid 5041] linkat(-1, NULL, 5, NULL, AT_EMPTY_PATH [pid 5040] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] <... linkat resumed>) = -1 EFAULT (Bad address) [pid 5041] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5040] <... futex resumed>) = 0 [pid 5041] futex(0x7f0a9160b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5040] exit_group(0 [pid 5042] <... futex resumed>) = ? [pid 5041] <... futex resumed>) = ? [pid 5040] <... exit_group resumed>) = ? [pid 5042] +++ exited with 0 +++ [pid 5041] +++ exited with 0 +++ [pid 5040] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5040, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555e3a730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 54.043853][ T5041] ERROR: (device loop0): remounting filesystem as read-only umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555e42770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e42770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555555e3a730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5043 attached , child_tidptr=0x555555e39690) = 5043 [pid 5043] set_robust_list(0x555555e396a0, 24) = 0 [pid 5043] chdir("./5") = 0 [pid 5043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5043] setpgid(0, 0) = 0 [pid 5043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5043] write(3, "1000", 4) = 4 [pid 5043] close(3) = 0 [pid 5043] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5043] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] rt_sigaction(SIGRT_1, {sa_handler=0x7f0a915aba50, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0a9159d390}, NULL, 8) = 0 [pid 5043] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5043] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0a9151a000 [pid 5043] mprotect(0x7f0a9151b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5043] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5043] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0a9153a990, parent_tid=0x7f0a9153a990, exit_signal=0, stack=0x7f0a9151a000, stack_size=0x20300, tls=0x7f0a9153a6c0}./strace-static-x86_64: Process 5044 attached [pid 5044] rseq(0x7f0a9153afe0, 0x20, 0, 0x53053053) = 0 [pid 5044] set_robust_list(0x7f0a9153a9a0, 24) = 0 [pid 5044] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5043] <... clone3 resumed> => {parent_tid=[5044]}, 88) = 5044 [pid 5044] futex(0x7f0a9160b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5043] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5044] memfd_create("syzkaller", 0 [pid 5043] <... futex resumed>) = 1 [pid 5043] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5044] <... memfd_create resumed>) = 3 [pid 5044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a8911a000 [pid 5044] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5044] munmap(0x7f0a8911a000, 16777216) = 0 [pid 5044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5044] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5044] close(3) = 0 [pid 5044] mkdir("./file0", 0777) = 0 [pid 5044] mount("/dev/loop0", "./file0", "jfs", MS_POSIXACL, "discard=0x00000000000001ff,iocharset=cp1250,nodiscard,gid=0x000000000000ee00,noquota,usrquota,quota,") = 0 [pid 5044] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5044] chdir("./file0") = 0 [pid 5044] ioctl(4, LOOP_CLR_FD) = 0 [pid 5044] close(4) = 0 [pid 5044] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] <... futex resumed>) = 0 [pid 5043] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_CREAT, 000 [pid 5043] <... futex resumed>) = 0 [pid 5043] futex(0x7f0a9160b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0a8a0f9000 [pid 5043] mprotect(0x7f0a8a0fa000, 131072, PROT_READ|PROT_WRITE [pid 5044] <... open resumed>) = 4 [pid 5043] <... mprotect resumed>) = 0 [pid 5043] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5043] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0a8a119990, parent_tid=0x7f0a8a119990, exit_signal=0, stack=0x7f0a8a0f9000, stack_size=0x20300, tls=0x7f0a8a1196c0} [pid 5044] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5044] futex(0x7f0a9160b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5043] <... clone3 resumed> => {parent_tid=[5045]}, 88) = 5045 [pid 5043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5043] futex(0x7f0a9160b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] futex(0x7f0a9160b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5045 attached [pid 5045] rseq(0x7f0a8a119fe0, 0x20, 0, 0x53053053) = 0 [pid 5045] set_robust_list(0x7f0a8a1199a0, 24) = 0 [pid 5045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5045] openat(AT_FDCWD, "./file0", O_RDONLY) = 5 [pid 5045] futex(0x7f0a9160b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... futex resumed>) = 0 [pid 5043] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5043] <... futex resumed>) = 1 [pid 5044] mknodat(5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 5045] <... futex resumed>) = 1 [pid 5043] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 54.521116][ T5044] loop0: detected capacity change from 0 to 32768 [ 54.547988][ T5044] find_entry called with index = 0 [ 54.554323][ T5044] read_mapping_page failed! [ 54.559215][ T5044] ERROR: (device loop0): txCommit: [ 54.559215][ T5044] [pid 5045] futex(0x7f0a9160b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5044] <... mknodat resumed>) = -1 EIO (Input/output error) [pid 5044] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] <... futex resumed>) = 0 [pid 5044] futex(0x7f0a9160b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5043] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5043] <... futex resumed>) = 0 [pid 5044] linkat(-1, NULL, 5, NULL, AT_EMPTY_PATH [pid 5043] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] <... linkat resumed>) = -1 EFAULT (Bad address) [pid 5044] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] <... futex resumed>) = 0 [pid 5043] exit_group(0 [pid 5045] <... futex resumed>) = ? [pid 5043] <... exit_group resumed>) = ? [pid 5045] +++ exited with 0 +++ [pid 5044] +++ exited with 0 +++ [pid 5043] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5043, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=12 /* 0.12 s */} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555e3a730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 54.567037][ T5044] ERROR: (device loop0): remounting filesystem as read-only umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555e42770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e42770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555555e3a730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5046 attached , child_tidptr=0x555555e39690) = 5046 [pid 5046] set_robust_list(0x555555e396a0, 24) = 0 [pid 5046] chdir("./6") = 0 [pid 5046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5046] setpgid(0, 0) = 0 [pid 5046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5046] write(3, "1000", 4) = 4 [pid 5046] close(3) = 0 [pid 5046] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5046] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] rt_sigaction(SIGRT_1, {sa_handler=0x7f0a915aba50, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0a9159d390}, NULL, 8) = 0 [pid 5046] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0a9151a000 [pid 5046] mprotect(0x7f0a9151b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5046] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5046] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0a9153a990, parent_tid=0x7f0a9153a990, exit_signal=0, stack=0x7f0a9151a000, stack_size=0x20300, tls=0x7f0a9153a6c0} => {parent_tid=[5047]}, 88) = 5047 [pid 5046] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5046] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5047 attached [pid 5047] rseq(0x7f0a9153afe0, 0x20, 0, 0x53053053) = 0 [pid 5047] set_robust_list(0x7f0a9153a9a0, 24) = 0 [pid 5047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5047] memfd_create("syzkaller", 0) = 3 [pid 5047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a8911a000 [pid 5047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5047] munmap(0x7f0a8911a000, 16777216) = 0 [pid 5047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5047] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5047] close(3) = 0 [pid 5047] mkdir("./file0", 0777) = 0 [pid 5047] mount("/dev/loop0", "./file0", "jfs", MS_POSIXACL, "discard=0x00000000000001ff,iocharset=cp1250,nodiscard,gid=0x000000000000ee00,noquota,usrquota,quota,") = 0 [pid 5047] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5047] chdir("./file0") = 0 [pid 5047] ioctl(4, LOOP_CLR_FD) = 0 [pid 5047] close(4) = 0 [pid 5047] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... futex resumed>) = 0 [pid 5047] <... futex resumed>) = 1 [pid 5046] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_CREAT, 000 [pid 5046] <... futex resumed>) = 0 [pid 5046] futex(0x7f0a9160b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0a8a0f9000 [pid 5047] <... open resumed>) = 4 [pid 5046] mprotect(0x7f0a8a0fa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5046] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5046] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0a8a119990, parent_tid=0x7f0a8a119990, exit_signal=0, stack=0x7f0a8a0f9000, stack_size=0x20300, tls=0x7f0a8a1196c0}./strace-static-x86_64: Process 5048 attached [pid 5047] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] futex(0x7f0a9160b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5046] <... clone3 resumed> => {parent_tid=[5048]}, 88) = 5048 [pid 5046] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5046] futex(0x7f0a9160b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] futex(0x7f0a9160b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] rseq(0x7f0a8a119fe0, 0x20, 0, 0x53053053) = 0 [pid 5048] set_robust_list(0x7f0a8a1199a0, 24) = 0 [pid 5048] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5048] openat(AT_FDCWD, "./file0", O_RDONLY) = 5 [pid 5048] futex(0x7f0a9160b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5046] <... futex resumed>) = 0 [pid 5046] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] <... futex resumed>) = 0 [pid 5047] mknodat(5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 5046] <... futex resumed>) = 1 [pid 5048] futex(0x7f0a9160b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 55.039322][ T5047] loop0: detected capacity change from 0 to 32768 [ 55.064824][ T5047] find_entry called with index = 0 [ 55.070151][ T5047] read_mapping_page failed! [ 55.075229][ T5047] ERROR: (device loop0): txCommit: [ 55.075229][ T5047] [pid 5046] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] <... mknodat resumed>) = -1 EIO (Input/output error) [pid 5047] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5046] <... futex resumed>) = 0 [pid 5047] futex(0x7f0a9160b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5046] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5046] <... futex resumed>) = 0 [pid 5047] linkat(-1, NULL, 5, NULL, AT_EMPTY_PATH [pid 5046] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] <... linkat resumed>) = -1 EFAULT (Bad address) [pid 5047] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5046] <... futex resumed>) = 0 [pid 5047] futex(0x7f0a9160b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5046] exit_group(0) = ? [pid 5048] <... futex resumed>) = ? [pid 5047] <... futex resumed>) = ? [pid 5048] +++ exited with 0 +++ [pid 5047] +++ exited with 0 +++ [pid 5046] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5046, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555e3a730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 55.083452][ T5047] ERROR: (device loop0): remounting filesystem as read-only umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555e42770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e42770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555555e3a730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5049 attached , child_tidptr=0x555555e39690) = 5049 [pid 5049] set_robust_list(0x555555e396a0, 24) = 0 [pid 5049] chdir("./7") = 0 [pid 5049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5049] setpgid(0, 0) = 0 [pid 5049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5049] write(3, "1000", 4) = 4 [pid 5049] close(3) = 0 [pid 5049] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5049] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] rt_sigaction(SIGRT_1, {sa_handler=0x7f0a915aba50, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0a9159d390}, NULL, 8) = 0 [pid 5049] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0a9151a000 [pid 5049] mprotect(0x7f0a9151b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5049] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0a9153a990, parent_tid=0x7f0a9153a990, exit_signal=0, stack=0x7f0a9151a000, stack_size=0x20300, tls=0x7f0a9153a6c0} => {parent_tid=[5050]}, 88) = 5050 ./strace-static-x86_64: Process 5050 attached [pid 5050] rseq(0x7f0a9153afe0, 0x20, 0, 0x53053053 [pid 5049] rt_sigprocmask(SIG_SETMASK, [], [pid 5050] <... rseq resumed>) = 0 [pid 5049] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5049] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5050] set_robust_list(0x7f0a9153a9a0, 24) = 0 [pid 5050] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5050] memfd_create("syzkaller", 0) = 3 [pid 5050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a8911a000 [pid 5050] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5050] munmap(0x7f0a8911a000, 16777216) = 0 [pid 5050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5050] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5050] close(3) = 0 [pid 5050] mkdir("./file0", 0777) = 0 [pid 5050] mount("/dev/loop0", "./file0", "jfs", MS_POSIXACL, "discard=0x00000000000001ff,iocharset=cp1250,nodiscard,gid=0x000000000000ee00,noquota,usrquota,quota,") = 0 [pid 5050] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5050] chdir("./file0") = 0 [pid 5050] ioctl(4, LOOP_CLR_FD) = 0 [pid 5050] close(4) = 0 [pid 5050] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] futex(0x7f0a9160b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] futex(0x7f0a9160b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0a8a0f9000 [pid 5049] mprotect(0x7f0a8a0fa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5050] <... futex resumed>) = 0 [pid 5050] open("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_CREAT, 000 [pid 5049] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0a8a119990, parent_tid=0x7f0a8a119990, exit_signal=0, stack=0x7f0a8a0f9000, stack_size=0x20300, tls=0x7f0a8a1196c0}./strace-static-x86_64: Process 5051 attached [pid 5051] rseq(0x7f0a8a119fe0, 0x20, 0, 0x53053053) = 0 [pid 5051] set_robust_list(0x7f0a8a1199a0, 24 [pid 5049] <... clone3 resumed> => {parent_tid=[5051]}, 88) = 5051 [pid 5051] <... set_robust_list resumed>) = 0 [pid 5049] rt_sigprocmask(SIG_SETMASK, [], [pid 5051] rt_sigprocmask(SIG_SETMASK, [], [pid 5049] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5051] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5049] futex(0x7f0a9160b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] openat(AT_FDCWD, "./file0", O_RDONLY [pid 5049] <... futex resumed>) = 0 [pid 5050] <... open resumed>) = 4 [pid 5049] futex(0x7f0a9160b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] <... openat resumed>) = 5 [pid 5050] <... futex resumed>) = 0 [pid 5050] futex(0x7f0a9160b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5051] futex(0x7f0a9160b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] <... futex resumed>) = 0 [pid 5051] futex(0x7f0a9160b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5050] mknodat(5, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [ 55.556128][ T5050] loop0: detected capacity change from 0 to 32768 [ 55.582901][ T5050] find_entry called with index = 0 [ 55.588295][ T5050] read_mapping_page failed! [ 55.592901][ T5050] ERROR: (device loop0): txCommit: [ 55.592901][ T5050] [pid 5049] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... mknodat resumed>) = -1 EIO (Input/output error) [pid 5050] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... futex resumed>) = 1 [pid 5050] linkat(-1, NULL, 5, NULL, AT_EMPTY_PATH) = -1 EFAULT (Bad address) [pid 5050] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5049] exit_group(0) = ? [pid 5050] <... futex resumed>) = ? [pid 5050] +++ exited with 0 +++ [pid 5051] <... futex resumed>) = ? [pid 5051] +++ exited with 0 +++ [pid 5049] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5049, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=10 /* 0.10 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555e3a730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 55.600502][ T5050] ERROR: (device loop0): remounting filesystem as read-only umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555e42770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555e42770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555555e3a730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5052 attached , child_tidptr=0x555555e39690) = 5052 [pid 5052] set_robust_list(0x555555e396a0, 24) = 0 [pid 5052] chdir("./8") = 0 [pid 5052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5052] setpgid(0, 0) = 0 [pid 5052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5052] write(3, "1000", 4) = 4 [pid 5052] close(3) = 0 [pid 5052] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5052] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] rt_sigaction(SIGRT_1, {sa_handler=0x7f0a915aba50, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0a9159d390}, NULL, 8) = 0 [pid 5052] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0a9151a000 [pid 5052] mprotect(0x7f0a9151b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5052] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0a9153a990, parent_tid=0x7f0a9153a990, exit_signal=0, stack=0x7f0a9151a000, stack_size=0x20300, tls=0x7f0a9153a6c0} => {parent_tid=[5053]}, 88) = 5053 [pid 5052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5052] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7f0a9160b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5053 attached [pid 5053] rseq(0x7f0a9153afe0, 0x20, 0, 0x53053053) = 0 [pid 5053] set_robust_list(0x7f0a9153a9a0, 24) = 0 [pid 5053] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5053] memfd_create("syzkaller", 0) = 3 [pid 5053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a8911a000 [pid 5053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5053] munmap(0x7f0a8911a000, 16777216) = 0 [pid 5053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5053] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5053] close(3) = 0 [pid 5053] mkdir("./file0", 0777) = 0 [pid 5053] mount("/dev/loop0", "./file0", "jfs", MS_POSIXACL, "discard=0x00000000000001ff,iocharset=cp1250,nodiscard,gid=0x000000000000ee00,noquota,usrquota,quota,") = 0 [pid 5053] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5053] chdir("./file0") = 0 [pid 5053] ioctl(4, LOOP_CLR_FD) = 0 [pid 5053] close(4) = 0 [pid 5053] futex(0x7f0a9160b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] futex(0x7f0a9160b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7f0a9160b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5052] futex(0x7f0a9160b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0a8a0f9000 [pid 5052] mprotect(0x7f0a8a0fa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5052] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f0a8a119990, parent_tid=0x7f0a8a119990, exit_signal=0, stack=0x7f0a8a0f9000, stack_size=0x20300, tls=0x7f0a8a1196c0} => {parent_tid=[5054]}, 88) = 5054 ./strace-static-x86_64: Process 5054 attached [pid 5052] rt_sigprocmask(SIG_SETMASK, [], [pid 5054] rseq(0x7f0a8a119fe0, 0x20, 0, 0x53053053 [pid 5053] <... futex resumed>) = 0 [pid 5052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5054] <... rseq resumed>) = 0 [pid 5052] futex(0x7f0a9160b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] set_robust_list(0x7f0a8a1199a0, 24) = 0 [pid 5052] <... futex resumed>) = 0 [pid 5054] rt_sigprocmask(SIG_SETMASK, [], [pid 5052] futex(0x7f0a9160b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5054] openat(AT_FDCWD, "./file0", O_RDONLY) = 4 [pid 5054] futex(0x7f0a9160b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7f0a9160b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7f0a9160b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] mknodat(4, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [ 56.066312][ T5053] loop0: detected capacity change from 0 to 32768 [ 56.091022][ T5054] find_entry called with index = 0 [ 56.096745][ T5053] txLock: trying to lock locked page! [ 56.096768][ T5053] ip: ffff888076f1ce30: 000b41ed 00000000 0000ee00 00000000 [ 56.109569][ T5053] ip: ffff888076f1ce40: ffffffff ffffffff 00000000 00000000 [ 56.116894][ T5053] ip: ffff888076f1ce50: 8b41db00 ffffffff 29d90000 ffff8880 [ 56.124199][ T5053] ip: ffff888076f1ce60: 76f1d058 ffff8880 29c65f00 ffff8880 [ 56.131464][ T5053] ip: ffff888076f1ce70: 00000002 00000000 00000003 00000000 [ 56.138875][ T5053] ip: ffff888076f1ce80: 00000028 00000000 637cf1f0 00000000 [ 56.146158][ T5053] ip: ffff888076f1ce90: 00000000 00000000 637cf1f2 00000000 [ 56.153474][ T5053] ip: ffff888076f1cea0: 19ec74a6 00000000 637cf1f2 00000000 [ 56.160737][ T5053] ip: ffff888076f1ceb0: 19ec74a6 00000000 00000000 dead4ead [ 56.168050][ T5053] ip: ffff888076f1cec0: ffffffff 00000000 ffffffff ffffffff [ 56.175356][ T5053] ip: ffff888076f1ced0: 8d715068 ffffffff 00000000 00000000 [ 56.182651][ T5053] ip: ffff888076f1cee0: 00000000 00000000 8b17aac0 ffffffff [ 56.189934][ T5053] ip: ffff888076f1cef0: 00000200 00000000 000c0000 00000000 [ 56.197263][ T5053] ip: ffff888076f1cf00: 00000008 00000000 00000007 00000000 [ 56.204654][ T5053] ip: ffff888076f1cf10: 00000001 00000000 7d4ed940 ffff8880 [ 56.212003][ T5053] ip: ffff888076f1cf20: 00000000 00000000 00000000 dead4ead [ 56.219272][ T5053] ip: ffff888076f1cf30: ffffffff 00000000 ffffffff ffffffff [ 56.226639][ T5053] ip: ffff888076f1cf40: 900eb230 ffffffff 00000000 00000000 [ 56.233922][ T5053] ip: ffff888076f1cf50: 00000000 00000000 8b0a9a60 ffffffff [ 56.241194][ T5053] ip: ffff888076f1cf60: 00000200 00000000 76f1cf68 ffff8880 [ 56.248574][ T5053] ip: ffff888076f1cf70: 76f1cf68 ffff8880 76f1cf10 ffff8880 [ 56.255864][ T5053] ip: ffff888076f1cf80: 8d715098 ffffffff 00000000 00000000 [ 56.263139][ T5053] ip: ffff888076f1cf90: 00000000 00000000 8b17ade0 ffffffff [ 56.270409][ T5053] ip: ffff888076f1cfa0: 00000300 00000000 ffff9fed 00000000 [ 56.277695][ T5053] ip: ffff888076f1cfb0: 00000000 00000000 00000000 00000000 [ 56.285003][ T5053] ip: ffff888076f1cfc0: 00d97978 ffffc900 76f2aac8 ffff8880 [ 56.292383][ T5053] ip: ffff888076f1cfd0: 76f2b408 ffff8880 40bae060 ffff8881 [ 56.299740][ T5053] ip: ffff888076f1cfe0: 00000000 00000000 76f1cfe8 ffff8880 [ 56.307122][ T5053] ip: ffff888076f1cff0: 76f1cfe8 ffff8880 76f2a1b8 ffff8880 [ 56.314412][ T5053] ip: ffff888076f1d000: 76f2aaf8 ffff8880 76f1d008 ffff8880 [ 56.321761][ T5053] ip: ffff888076f1d010: 76f1d008 ffff8880 7e295730 ffff8880 [ 56.329062][ T5053] ip: ffff888076f1d020: 00000000 00000000 00000000 00000000 [ 56.336364][ T5053] ip: ffff888076f1d030: 00000000 00000000 00000001 00000000 [ 56.343638][ T5053] ip: ffff888076f1d040: 00000000 00000001 8b41dc00 ffffffff [ 56.350917][ T5053] ip: ffff888076f1d050: 00000000 00000000 76f1ce30 ffff8880 [ 56.358241][ T5053] ip: ffff888076f1d060: 00000000 dead4ead ffffffff 00000000 [ 56.365647][ T5053] ip: ffff888076f1d070: ffffffff ffffffff 91f61ac0 ffffffff [ 56.372959][ T5053] ip: ffff888076f1d080: 00000000 00000000 00000000 00000000 [ 56.380232][ T5053] ip: ffff888076f1d090: 8b17b1a0 ffffffff 00000200 00000000 [ 56.387603][ T5053] ip: ffff888076f1d0a0: 00000021 00000000 00000000 00000000 [ 56.394886][ T5053] ip: ffff888076f1d0b0: 00000000 00000000 00000000 00000000 [ 56.402168][ T5053] ip: ffff888076f1d0c0: 00000000 00000000 00000000 dead4ead [ 56.409438][ T5053] ip: ffff888076f1d0d0: ffffffff 00000000 ffffffff ffffffff [ 56.416723][ T5053] ip: ffff888076f1d0e0: 900eb230 ffffffff 00000000 00000000 [ 56.424006][ T5053] ip: ffff888076f1d0f0: 00000000 00000000 8b0a9a60 ffffffff [ 56.431267][ T5053] ip: ffff888076f1d100: 00000200 00000000 76f1d108 ffff8880 [ 56.438553][ T5053] ip: ffff888076f1d110: 76f1d108 ffff8880 76f1d0b0 ffff8880 [ 56.445832][ T5053] ip: ffff888076f1d120: 8d715088 ffffffff 00000000 00000000 [ 56.453112][ T5053] ip: ffff888076f1d130: 00000000 00000000 8b17aba0 ffffffff [ 56.460373][ T5053] ip: ffff888076f1d140: 00000300 00000000 00100cca 00000000 [ 56.467733][ T5053] ip: ffff888076f1d150: 00000000 00000000 00000000 00000000 [ 56.475016][ T5053] ip: ffff888076f1d160: 00000000 00000000 00000000 00000000 [ 56.482309][ T5053] ip: ffff888076f1d170: 00000000 00000000 8b17a780 ffffffff [ 56.489576][ T5053] ip: ffff888076f1d180: 00000000 00000000 00000000 00000000 [ 56.496859][ T5053] ip: ffff888076f1d190: 00000000 00000000 00000000 00000000 [ 56.504157][ T5053] ip: ffff888076f1d1a0: 00000000 dead4ead ffffffff 00000000 [ 56.511428][ T5053] ip: ffff888076f1d1b0: ffffffff ffffffff 900eb230 ffffffff [ 56.518725][ T5053] ip: ffff888076f1d1c0: 00000000 00000000 00000000 00000000 [ 56.526007][ T5053] ip: ffff888076f1d1d0: 8b0a9a60 ffffffff 00000200 00000000 [ 56.533287][ T5053] ip: ffff888076f1d1e0: 76f1d1e0 ffff8880 76f1d1e0 ffff8880 [ 56.540549][ T5053] ip: ffff888076f1d1f0: 76f1d188 ffff8880 91f61aa0 ffffffff [ 56.547839][ T5053] ip: ffff888076f1d200: 00000000 00000000 00000000 00000000 [ 56.555119][ T5053] ip: ffff888076f1d210: 8b17b120 ffffffff 00000300 00000000 [ 56.562484][ T5053] ip: ffff888076f1d220: 00000000 00000000 00000000 dead4ead [ 56.569752][ T5053] ip: ffff888076f1d230: ffffffff 00000000 ffffffff ffffffff [ 56.577035][ T5053] ip: ffff888076f1d240: 91f61ab0 ffffffff 00000000 00000000 [ 56.584321][ T5053] ip: ffff888076f1d250: 00000000 00000000 8b17b160 ffffffff [ 56.591581][ T5053] ip: ffff888076f1d260: 00000200 00000000 76f1d268 ffff8880 [ 56.598955][ T5053] ip: ffff888076f1d270: 76f1d268 ffff8880 00000000 00000000 [ 56.606249][ T5053] ip: ffff888076f1d280: 76f1d280 ffff8880 76f1d280 ffff8880 [ 56.613531][ T5053] ip: ffff888076f1d290: 00000004 00000000 00000001 00000000 [ 56.620973][ T5053] ip: ffff888076f1d2a0: 00000000 00000000 00000000 00000000 [ 56.628249][ T5053] ip: ffff888076f1d2b0: 00000000 00000000 00000000 00000000 [ 56.635548][ T5053] mp: ffff88801cf49d90: 00001000 00000003 00000000 00000000 [ 56.642826][ T5053] mp: ffff88801cf49da0: 00000000 00000000 00000000 00000000 [ 56.650095][ T5053] mp: ffff88801cf49db0: 00000005 00000000 00000001 00000000 [ 56.657379][ T5053] mp: ffff88801cf49dc0: 1be2a000 ffff8880 0000002f 00000000 [ 56.664748][ T5053] mp: ffff88801cf49dd0: 00000000 dead4ead ffffffff 00000000 [ 56.672048][ T5053] mp: ffff88801cf49de0: ffffffff ffffffff 9203a6a0 ffffffff [ 56.679314][ T5053] mp: ffff88801cf49df0: 00000000 00000000 00000000 00000000 [ 56.686629][ T5053] mp: ffff88801cf49e00: 8b423460 ffffffff 00000200 00000000 [ 56.693915][ T5053] mp: ffff88801cf49e10: 1cf49e10 ffff8880 1cf49e10 ffff8880 [ 56.701180][ T5053] mp: ffff88801cf49e20: 006f8a80 ffffea00 29d90000 ffff8880 [ 56.708469][ T5053] mp: ffff88801cf49e30: 00001000 00000000 00000001 00000000 [ 56.715759][ T5053] mp: ffff88801cf49e40: 00000000 00000000 [ 56.721456][ T5053] Locker's tblock: ffffc900025f1220: 00000400 00000000 00000000 00000000 [ 56.729879][ T5053] Locker's tblock: ffffc900025f1230: 00000000 00000000 00000000 00000000 [ 56.738392][ T5053] Locker's tblock: ffffc900025f1240: 29d90000 ffff8880 00020002 00000000 [ 56.746888][ T5053] Locker's tblock: ffffc900025f1250: 00000000 dead4ead ffffffff 00000000 [ 56.755387][ T5053] Locker's tblock: ffffc900025f1260: ffffffff ffffffff 9203a8a0 ffffffff [ 56.763792][ T5053] Locker's tblock: ffffc900025f1270: 00000000 00000000 00000000 00000000 [ 56.772207][ T5053] Locker's tblock: ffffc900025f1280: 8b424940 ffffffff 00000200 00000000 [ 56.780611][ T5053] Locker's tblock: ffffc900025f1290: 025f1290 ffffc900 025f1290 ffffc900 [ 56.789052][ T5053] Locker's tblock: ffffc900025f12a0: 00000002 00000000 00000000 00000000 [ 56.797830][ T5053] Locker's tblock: ffffc900025f12b0: 00000000 00000000 00000000 00000000 [ 56.806266][ T5053] Locker's tblock: ffffc900025f12c0: 00000000 00000000 00000000 00000000 [ 56.814696][ T5053] Locker's tblock: ffffc900025f12d0: 00000000 dead4ead ffffffff 00000000 [ 56.823109][ T5053] Locker's tblock: ffffc900025f12e0: ffffffff ffffffff 9203a880 ffffffff [ 56.831504][ T5053] Locker's tblock: ffffc900025f12f0: 00000000 00000000 00000000 00000000 [ 56.839925][ T5053] Locker's tblock: ffffc900025f1300: 8b424900 ffffffff 00000200 00000000 [ 56.848344][ T5053] Locker's tblock: ffffc900025f1310: 025f1310 ffffc900 025f1310 ffffc900 [ 56.856763][ T5053] Locker's tblock: ffffc900025f1320: 00000004 0000001c 00000007 00000000 [ 56.865172][ T5053] Tlock: ffffc900028120d8: 00010004 20208040 1cf49d90 ffff8880 [ 56.872715][ T5053] Tlock: ffffc900028120e8: 76f2a930 ffff8880 03140000 05002000 [ 56.880238][ T5053] Tlock: ffffc900028120f8: 06030a00 0000020d 00000000 00000000 [ 56.887775][ T5053] Tlock: ffffc90002812108: 00000000 00000000 00000000 00000000 [ 56.895330][ T5053] Tlock: ffffc90002812118: 00000000 00000000 [ 56.901433][ T5053] ------------[ cut here ]------------ [ 56.906989][ T5053] kernel BUG at fs/jfs/jfs_txnmgr.c:834! [ 56.912635][ T5053] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 56.918686][ T5053] CPU: 1 PID: 5053 Comm: syz-executor131 Not tainted 6.5.0-syzkaller-11938-g65d6e954e378 #0 [ 56.929076][ T5053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 56.939632][ T5053] RIP: 0010:txLock+0x1cd4/0x1fa0 [ 56.944580][ T5053] Code: 8b 48 c7 c6 40 4f 42 8b ba 01 00 00 00 b9 10 00 00 00 41 b8 04 00 00 00 4c 8b 4c 24 20 6a 00 6a 48 e8 a0 2f 2a 01 48 83 c4 10 <0f> 0b e8 55 21 7c fe 4c 89 e7 48 c7 c6 40 57 42 8b e8 36 9f bd fe [ 56.964472][ T5053] RSP: 0018:ffffc90003a5ef98 EFLAGS: 00010282 [ 56.970544][ T5053] RAX: 8c29e29eae6e2500 RBX: 1ffff9200050241b RCX: ffff88807d4ed940 [ 56.978509][ T5053] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 56.986463][ T5053] RBP: 0000000000000010 R08: ffffffff8170afec R09: 1ffff9200074bd28 [ 56.994424][ T5053] R10: dffffc0000000000 R11: fffff5200074bd29 R12: ffffc900028120da [ 57.002626][ T5053] R13: 0000000000000002 R14: 000000000000001b R15: 0000000000002020 [ 57.010731][ T5053] FS: 00007f0a9153a6c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 57.019853][ T5053] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.026424][ T5053] CR2: 00007f0a8a119000 CR3: 00000000271f3000 CR4: 00000000003506e0 [ 57.034381][ T5053] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.042509][ T5053] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.050467][ T5053] Call Trace: [ 57.053745][ T5053] [ 57.056668][ T5053] ? __die_body+0x8b/0xe0 [ 57.061100][ T5053] ? die+0xa1/0xd0 [ 57.064834][ T5053] ? do_trap+0x153/0x380 [ 57.069065][ T5053] ? txLock+0x1cd4/0x1fa0 [ 57.073381][ T5053] ? do_error_trap+0x1dc/0x2c0 [ 57.078122][ T5053] ? txLock+0x1cd4/0x1fa0 [ 57.082444][ T5053] ? do_int3+0x50/0x50 [ 57.086500][ T5053] ? handle_invalid_op+0x34/0x40 [ 57.091413][ T5053] ? txLock+0x1cd4/0x1fa0 [ 57.095748][ T5053] ? exc_invalid_op+0x33/0x50 [ 57.101068][ T5053] ? asm_exc_invalid_op+0x1a/0x20 [ 57.106378][ T5053] ? __wake_up_klogd+0xcc/0x100 [ 57.111226][ T5053] ? txLock+0x1cd4/0x1fa0 [ 57.116051][ T5053] ? __mark_inode_dirty+0x7fb/0xd90 [ 57.121539][ T5053] dtSplitRoot+0x430/0x1920 [ 57.126115][ T5053] ? __up_read+0x690/0x690 [ 57.130516][ T5053] ? dbAlloc+0x88a/0xca0 [ 57.134924][ T5053] ? dtModify+0x5d0/0x5d0 [ 57.139330][ T5053] ? dbNextAG+0x630/0x630 [ 57.143668][ T5053] dtInsert+0x12fa/0x6b00 [ 57.148122][ T5053] ? do_filp_open+0x234/0x490 [ 57.152817][ T5053] ? __x64_sys_open+0x225/0x270 [ 57.157689][ T5053] ? UniStrupr+0x2c0/0x2c0 [ 57.162106][ T5053] ? print_irqtrace_events+0x220/0x220 [ 57.167584][ T5053] ? rcu_is_watching+0x15/0xb0 [ 57.172378][ T5053] ? lock_release+0xbf/0x9d0 [ 57.176959][ T5053] ? do_raw_spin_lock+0x14d/0x3a0 [ 57.181969][ T5053] ? txLock+0x10d3/0x1fa0 [ 57.186311][ T5053] jfs_create+0x7b6/0xb90 [ 57.190624][ T5053] ? jfs_lookup+0x410/0x410 [ 57.195199][ T5053] ? jfs_get_parent+0xa0/0xa0 [ 57.199949][ T5053] ? make_vfsuid+0x6f/0xb0 [ 57.204562][ T5053] ? bpf_lsm_inode_create+0x9/0x10 [ 57.209651][ T5053] ? security_inode_create+0xb8/0x100 [ 57.215100][ T5053] ? jfs_lookup+0x410/0x410 [ 57.219585][ T5053] path_openat+0x13e7/0x3180 [ 57.224180][ T5053] ? do_filp_open+0x490/0x490 [ 57.228971][ T5053] ? rcu_is_watching+0x15/0xb0 [ 57.233738][ T5053] do_filp_open+0x234/0x490 [ 57.238251][ T5053] ? vfs_tmpfile+0x4b0/0x4b0 [ 57.242842][ T5053] ? _raw_spin_unlock+0x28/0x40 [ 57.247693][ T5053] ? alloc_fd+0x59c/0x640 [ 57.252015][ T5053] do_sys_openat2+0x13e/0x1d0 [ 57.256680][ T5053] ? do_sys_open+0x230/0x230 [ 57.262653][ T5053] ? _raw_spin_unlock_irq+0x2e/0x50 [ 57.267832][ T5053] ? ptrace_notify+0x278/0x380 [ 57.272583][ T5053] __x64_sys_open+0x225/0x270 [ 57.278417][ T5053] ? do_sys_openat2+0x1d0/0x1d0 [ 57.283279][ T5053] ? rcu_is_watching+0x15/0xb0 [ 57.288035][ T5053] ? syscall_enter_from_user_mode+0x8c/0x230 [ 57.294027][ T5053] do_syscall_64+0x41/0xc0 [ 57.298725][ T5053] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.305248][ T5053] RIP: 0033:0x7f0a91585949 [ 57.309766][ T5053] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 57.330718][ T5053] RSP: 002b:00007f0a9153a218 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 57.339148][ T5053] RAX: ffffffffffffffda RBX: 00007f0a9160b6c8 RCX: 00007f0a91585949 [ 57.347153][ T5053] RDX: 0000000000000000 RSI: 0000000000000040 RDI: 0000000020000400 [ 57.355153][ T5053] RBP: 00007f0a9160b6c0 R08: 0000000000000000 R09: 0000000000000000 [ 57.363831][ T5053] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0a915d8210 [ 57.371838][ T5053] R13: 00007f0a915d204d R14: 0030656c69662f2e R15: 6573726168636f69 [ 57.380088][ T5053] [ 57.383177][ T5053] Modules linked in: [ 57.387274][ T5053] ---[ end trace 0000000000000000 ]--- [ 57.393467][ T5053] RIP: 0010:txLock+0x1cd4/0x1fa0 [ 57.399121][ T5053] Code: 8b 48 c7 c6 40 4f 42 8b ba 01 00 00 00 b9 10 00 00 00 41 b8 04 00 00 00 4c 8b 4c 24 20 6a 00 6a 48 e8 a0 2f 2a 01 48 83 c4 10 <0f> 0b e8 55 21 7c fe 4c 89 e7 48 c7 c6 40 57 42 8b e8 36 9f bd fe [ 57.419618][ T5053] RSP: 0018:ffffc90003a5ef98 EFLAGS: 00010282 [ 57.426431][ T5053] RAX: 8c29e29eae6e2500 RBX: 1ffff9200050241b RCX: ffff88807d4ed940 [ 57.435523][ T5053] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 57.443538][ T5053] RBP: 0000000000000010 R08: ffffffff8170afec R09: 1ffff9200074bd28 [ 57.451506][ T5053] R10: dffffc0000000000 R11: fffff5200074bd29 R12: ffffc900028120da [ 57.459496][ T5053] R13: 0000000000000002 R14: 000000000000001b R15: 0000000000002020 [ 57.467907][ T5053] FS: 00007f0a9153a6c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 57.476857][ T5053] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.483435][ T5053] CR2: 00007f0a8a119000 CR3: 00000000271f3000 CR4: 00000000003506e0 [ 57.491388][ T5053] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.499401][ T5053] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.507465][ T5053] Kernel panic - not syncing: Fatal exception [ 57.513628][ T5053] Kernel Offset: disabled [ 57.518034][ T5053] Rebooting in 86400 seconds..